One of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. Here’s a closer look at the Russia-based SWAT USA Drop Service, which currently employs more than 1,200 people across the United States who are knowingly or unwittingly involved in reshipping expensive consumer goods purchased with stolen credit cards.

Among the most common ways that thieves extract cash from stolen credit card accounts is through purchasing pricey consumer goods online and reselling them on the black market. Most online retailers grew wise to these scams years ago and stopped shipping to regions of the world most frequently associated with credit card fraud, including Eastern Europe, North Africa, and Russia.

But such restrictions have created a burgeoning underground market for reshipping scams, which rely on willing or unwitting residents in the United States and Europe to receive stolen goods and relay them to crooks living in the embargoed areas.

Services like SWAT are known as “Drops for stuff” on cybercrime forums. The “drops” are people who have responded to work-at-home package reshipping jobs advertised on craigslist.com and job search sites. Most reshipping scams promise employees a monthly salary and even cash bonuses. In reality, the crooks in charge almost always stop communicating with drops just before the first payday, usually about a month after the drop ships their first package.

The packages arrive with prepaid shipping labels that are paid for with stolen credit card numbers, or with hijacked online accounts at FedEx and the US Postal Service. Drops are responsible for inspecting and verifying the contents of shipments, attaching the correct shipping label to each package, and sending them off via the appropriate shipping company.

SWAT takes a percentage cut (up to 50 percent) where “stuffers” — thieves armed with stolen credit card numbers — pay a portion of each product’s retail value to SWAT as the reshipping fee. The stuffers use stolen cards to purchase high-value products from merchants and have the merchants ship the items to the drops’ address. Once the drops receive and successfully reship the stolen packages, the stuffers then sell the products on the local black market.

The SWAT drop service has been around in various names and under different ownership for almost a decade. But in early October 2023, SWAT’s current co-owner — a Russian-speaking individual who uses the handle “Fearlless” — took to his favorite cybercrime forum to lodge a formal complaint against the owner of a competing reshipping service, alleging his rival had hacked SWAT and was trying to poach his stuffers and reshippers by emailing them directly.

Milwaukee-based security firm Hold Security shared recent screenshots of a working SWAT stuffer’s user panel, and those images show that SWAT currently lists more than 1,200 drops in the United States that are available for stuffers to rent. The contact information for Kareem, a young man from Maryland, was listed as an active drop. Contacted by KrebsOnSecurity, Kareem agreed to speak on condition that his full name not be used in this story.

Kareem said he’d been hired via an online job board to reship packages on behalf of a company calling itself CTSI, and that he’s been receiving and reshipping iPads and Apple watches for several weeks now. Kareem was less than thrilled to learn he would probably not be getting his salary on the promised payday, which was coming up in a few days.

Kareem said he was instructed to create an account at a website called portal-ctsi[.]com, where each day he was expected to log in and check for new messages about pending shipments. Anyone can sign up at this website as a potential reshipping mule, although doing so requires applicants to share a great deal of personal and financial information, as well as copies of an ID or passport matching the supplied name.

On a suspicion that the login page for portal-ctsi[.]com might be a custom coding job, KrebsOnSecurity selected “view source” from the homepage to expose the site’s HTML code. Grabbing a snippet of that code (e.g., “smarty/default/jui/js/jquery-ui-1.9.2.min.js”) and searching on it at publicwww.com reveals more than four dozen other websites running the same login panel. And all of those appear to be geared toward either stuffers or drops.

In fact, more than half of the domains that use this same login panel actually include the word “stuffer” in the login URL, according to publicwww. Each of the domains below that end in “/user/login.php” are sites for active and prospective drops, and each corresponds to a unique fake company that is responsible for managing its own stable of drops:

lvlup-store[.]com/stuffer/login.php
personalsp[.]com/user/login.php
destaf[.]com/stuffer/login.php
jaderaplus[.]com/stuffer/login.php
33cow[.]com/stuffer/login.php
panelka[.]net/stuffer/login.php
aaservice[.]net/stuffer/login.php
re-shipping[.]ru/stuffer/login.php
bashar[.]cc/stuffer/login.php
marketingyoursmall[.]biz/stuffer/login.php
hovard[.]xyz/stuffer/login.php
pullback[.]xyz/stuffer/login.php
telollevoexpress[.]com/stuffer/login.php
postme[.]today/stuffer/login.php
wint-job[.]com/stuffer/login.php
squadup[.]club/stuffer/login.php
mmmpack[.]pro/stuffer/login.php
yoursmartpanel[.]com/user/login.php
opt257[.]org/user/login.php
touchpad[.]online/stuffer/login.php
peresyloff[.]top/stuffer/login.php
ruzke[.]vodka/stuffer/login.php
staf-manager[.]net/stuffer/login.php
data-job[.]club/stuffer/login.php
logistics-services[.]org/user/login.php
swatship[.]club/stuffer/login.php
logistikmanager[.]online/user/login.php
endorphine[.]world/stuffer/login.php
burbon[.]club/stuffer/login.php
bigdropproject[.]com/stuffer/login.php
jobspaket[.]net/user/login.php
yourcontrolboard[.]com/stuffer/login.php
packmania[.]online/stuffer/login.php
shopping-bro[.]com/stuffer/login.php
dash-redtag[.]com/user/login.php
mnger[.]net/stuffer/login.php
begg[.]work/stuffer/login.php
dashboard-lime[.]com/user/login.php
control-logistic[.]xyz/user/login.php
povetru[.]biz/stuffer/login.php
dash-nitrologistics[.]com/user/login.php
cbpanel[.]top/stuffer/login.php
hrparidise[.]pro/stuffer/login.php
d-cctv[.]top/user/login.php
versandproject[.]com/user/login.php
packitdash[.]com/user/login.php
avissanti-dash[.]com/user/login.php
e-host[.]life/user/login.php
pacmania[.]club/stuffer/login.php

Why so many websites? In practice, all drops are cut loose within approximately 30 days of their first shipment — just before the promised paycheck is due. Because of this constant churn, each stuff shop operator must be constantly recruiting new drops. Also, with this distributed setup, even if one reshipping operation gets shut down (or exposed online), the rest can keep on pumping out dozens of packages a day.

A 2015 academic study (PDF) on criminal reshipping services found the average financial hit from a reshipping scheme per cardholder was $1,156.93. That study looked into the financial operations of several reshipping schemes, and estimated that approximately 1.6 million credit and debit cards are used to commit at least $1.8 billion in reshipping fraud each year.

It’s not hard to see how reshipping can be a profitable enterprise for card crooks. For example, a stuffer buys a stolen payment card off the black market for $10, and uses that card to purchase more than $1,100 worth of goods. After the reshipping service takes its cut (~$550), and the stuffer pays for his reshipping label (~$100), the stuffer receives the stolen goods and sells them on the black market in Russia for $1,400. He has just turned a $10 investment into more than $700. Rinse, wash, and repeat.

The breach at SWAT exposed not only the nicknames and contact information for all of its stuffers and drops, but also the group’s monthly earnings and payouts. SWAT apparently kept its books in a publicly accessible Google Sheets document, and that document reveals Fearlless and his business partner each routinely made more than $100,000 every month operating their various reshipping businesses.

The exposed SWAT financial records show this crime group has tens of thousands of dollars worth of expenses each month, including payments for the following recurring costs:

-advertising the service on crime forums and via spam;
-people hired to re-route packages, usually by voice over the phone;
-third-party services that sell hacked/stolen USPS/Fedex labels;
-“drops test” services, contractors who will test the honesty of drops by sending them fake jewelry;
-“documents,” e.g. sending drops to physically pick up legal documents for new phony front companies.

The spreadsheet also included the cryptocurrency account numbers that were to be credited each month with SWAT’s earnings. Unsurprisingly, a review of the blockchain activity tied to the bitcoin addresses listed in that document shows that many of them have a deep association with cybercrime, including ransomware activity and transactions at darknet sites that peddle stolen credit cards and residential proxy services.

The information leaked from SWAT also has exposed the real-life identity and financial dealings of its principal owner — Fearlless, a.k.a. “SwatVerified.” We’ll hear more about Fearlless in Part II of this story. Stay tuned.

Read More

Deep Instinct said MuddyWater leveraged a new file-sharing service called “Storyblok”

Read More

Kaspersky said that between October 5 and 31 alone, it intercepted over 340,000 attacks

Read More

This is the first in a series of three articles covering digital wellness programs in the workplace. Here we take a broad look at today’s online trends — and reveal why digital wellness is now just as vital as physical, mental, and financial wellness programs. 

What once got done in person, now gets done online. And at historic levels. There’s no question that the pandemic transformed face-to-face interactions into face-to-screen interactions. Not to mention that it ushered in the advent of remote work on a massive scale. Yet even with the pandemic behind us and people largely returning to their places of work, that transformation remains squarely in place.  

Today, we conduct more of our lives online than ever before. That makes protecting life online more important than ever before.  

Yet in a time of data breaches, identity theft, and online scams of all stripes, online protection can seem complicated. That’s why employees welcome digital wellness as a benefit. It can help them fix weak spots in their security, protect their privacy, and put them in control of their personal data.  

Simply put, employees welcome the help. 

Our research with Statista found that 54% of employees worldwide said that online protection is an important or very important benefit. That should come as no surprise, particularly as we take care of increasingly important things online.  

The internet? We’re more reliant on it than ever. 

What does that look like?  

First, we can look at how we bank and shop online. Projections estimate that more than 3.5 billion people worldwide will bank online by 2024, driven in large part by online-only banks. Global e-commerce sales continue to climb with revenues topping more than $5.7 trillion in U.S. dollars. That growth continues at an estimated compound annual growth rate (CAGR) of 11.34%. 

And that’s just for starters. 

Increasingly, we track our health and wellness with connected devices too — like workouts on our phones and biometrics on wearable devices. Worldwide, people own more than a billion wearable connected devices. Taking that a step further, we visit the doctor online now as well. The old-fashioned house call has become the modern-day Zoom call. Our recent research found that 75% of people surveyed in early 2023 said they’ve used telehealth services in the past year. 

In all, we trust the internet with some of our most important tasks. We even trust our homes to it. More than 300 million households run their day with the assistance of smart devices, like smart speakers, smart appliances, and smart deadbolt locks. 

Finally, we can point to the complicated factor of remote and hybrid work. Our joint research with HR.com found that 98% of organizations surveyed have at least one or more employees who work remotely. Additional research cited by Forbes indicates that nearly 13% of full-time employees work remotely, while more than 28% work in a hybrid model. As a result, work devices inevitably get used for some personal purposes — just as personal devices get used for some professional purposes.  

That adds up to an average of nearly seven hours a day spent online.  

It’s little wonder that so many companies continue to show growing interest in digital wellness programs. People find themselves exposed to plenty of risk as they conduct personal business and professional business across the devices they use throughout the day.  

However, what makes up digital wellness and what it offers remains loosely defined. 

The advent of digital wellness in the workplace 

Where do digital wellness programs stand in the workplace today? They share much with the state of financial wellness programs about ten years ago. 

At the time, financial wellness was largely unknown. Further, companies were unsure if or how it played a part underneath the umbrella of “wellbeing.” Then changes came along. People saw how financial activities and planning can have a major impact on a person’s quality of life. Today, financial wellness is just as concrete as physical and mental wellness as benefits in the workplace. 

Digital wellness now finds itself in the same evolution cycle that financial wellness entered a decade ago. It’s a concrete pillar underneath “wellbeing” much for the same reasons financial wellness is. Digital wellness reduces stress from loss or the unknown and enables richer, safer, and happier lives. 

With that, today’s threats have evolved as well. While viruses and malware remain a problem, today’s bad actors are out for bigger games. Like stealing personal and financial info for identity theft. Or grifting detailed info from data brokers who compile and sell data linked to millions of people — with up to thousands of entries for each person. 

We’ve also seen the onset of artificial intelligence (AI) in attacks. Fraudsters have used AI as the capstone of convincing voice, image, and video scams. Hackers now generate malware code using AI tools as well. Combine that with the multitude of ways people spend their time online, it’s clear why today’s online crooks tamper with people’s data, privacy, and identity at unprecedented rates.  

HR professionals at organizations are aware of this. Given this climate, 55% of HR professionals said they provide it as part of their organization’s core benefits offerings. Another 36% say it’s part of their organization’s voluntary benefits offerings. Yet their offerings vary greatly. 

Our research respondents said that they have five different digital wellness initiatives on average. Yet we found little consistency between them. Only 60% of respondents provided the same initiatives. The top responses: antivirus software, personal data cleanup, protection for work devices, and instruction on digital best practices. This illustrates that digital wellness programs are indeed in those early stages of development.  

What does digital wellness truly entail? 

Digital wellness protects the person. This definition provides the basis for any comprehensive digital wellness offering. 

More than offering antivirus or a VPN as a benefit, digital wellness protects the lives that employees live online. It helps prevent the things that can absolutely upend a person’s life online, like hacks, malware attacks, and online scams. And if someone falls victim to a data breach or identity theft, it provides a clear path forward with restorative measures. 

People simply want to enjoy their time online without worrying about the risks. Yet if not looked after, gaps in their digital wellness can drive huge financial and mental stresses. For example, consider how identity theft steals more than money. It steals time, robbing a victim of their focus on other parts of their home and work lives as they struggle to recover. 

As such, a digital wellness program that provides preventative and restorative measures. Often with comprehensive online protection like ours as a cornerstone offering.  

Yet we can extend the definition further. It can also entail a healthy relationship with the internet. Balancing time spent there with other aspects of life, which can help relieve stress and burnout as well. Respondents in our HR.com research found this aspect of digital wellness appealing. Nearly half said that establishing a healthy relationship with technology is a key aspect of digital wellness — recognizing that this requires ongoing education. 

Building your digital wellness program 

Certainly, a comprehensive and successful digital wellness program protects the whole person, not just their devices.  

For organizations that want to create this kind of digital wellness program, we offer up this series of articles. Our aim is to load you up with insights that can make the business case for putting one in place. You’ll see how employers and employees agree there’s a real need for it — and that everyone stands to benefit. 

Look for our next article in the series. 

Want to learn more? Visit us at https://www.mcafee.com/en-us/resources/digital-wellness.html or reach out to EmployeeBenefits@mcafee.com. 

The post The Benefits of Protection – The Case for Digital Wellness in the Workplace appeared first on McAfee Blog.

Read More