Following on from the first chapter of our investigation into scammers who scam scammers, we turn to the variety of scams on criminal marketplaces – which range from crude ‘rip-and-runs’ to sophisticated, long-term efforts.
Rip-and-run
One of the most common scams, a ‘rip-and-run’ can work in two ways: A buyer receives goods but doesn’t pay for them, or a seller receives payment but doesn’t deliver. That’s the ‘rip.’ The ‘run’ part means that the scammer goes dark, refusing to answer messages or disappearing from the forum altogether.
Rip-and-runs usually involve small amounts, but there are exceptions.
Figure 1: A simple example of a rip-and-run scam on BreachForums, involving $200 USD
Figure 2: A higher-value rip-and-run on Exploit, for $1500
There’s not much arbitrators can do about rip-and-runs; they usually ban the scammer, but it doesn’t have much impact as the scammer is long gone. From the scammer’s perspective, they lose their profile (and any associated reputation points), so they’ll have to start from scratch if they want to run the scam again.
Figure 3: An example of a scammer apparently creating a new profile to commit further rip-and-run scams
Fake leaks and tools
A scam that embodies the warning caveat emptor, this attack can take various forms, although it’s especially common with database trades. A scammer offers a database for sale, which is actually publicly available or previously leaked.
Figure 4: A BreachForums scam report…
