Thursday, August 22, 2013

Vendor of Scanned Fake IDs, Credit Cards and Utility Bills Targets the French Market Segment

Continuing the series of blog posts detailing the very latest efficiency/quality/scalability/universal business concepts oriented underground market propositions for fake IDs, credit cards and utility bills, in this post I'll discuss an example of market segmentation in terms of supplying them, through an ad targeting potential cybercriminals based in France, or international cybercriminals wanting to enter the French market.

Catch up with previous research on the topic:

What's so special about this underground market proposition, anyway? It's the market segmentation taking place through the eyes of the vendor, as well as the diversity of scanned .PSD Photoshop templates, the non-modifiable scanned documents, and the actual availability of physical fake IDs, all of them exclusively targeting the French market segment.

Sample screenshot of the advertisement:
There are several types of vendors contributing to the currently mature state of the market for fake IDs/documents, or to the cybercrime ecosystem in general. Let's discuss the most popular types of market players.

Among the rarest type of such vendors is the experienced one who tends not to advertise at public or commercially accessible cybercrime-friendly communities. Although it would seem fairly logical to assume that the applied OPSEC (Operational Security) would be directly proportional with the decrease in processed orders since it would limit the visibility of his services within the cybercrime ecosystem, that's not necessarily the case when quality, experience, sophisticated, and, of course, high profit margins based on perceived value come into play. In between the lack of mass advertisements, the vendor would also not list his contact details, and would only do business with cybercriminals with proven reputation within not just the community in question, but also, across the entire ecosystem.

Next are those vendors who'd sacrifice OPSEC, for the sake of reaching as many customers as possible in an attempt to monetize this market 'touch point' with other prospective cybercriminals. They advertise on public and on commercially accessible cybercrime-friendly communities, usually have a decent reputation, with generally positive feedback from their customers, and of course, never fail to 'deliver' what they pitch.

There's yet another type of such vendors, worth discussing. It's those who 'populate' a newly launched community with their propositions, and most often target novice cybercriminals with zero understanding of cybercrime ecosystem reputation dynamics, who are still looking to purchase this desired, but largely commoditized underground market good.

With more vendors of fake IDs/documents popping up across the entire ecosystem, the series of blog posts profiling their activities, are prone to expand.

This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.