Digital Trust & Safety Roundup: Crypto scams, policy abuse, and deep web dangers

Fall is officially here, and so is another season of fraud. In the below news roundup, Sift’s Trust and Safety Architects share their insights on existing and emerging fraud trends and tips for effective risk prevention. Read on for a refresher on the ‘Pig Butchering’ scam, learn how policy abuse threatens business, and explore emerging dangers lurking on the deep web.

Prepare for complex crypto scams

Crypto scams can cause long-term damage to both consumers and companies alike. Jane Lee, Trust and Safety Architect at Sift, joined the Merchant Fraud Journal’s ‘To Catch a Fraudster’ podcast as well as CyberWire’s Hacking Humans podcast to discuss her work going undercover to reveal the insidious scam called ‘Pig Butchering,’ which combines romance and fake crypto exchanges to con unsuspecting victims out of their money.

“Businesses need to do their due diligence to match the technological advances of the fraudsters,” says Lee, noting the lengths fraudsters will go to swindle their targets. 

To hear more, listen to the full Merchant Fraud Journal podcast and Cyberwire’s Hacking Humans podcast.

Don’t ignore policy abuse

As online companies expand and grow, trust and safety teams are increasingly faced with threats that go beyond fraudulent orders and chargebacks. Known as ‘policy abuse,’ these can include promo abuse, new sign-up bonus abuse, refund abuse, and referral/affiliate abuse.

Kevin Lee, VP of Trust and Safety at Sift, outlines how this type of abuse works and why companies should pay attention to it, as well as strategies to combat these threats. Read more in our latest blog.

Stay ahead of deep web schemes

Jeff Sakasegawa, Trust and Safety Architect at Sift, presented at this month’s Merchant Advisory Group’s Annual Conference and Tech Forum, where he discussed the rise of fraudulent activity on the deep web. The deep web has turned into a safe haven for fraudsters looking to hide in plain sight; being a part of the internet that cannot be accessed by conventional search and can only be accessed through login credentials. 

The deep web allows fraudsters to sell and trade user information often obtained through phishing, smishing, or other fraudulent tactics, which means consumers must be on high alert.

“Any open text field is an invitation for fraud,” said Sakasegawa. “Any message or post you can receive can easily 1) include a phishing link 2) link to malware 3) request for money.” 

Not only a consumer problem, Sakasegawa also emphasized the damage this type of activity can do to companies, if not addressed, from negative PR, reduced customer engagement, and even legal issues.

To learn more about how fraudsters thrive on the deep web, listen to our webinar, ‘A Day in the Life of a Deep Web Fraudster.’

Discover the inner workings of a new cashout scam

Fraudsters are always evolving and improving on existing scams and tactics, finding new loopholes and security gaps to exploit. Sift’s Trust and Safety Architects recently uncovered a new version of the classic cashout scam (whereby fraudsters drain consumers’ cash or points), this time targeting bank accounts and crypto wallets. The deep web facilitates the scam, where fraudsters work together to funnel money from hacked bank accounts and crypto wallets. Capitalizing on crypto’s current downturn and consumers infrequently checking their accounts, this new type of cashout scam is just one among many examples of accelerating account takeover (ATO) fraud uncovered in Sift’s latest quarterly report. 

“Account takeover attacks are proving to be a primary attack method among fraudsters in our challenging economic environment,” said Brittany Allen, Trust and Safety Architect at Sift. “Adding insult to injury, cybercriminals are leveraging automation via bots and scripts to launch ATO attacks at scale, often forcing businesses to choose between introducing excessive friction in their user experience or being consumed by fraud.”

Explore how the cashout scam works in detail on Sift’s Fraud Intelligence Center.