After stumbling upon a surface website mimicking the real criminal underground site Genesis, Sophos researchers further uncovered the 20 fake marketplaces dating back to August 2021. All of the fake sites appeared to be run by a scammer who uses the handle “waltcranston,” a likely riff on the television show “Breaking Bad.”
“While investigating this huge sub-economy of scammers scamming other scammers, we examined about 600 scams of varying types. Out of all the scams investigated, this operation stood out for its sheer scope and intricacy. The scammer advertises the fake marketplaces on Reddit and replicates not just Genesis, which was the first scam site we ran across, but numerous other prominent or defunct marketplaces, such as Benumb, UniCC, and PoisOn. While at a technical level these scam sites are not sophisticated, the scam operation has been highly successful. In fact, seven of these fake sites are still active, and, to date, the cryptocurrency wallets associated with the scams have received at least $132,000,” said Matt Wixey, senior threat researcher, Sophos.
All 20 of the fake sites followed a similar scheme. Criminals were offered a chance to activate an account on the fraudulent version of a dark web marketplace with $100. The criminals expected their $100 would be deposited in either Bitcoin or Monero, and they would receive activation credentials. However, as part of the scam, once the criminals paid, their account would never activate.
Sophos X-Ops: The deposit demand from the fake Genesis site
One common denominator among the 20 fake sites was a link to a website called darknet[.]markets—a site that lists dark web criminal marketplaces for visitors interested in drugs sales, carding, and cryptocurrency exchanges. This site ultimately led Sophos to a criminal forum called Café Dread—and a user going by the name of waltcranston.
Sophos X-Ops: A post on Dread Café by waltcranston (now deleted)
“We started searching Dread for any mentions of the marketplaces mentioned on the darknet[.]markets, and we found multiple posts by the handle waltcranston talking about dark web marketplaces, as well as discussing how to scam people and recommending other users set up phishing sites. His own website, which sells meth, also shared some similarities with the fake marketplaces. We even found posts by Dread users who fell for the scam websites, and accusations by a Dread user that waltcranston was the culprit behind the scheme.
While we can’t be 100% certain that those behind the handle waltcranston is indeed the culprit, there is strong circumstantial evidence. The entire operation and our investigation is an example of how much rich intelligence there is about cybercriminals hidden in these scams against other scammers, which the security community can leverage to help develop stronger defenses,” said Wixey.
Read more about these 20 fake marketplaces in Scammers Scamming Scammers Part 3 on Sophos.com.
Learn More About
ENABLE HYBRID CLOUD & REDUCE NETWORK LATENCY WHITEPAPER
Hybrid cloud promises to bring together the best of both worlds enabling businesses to combine the scalability and cost-effectiveness of the cloud with the performance and control that you can get from your on-premise infrastructure.
Reducing WAN latency is one of the biggest issues with hybrid cloud performance. Taking advantage of compression and data deduplication can reduce your network latency.
Research firm, Markets and Markets, predicted that the hybrid cloud market size is expected to grow from US$38.27 billion in 2017 to US$97.64 billion by 2023.
Colocation facilities provide many of the benefits of having your servers in the cloud while still maintaining physical control of your systems.
Cloud adjacency provided by colocation facilities can enable you to leverage their low latency high bandwidth connections to the cloud as well as providing a solid connection back to your on-premises corporate network.
Download this white paper to find out what you need to know about enabling the hybrid cloud in your organisation.
PROMOTE YOUR WEBINAR ON ITWIRE
It’s all about Webinars.
Marketing budgets are now focused on Webinars combined with Lead Generation.
If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.
The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.
Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.
We look forward to discussing your campaign goals with you. Please click the button below.
MORE INFO HERE!