Digital doppelgangers for sale to defeat anti-fraud tech

Tens of thousands of digital doppelgangers to bypass financial anti-fraud systems are being traded online, according to researchers at security firm Kaspersky Lab.

A study by Juniper Research estimates that losses from online payment frauds will reach $43bn by 2023, up from $22bn in 2018, making anti-fraud and cyber security measures a top concern for the industry, the researchers note in a blog post.

“And this is not surprising – every day cyber criminals develop new methods and tools to bypass anti-fraud protection systems, they develop malware to help them in their activities, create services and stores, discuss ways to defeat protection mechanisms on dark net forums and channels,” they said, warning that financial cyber crime schemes have evolved and become more dangerous than ever.

An investigation into a dark web marketplace called Genesis uncovered more than 60,000 stolen and legitimate digital identities, making successful credit card fraud that much easier to conduct.

The marketplace is aimed at enabling the abuse of machine learning-based anti-fraud approach of “digital masks” or trusted customer profiles based on known device and behaviour characteristics.

This technology matches anyone entering their financial, payment and personal information in an online transaction against digital masks.

These masks are unique to each user and combine the fingerprints of devices and browsers commonly used to make payments or bank online with advanced analytics and machine learning that analyses things like an individual user’s cookies and behaviour.

This approach is designed to enable financial organisations’ anti-fraud teams to determine whether it is a legitimate user entering their credentials or a cyber criminal trying to buy goods using a stolen card.

However, the Kaspersky Lab researchers warn that the digital mask can be copied or created from scratch. They found that cyber criminals are actively using such digital doppelgangers to bypass advanced anti-fraud measures.

Stolen digital masks and user accounts were available for purchase on the Genesis market from as little as $5 up to $200.

Customers of such dark web marketplaces simply buy previously stolen digital masks together with stolen logins and passwords to online shops and payment services, and then launch them through a browser and proxy connection to mimic real user activity, the researchers said.

If cyber criminals have the legitimate user’s account credentials, the attacker can then access their online accounts or make new, trusted transactions in their name.

“We see a clear trend of carding fraud increasing around the world,” said Sergey Lozhkin, security researcher at Kaspersky Lab. “While the industry invests heavily in anti-fraud measures, digital doppelgangers are hard to catch.”