Cybercrime service automates creation of fake scanned IDs, other identity verification documents

The service produces high-quality fake scans that can be used in fraud attacks to impersonate victims, Group-IB researchers said

A new Web-based service for cybercriminals automates the creation of fake scanned documents that can help fraudsters bypass the identity verification processes used by some banks, e-commerce businesses and other online services providers, according to researchers from Russian cybercrime investigations firm Group-IB.

The service can generate scanned copies of passports, ID cards and driver's licenses from different countries for identities supplied by the service users, fake scanned utility bills from various companies, as well as fake scanned copies of banking statements and credit cards issued by a large number of banks, said Andrey Komarov, head of international projects at Group-IB, via email.

It is common practice for banks, payment and money transfer providers, online gambling sites and other types of businesses that engage in money transactions via the Internet to ask their customers for scanned copies of documents in order to prove their identities or verify their physical addresses, especially when their anti-fraud departments detect suspicious account activity.

Using image manipulation software to change the photo, name and other details on a scanned ID is obviously not a new practice, but services like the one identified by Group-IB that automate the whole process and produce high-quality results are new on the cybercriminal market, Komarov said.

According to Group-IB, the service is provided through a website hosted on a server in Germany. The domain name was registered in May, but the service was launched in mid-August, Komarov said.

Independent cybercrime researcher Dancho Danchev described a very similar service in a July blog post; however, Komarov could not confirm whether it is the same one because there was no reference to the service's domain name in Danchev's report.

The service found by Group-IB has templates for passports, ID cards and driver's licences for the U.S., Canada, Russia, the U.K., Germany, the Netherlands and other European Union countries. It also has templates for bank statements, credit cards -- front and back -- and utility bills from banks and utility companies operating in those countries.

The templates are for documents and cards that show signs of use and are scanned at different angles and different positions on the canvas. This makes the resulting image appear more authentic.

Using the service, a cybercriminal can get their desired counterfeit scanned document in JPG or PNG image format in around 40 seconds, Komarov said.

Scans of U.S. passports are the most expensive product and cost US$11 each. Other scanned documents are priced at $7.99 or $9.99 each.

Cybercriminals can pay using several online payment services and virtual currencies including WebMoney, Perfect Money, Bitcoin, Paymer and a new payment service called papogo.com that caters to the black market, Komarov said.

Some companies that use scanned documents for identity verification have specialized systems and tools that can detect image modifications, Kamarov said. When there is suspicion about the authenticity of a scan, the anti-fraud teams will request images with better quality to verify that they are really created by the user, he said.

However, sometimes companies don't have the resources to perform detailed checks of incoming scans and criminals are exploiting this, Komarov said.

Join the CSO newsletter!

Error: Please check your email address.

Tags Group-IBsecurityIdentity fraud / theftfraud

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lucian Constantin

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place