Reimbursement for Fraud-as-a-Service advertisements on hacker forums increases by 60%

The continued evolution of cybercrime towards a service-oriented economy has enabled several new professionalized hacking services, with Fraud Reimbursement as a Service being one of the latest to gain popularity in recent years. That’s according to the latest threat report from Netacea, which studied rising trends across a host of hacking forums.

Refund fraud is the abuse of refund policies for financial gain and costs e-commerce businesses over $25 billion each year. Those interested in committing reimbursement fraud can outsource the process to professional social engineers who offer reimbursement as a service. This poses a significant challenge for retailers, as previously legitimate customers may hire highly experienced fraudsters to perpetrate this fraud on their behalf, making it difficult to identify fraudulent activity. As online shopping continues its upward trend, professional fraudsters will be looking to take advantage of this opportunity. Netacea’s research also revealed:

  • More than 540 new reimbursement fraud service announcements were identified in the first three quarters of 2022
  • Refund fraud services increased by nearly 150% between 2019 and 2021

Netacea’s report explores the current structure of the Refund-as-a-Service underground market, the evolution of tactics and methods used by adversarial groups to perform refund fraud, and how threat intelligence and fraud teams can work together to fight it effectively.

“As the rise of ransomware-as-a-service attacks shows, cybercriminals have moved to a service-based economy – and refund fraud is no exception,” said Cyril Noel-Tagoe, senior security researcher at Netacea. “As we approach Black Friday and the holiday season, e-commerce stores should take the necessary steps to reduce their risk of refund fraud, including educating employees on the methods and tactics used by fraudsters. “

Additional steps include:

  1. Carriers should replace or supplement signatures with one-time passwords to prevent fraudsters from claiming packages haven’t arrived.
  2. E-commerce stores and carriers should work together to look for patterns in their datasets that could indicate fraudulent activity.
  3. Reputation is power in the underground market. In the event that an e-commerce store identifies the claim as fraudulent after a refund payment has been made, the store must re-invoice the customer’s account. An influx of chargeback complaints from customers may cause the refund fraud service to remove the retailer from its store list, to avoid negative reviews.
>>> Did you know that we print Telemedia Magazine quarterly. Free for advanced readers. Essential reading for any business that wants to engage users, monetize content, and drive sales of VAS and premium apps. Download the current issue.

Harry L. Blanchard