School for scoundrels: Now cybercrooks are learning from online courses, too

One six-week course provides wannabe cybercriminals with everything they need to get going including course notes, reading lists, and lectures.
Written by Danny Palmer, Senior Writer

If you want to learn a new skill, it's entirely possible you'll sign up to an online course. Once you've paid your fee, over a period of weeks or months, you'll take part in online lectures, webinars, discuss ideas with a teacher and other students, and ultimately walk away with the ability to do something new.

Now cybercriminals are doing the same thing. Online crooks are already offering this level of training, including through a six-week online course offering webinars, online tutorials, and support to wannabe crooks aiming to get in at the ground level of credit card fraud.

Online courses with instructions on how to become a cybercriminal aren't new, but one course examined by researchers at security company Digital Shadows reflects the level of professionalism now being adopted by online scammers and the increasing levels of skill among those who want to run scams.

Conducted in Russian -- likely pointing to where in the world it's run from and where its target audience is -- this online course promises to take a complete novice and turn them into a specialist in card fraud in six weeks through a series of online classes.

"There's lots of training courses available, but often they're not curated, they don't cost a more than a couple of dollars, if anything. Whereas this is a much more like an e-learning class you or I might take to learn something new via a commercial online learning setting," Rick Holland, VP of strategy at Digital Shadows, told ZDNet.

"It's actual webinars you can attend with live conversation and questions and answers. They have operations security components in there to protect identities, but by in large it's very similar to any e-learning course," he added.

The business-like nature of the course is reflected in how much it costs: 45,000 RUB [$750], with an additional $200 for course materials for the 20 lectures, all paid for using cryptocurrencies such as Bitcoin -- although the course promises big returns.

While card fraud might appear to be one of the most basic forms of cybercrime, the Digital Shadows report on online carding courses warns this particular type of attack is more sophisticated than ever, especially as consumers are spending more and more money online.

According to figures in the report, $24bn will be lost to payment card fraud by the end of 2018.

The course is also biased towards targeting Western countries -- where there is the most illicit profit to be had -- and those behind the course even forbid fraud against Russian targets, likely a move designed to ensure they don't anger Russian authorities.

"The barriers for cybercrime just keep getting lower. Sophisticated criminals act at a higher tier, but it just gets easier and easier for people to get it. This low barrier of entry is bad for consumers, bank for banks, bad for card brands," says Holland.

"This is just going to continue to grow, it's still going to be a big threat for retailers and financial services for some time to come."

Indeed, the programme reflects the evolving nature of this area of cybercrime; participants are encouraged to take a refresher course every six months in order to gain knowledge of the latest trends -- for a price, of course.


Editorial standards