Beneath the radar

Abstract

One of the many facets of cybercrime consists in transactions of malicious software, fraudulent information, and other potentially harmful goods and services via underground marketplaces. A portion of these goods comprises the illegal trading of consumer products such as vouchers, coupons, and loyalty program accounts that are later used to commit business fraud. Despite its well-known existence, the impact of this type of business fraud has not been analyzed in depth before. By leveraging longitudinal data from 8 major underground markets from 2011-2017, we identify, classify and quantify different types of business fraud to then analyze the characteristics of the companies who suffered from them. Moreover, we investigate factors that influence the impact of business fraud on these companies. Our results show that cybercriminals prefer selling products of well-established companies, while smaller companies appear to suffer higher revenue losses. Stolen accounts are the most transacted items, while pirated software together with loyalty programs create the heaviest revenue losses. The estimated criminal revenues are relatively low, at under $600,000 in total for the whole period; but the total revenue losses amounted to $7.5 million.