A Case Study Focused on the Montreal Fraud Ecosystem

Account takeover is a type of illegal act in which offenders gain unauthorized access to a legitimate user’s account. Online banking accounts are at higher risk of account take over than other types of online accounts due to the financial opportunities they present to offenders. Specifically, once gaining illegitimate access to a target’s bank account, an online offender can change the account setting and use a digital payment method to make a large withdrawal from the account, use the bank account to orchestrate money laundering schemes, or sell the compromised account credentials to interested parties over online underground markets.

Since access to compromised bank accounts supports a wide range of illegal activities, an illicit online supply chain has evolved around the credentials necessary to control compromised banks accounts. Specifically, once taking over bank account credentials, hackers send this info to quality testers who process, parse, check the quality and package the data. This data is then sent online to the distributors who sell it to customers. The interaction between different actors along the illicit supply chain takes place over darknet or encrypted text message platforms and can be done either publicly or privately. Darknets (also known as dark webs) are overlay networks within the Internet that can only be accessed with specific software and communication protocols. A darknet market is a commercial website that operates via anonymous networks, such as The Onion Routing (Tor) Project or the Invisible Internet Project (I2P). Like darknets, encrypted text message platforms (for example ICQ, WhatsApp, Discord and Telegram) offer a high level of encryption and, thus, protect users from identification, as well as make evidence-gathering more difficult. As such, encrypted communication platforms are increasingly employed for facilitating the trade of illicit goods in general, and online stolen data in particular.