Skip to content ↓ | Skip to navigation ↓

From phishing attacks to ransomware to malicious advertisements, fraudster’s methods for obtaining and exploiting our information are varied and, for the most part, well-known among today’s avid Internet users.

Even among the less avid Internet users, security is now more of a concern than it used to be after the numerous giant hacks that have happened recently, which compromised the information of millions.

And now, with the advent of IoT devices and the shift to making just about everything we use daily “connected” and “smart,” security is becoming a real concern for the everyday consumer.

The truth is, any time a new technology or service surfaces with the intention of making our lives easier in some connected fashion, we should be concerned about how our information might get compromised. This is especially the case with services pertaining to how our hard-earned money is handled.

P2P (peer-to-peer) money transfer services are definitely no exception. In fact, they offer such a lucrative new way for fraudsters to pocket stolen cash that anyone who’s even thinking about using such a service should be seriously in tune with the risks they present.

What are peer-to-peer money transfer services?

While the way different P2P money transfer services actually work can vary, the basic concept is the same across services: make it super easy for one person to transfer cash to another. The purpose of P2P services is to take the well-known hassle out of money transfers and allow people to transfer cash easily and cheaply.

Long gone are the days of bank transfer fees and the need to dig up bank account numbers and routing codes; some P2P services require little more than the transfer recipient’s email address and phone number to complete a transfer.

Of course, in order for P2P money transfers to work, the sender’s and recipient’s P2P account needs to be linked to a bank or credit card account. And that’s where fraudsters come in.

How do fraudsters exploit P2P money transfer services?

As you may have guessed, fraudsters find P2P money transfer services extremely lucrative.

One reason is that they enable fraudsters to move money from a compromised bank account to a “mule” account, or a recipient account that the fraudster controls.

It comes to no surprise (at least to us) that there are already a number of tutorials in the underground that reveal how a fraudster should use P2P money transfer services to extract money from compromised bank accounts or credit cards.

In addition to stealing money directly from compromised accounts, P2P money transfer services also assist fraudsters with money laundering. How? By using these services to move fraudulent funds from a mule account to another account, creating a harder-to-trace chain of money transfers until the stolen funds end up in the fraudster’s hands, already laundered.

As with many other aspects of cybercrime, fraudsters keep tabs on which banks, credit card providers and money transfer services work well together.

They’d opt to commit scams involving banks that don’t send alerts to their customers when P2P money transfer services are linked to their accounts rather than attempting an operation involving banks that do.

Today, a bank’s readiness to work with P2P money transfer services is so important that it actually affects the supply and demand of certain compromised bank accounts in the underground economy.

For example, one of the largest American banks was considered a very easy bank to work with when it came to linking its accounts to P2P money transfer services that fraudsters heavily targeted the bank’s customers in order to compromise their accounts.

What’s the key takeaway here? As fraudsters attempt to exploit peer-to-peer money transfer services, you should beware should you ever come across any suspicious activity associated with your P2P account or bank or credit card accounts.

If you receive a notification or see any indication that your account or card has been linked to such a service and you didn’t initiate this yourself, contact your bank or issuer immediately.


Omri Toppol picAbout the Author: Omri is CMO at LogDog. He is passionate about technology, digital marketing and helping online users to stay safe and secure.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

Title image courtesy of ShutterStock