This Week: Scams "R" Us and Police Database Mischief

Next: Dark Web Forums: the Underbelly’s Underbelly
Previous: This Week: Steep Discounts and Limited Loyalty
When all of your friends have store credit except you.
February 10, 2017

The Terbium Analyst Team is on the front-line of combatting dark web myths and legends. Whether it's a threat report, white paper, or blog post, the Analyst Team's job is to know things and speak intelligently about them. Other interests include weightlifting, chocolate, and accumulating obscure dark web trivia to amuse and confuse our co-workers.

This week a toy retailer found evidence of rewards scamming, and the government discovered that password re-use is just a hop, skip, and a jump away from a major breach. With Valentine’s Day around the corner some people are discovering a catfish instead of their future Romeo.

“R” You Scamming Me?

Toys “R” Us notified members of their Rewards “R” Us program when they discovered evidence of someone attempting to access user accounts without authorization. In an official statement, the company stated the incident appears to be related to an earlier online breach not associated with Toys “R” Us – that is, credentials leaked from a separate breach entirely.

From airlines to hotels to retailers, rewards scams can impact any retailer. Cyber criminals aim to get as much value from a set of credentials as possible, including the financial benefits tied up in rewards scams. These rewards can often be turned into store credit, which is all the more easily laundered into cold hard cash.

Another vBulletin Bites The Dust

More than 700,000 records from forum members are being sold on the dark web for the low, low price of $400. The database, which was originally stolen from the law enforcement news site in 2015, includes usernames, email addresses, dates of birth, hashed passwords, and other identifying data collected by the site.

The attacker claims to have used a known SQL exploit against PoliceOne, which was reportedly running the infamously-buggy vBulletin forum software. The site quickly pulled their forums offline after being notified of the breach.

The listing’s description notes that the 290MB of data contains “emails from NSA, DHS, FBI and other law enforcement agencies as well as other US government agencies,” which is particularly troubling.

The tendency to re-use passwords is ubiquitous and is a common method of gaining unauthorized access to other systems (see the Toys R Us issue above). But when those credentials can be used to gain access to law enforcement and government portals, the effects can be far more severe.

One more thing… Romance (Fraud) is in the Air

Don’t get catfished this Valentine’s Day. According to the BBC, online dating scams are at a record high. There were 3889 victims of “romance fraud” last year. The National Fraud Intelligence Bureau reported 3363 cases with losses falling to £25,882,339 in 2015, and a record £39 million in related fraud cases in 2016. Looks like these bachelors and bachelorettes are getting thorns instead of roses.

analysis June 24, 2019
New Research: Terbium Labs Uncovers Pervasive Links Between Fraud and Transnational Crime

Terbium Labs investigated the links between payment fraud and serious transnational crime. This research begins to fill a gap in understanding about the use of fraudulent financing in some of the most heinous crimes...

analysis April 17, 2019
Terbium Labs Investigates Dark Web Fraud Guides for an Inside Look on Cyber Crime

With our latest research, Fraud Guides 101: Dark Web Lessons on How to Defraud Companies and Exploit Data, Terbium Labs investigates dark web fraud guides to create a detailed, first-hand account of the illicit...