The Federation Marketplace: Automated Escrow Cryptocurrency-Exchange BTC Tumblr

Fraud Definitions

We are sharing some terms that you may drop in your future jobs.

1st Party Fraud

1st Party Fraud refers to any fraud committed against a financial institution or merchant by one of its own
customers.

3DS (3D Secure)

3D Secure is an authentication method designed to reduce fraud and increase security for online card
transactions. Originally sponsored by Visa under the 'Verified by Visa' brand, Mastercard and other
networks adopted the '3D Secure' protocol and offer it to merchants worldwide. The name derives from
the use of 3 domains (the acquiring bank domain, the issuing bank and an infrastructure domain) to
provide greater security to online payments, although the extra validation and related consumer friction
remains a topic of debate among merchants and security experts.

3rd Party Fraud

Refers to any fraud committed against a financial institution or merchant by an unrelated or unknown
third-party.

419 Fraud

419 Fraud is a type of advance-fee fraud in which individuals or companies receive unsolicited emails or
letters promising a percentage of a large sum of money in return for allowing funds to pass through the
client's bank account. Also referred to as 'Nigerian Letter Fraud, these schemes often originate from West
Africa and is named after section '419' of the Nigerian penal code under which this offence would be
prosecuted.

What is 3rd Party Fraud?

Refers to any fraud committed against a financial institution or merchant by an unrelated or unknown
third-party.

While there are many different kinds of fraud, there are 3 primary classifications, which are listed below. A
most common instance is third party fraud. It occurs to clients as if out of the blue and often comes with a
large economic impact.

Differentiation

1st Party Fraud refers to any fraud committed against a financial institution or merchant by one of its own
customers.

Second party fraud, or money mules, is where a person allows another to use their identity or personal
information to perform fraud. Businesses may find second party fraud difficult to detect and challenge
since the identity of the person that is used to carry out fraud has largely allowed it to take place.

Fraudology Handbook Series 101 Doc's, Tutorials, Scamily University

 The Federation Marketplace: Automated Escrow Cryptocurrency-Exchange BTC Tumblr

3rd Party Fraud refers to any fraud committed against a financial institution or merchant by an unrelated
or unknown third-party, and has a multitude of classifications.

Account takeover fraud (ATO)

This is form of identity theft in which a criminal gains control of a consumer 鈥檚 account. In doing so, the
perpetrator gains access to confidential information such as the consumer PIN. This enables them to
change account settings, such as addresses or passwords, and can even allow unauthorized withdrawals.

ATO can involve one or many of a client accounts. This includes bank, brokerage, phone, utility, social
media, travel or online shopping accounts. Financial account takeover usually removing funds from client
鈥檚 accounts. This is done either by direct debit, payments or transfers being set up for fraud without the
client 鈥檚 knowledge or consent.

Synthetic Identity Creation

Represents the process of creating a false identity. Synthetic Identity Creation (SIC) is a generic term.
Consequently, it shows how fraudsters collect information about real people and manipulate their
identities. With false and fabricated information, a new identity is assigned to no actual real-life person. A
great deal of fraud stems from this process.

False Identity Fraud

A situation where a person creates a fake identity to commit criminal activities. Actions that are examples
of identity fraud are making a credit card, submitting for a loan, or opening bank accounts.

Credit Card Fraud

Refers generally to any fraudulent transaction using a credit card as a source of funds. Credit card fraud
may occur simultaneously with identity theft, but can also occur when a legitimate consumer makes a
purchase with no intention of paying for the goods or services, sometimes referred to as chargeback fraud
or friendly fraud.

New Application Fraud

In which a perpetrator applies for a credit card in a clients name, then uses the card to purchase goods
and services illegally.

Acquirer (Acquiring Bank)

The Acquiring Bank, also known as the merchant acquirer or the merchant bank, is the bank that is
responsible for settling credit and debit card transactions on behalf of the merchant. Its counterpart is the
issuing bank which settles card transactions for the purchaser or card holder. Acquirers enable merchants
to accept credit cards, often provide merchants with necessary hardware and software to accept card
transactions, and for their role in the card payment process, receive an acquirer fee or markup in addition
to the interchange and other fees in a credit card and debit card payment.

Fraudology Handbook Series 101 Doc's, Tutorials, Scamily University

 The Federation Marketplace: Automated Escrow Cryptocurrency-Exchange BTC Tumblr

Active Authentication

Active Authentication is a security and authentication method in which the user is challenged with
questions about what he/she knows (knowledge-based), has (possession-based) or is (biometric-based).

Advance-Fee Fraud

Advance-Fee Fraud is a common fraud scheme generally involving a criminal tricking a client into paying an
up-front fee with the promise of a larger reward paid out later.

Arbers

In the world of online betting and gambling, an arber is a person who takes advantage of discrepancies in
gambling sites odds, so as to ensure that no matter what party wins a contest (i.e. a race), the arber will
always win money/cannot lose money. An arber essentially takes advantage of situations where it is
mathematically guaranteed they will win money by betting on every single contender of a contest.

AVS (Address Verification System)

AVS or Address Verification System is a payment processing system comparison of the numerical portions
of billing and shipping addresses with the addresses on file at the credit card-issuing bank. A single-digit
code is returned that represents a match, a partial match, or a number of errors or alerts. The original
concept contemplated that the transaction could then be subsequently approved, declined or set aside for
manual review. AVS is one of only a few metrics provided to merchants by the issuing banks to assist in the
merchants' risk assessment, but AVS responses are also one of the biggest reasons legitimate orders are
declined.

B2B (Business-to-Business)

B2B or Business-to-Business refers to a business that sells products or provides services to other
businesses.

B2C (Business-to-Consumer)

B2C or Business-to-Consumer refers to a business that sells products or provides services to the end-user
consumers. Another variation of this concept is D2C (direct to consumer) in which a manufacturer sells
directly to consumers with little to no intermediation.

Back Door

A route through which legitimate users or criminals can bypass security systems in order to access the
data they 鈥檙 e after. Contrasts with a front door attack, where a virus or attack is done with help from
the user, for instance by downloading an infected email attachment.

Baiting

Baiting describes the situation where a fraudster leaves something out like a USB drive, enticing somebody
to pick it up and see what content is on it. The fraudster loads the USB drive up with things like malware
and keyloggers, which attack a computer system when plugged in. This scheme is designed to take
advantage of people 鈥檚 curiosity.

Bitcoin

Fraudology Handbook Series 101 Doc's, Tutorials, Scamily University

 The Federation Marketplace: Automated Escrow Cryptocurrency-Exchange BTC Tumblr

The most famous and popular cryptocurrency. While it is often thought of as an anonymous payment
method, bitcoin (BTC) is actually pseudonymous, which means it is possible to track someones payments if
you can tie a real life identity to a BTC wallet.

Burn(er) Phone

The term originates from the drug dealing world, and is used to describe inexpensive mobile phones
designed for temporary use. It allows fraudsters and criminals to link an account to a disposable phone
number, for instance to bypass 2FA.

Today, phone numbers can be generated via burner phone apps or services. These work like prepaid
phone cards, only allowing you to use them for a limited amount of time before being recirculated.
Because they go through your phone 鈥檚 original cellular data, they can be traced.

Bank Identification Number (BIN Number)

A BIN Number or Bank Identification Number is assigned to a bank for its own credit card issuance.

The first six digits on a credit card constitute the Bank Identification Number, otherwise known as the BIN
number. A BIN identifies the institution that issues the credit or debit card. The American Bankers
Association manages the ISO Register of BINs and Issuer Identification Numbers(IINs) for US banks. Online
merchants use BINs (Bank Identification Numbers) as an extra measure to confirm the geographic area
where the cardholder is located. For instance, they compare it to the geographic area identified by the
unique BIN number. Occasionally, some refer to BIN Numbers as an IIN or Issuer Identification Number.

BIN Attack Fraud

One way fraudsters use BIN numbers is in scams known as BIN Attack Fraud. The fraudster obtains a BIN
and uses software to generate the remaining numbers. They then test the numbers using small
transactions through online retailers until they find a valid and active card number.

Common signs of a BIN attack:

Multiple low-value transactions that are unusual for your business

Multiple declines
Unusually high volumes of international cards
Large quantity of transactions being processed or attempted in a short period of time
Card numbers being used repeatedly with variations in the security features
Unusual transaction times

Catfishing

A form of social engineering where fraudsters and criminals create fake online identities to lure people
into emotional or romantic relationships for personal or financial gain.

Online seduction and blackmail are used to acquire personal information such as credit card numbers,
social security numbers, or home addresses, among others.

Fraudology Handbook Series 101 Doc's, Tutorials, Scamily University

 The Federation Marketplace: Automated Escrow Cryptocurrency-Exchange BTC Tumblr

Carding

Carding is the general fraudster term for using stolen credit card data, whether it 鈥 檚 used for direct
purchases, or charging prepaid or gift store cards, which fraudsters then resell. This particularly targets
organizations that handle payment card and transaction processing. One of the greatest threats to your
business due to carding fraud are false expense claims, created by authorized staff who reimburse
expenses incurred while carrying out their work duties and submit a claim for unqualified
reimbursements.

Fraudsters obtain payment card information from several sources:

Stolen from an application.

Stolen from a different payment channel.
Purchased from a criminal marketplace on the dark web.

In some circumstances, criminals only have partial cardholder data at their disposal. For instance, they
only have a limited mix or singular instance of expiry dates, security codes, or cardholder names. The
subsequent steps taken with partial cardholder data are commonly used in card cracking attempts. From
here, the known cardholder data is used to cash-out on and access cash sums or the purchase of goods.

CC

The fraudster term for stolen credit card data. A full CC contains the original cardholder name and address,
expiration date, and CCV. It becomes a Fullz when other personal data points are added to the package.

Click Fraud

Click fraud is a form of marketing fraud that occurs when pay-per-click (PPC) online ads are illegally clicked
to increase site revenue or exhaust a company's budget. It is often intentional, malicious, and has no
potential for clicks to result in a sale.

PPC ads generate revenue for publishers or exhaust client budgets for an advertiser based on how much a
customer clicks on them (and how many of those clicks are converted to sales). Clicks become fraudulent
when those doing the clicking are a computer program (ex. bots), an automated script mimicking a
legitimate user or a human with no actual interest in the ad target. It is considered a "black hat", or
violating computer security for personal profit or malice.

Sometimes click fraud can be carried out by a site owner to artificially boost ad revenue for their business.
It may be carried out by a publisher or ad agency to artificially inflate their click rate making them more
appealing to companies looking to market themselves, without actually having such an audience.

Here are several different types:

Between advertisers

One advertiser attempts to use up another advertiser budget by engaging in click fraud. Once the latter
advertisers budget and space are used up on irrelevant clicks, the former becomes the sole advertiser and
takes up the space and visibility.

Fraudology Handbook Series 101 Doc's, Tutorials, Scamily University

 The Federation Marketplace: Automated Escrow Cryptocurrency-Exchange BTC Tumblr

Between publishers

Another version of this occurs when an attacker maliciously attempts to frame a publisher by making it
look like they click on their own ads. This would cause an advertiser to mistrust the publisher and end
their relationship with them. Because PPC revenue is often the primary source of income, this practice can
destroy a publisher business.

Vandalism

It is often difficult to track down the culprit of click fraud motivated by vandalism. Often, fraudsters target
publishers or advertisers for political or personal vendettas.

Friends and Family

Click fraud can also occur when a publisher is supported by their friends or family clicking on ads to
generate revenue. Sometimes the publisher conspires with their personal relationships to commit this
type of click fraud, or it is truly just patronage on the part of the friends and family.

Classic click fraud

Site owners (publishers) publish ads using an advertising network like Google AdWords, and click on ads
placed on their own sites to increase ad revenue. The advertiser (company creating and placing the ad via
advertising network) has their budget exhausted or is defrauded by the actions of the publisher.

Click Farming

Some companies will outsource to low-cost employees to manually click ads all day and generate ad
revenue, as part of click farms.

Automated Script

A computer program mimics a user and clicks an ad. It does so by translating existing user traffic into clicks
and impressions. Another method is to bombard a large number of computers with viruses and have
those viruses make the computers click ads.

Hit Inflation

Some advertising publishers use this method to drive traffic from a dishonest site to a dishonest publisher,
generating clicks and thus revenue. This occurs when the dishonest site contains a script that converts
website interaction on it to clicks for the publisher. The user interacts with the initial site and interacts, not
knowing that their interaction is generating clicks for a secondary publisher that they do not directly
interact with or are not aware of.

Search Result Manipulation

This iteration of click fraud occurs with the click-through rate of a website rather than PPC ads. Ranking of
sites increases when search results generate clicks to those sites - for example, if you were to search
[Link], the highest clicked site would be listed at the top of search results (that's us!). In this version,
fraudsters generate false clicks on results they want to promote and avoid results they want to demote.
The businesses with the higher clicks will have improved rankings while those avoided will not - many
malicious publishers or companies will use this to put their competitors at a disadvantage.

Fraudology Handbook Series 101 Doc's, Tutorials, Scamily University

 The Federation Marketplace: Automated Escrow Cryptocurrency-Exchange BTC Tumblr

Computer Fraud

Computer Fraud is defined as the action of utilizing a computer to attain or modify the electronic
information or to get the illegal usage of a mechanical system or computer. Computer fraud in the United
States is particularly forbidden by the Computer Fraud and Abuse Act, which specializes in proscribing this
matter, which is considered computer-related under the federal authority.

Confirmation Fraud

Confirmation fraud is a type of fraud that comes in two layers. First, a fraudster falsifies transactional
information, like pretending to deposit a certain amount of money in an account (on someone else's
behalf). Then, the fraudster creates fake materials that falsely confirm that that first transaction went
through, when in reality it didn't. In short, a fake deposit (or other transaction) is falsely confirmed as
having gone through by a fake confirmation, so as to cover up the fact that the first transaction was
actually fraudulent.

Consumer Authentication

Consumer Authentication is the term used for the devices that are designed to verify that a person making
a transaction or any business deal is really the person who is certified to do that action. This term applies
to both card-not-present transactions as well as in-person transactions.

Cookie

A "cookie" is defined as a small amount of information that a Web browser saves on the user s system.
Cookies are a method designed for Web applications to retain the application domain. Cookies are
commonly used by websites for verification, saving the user's information/preferences on the website, or
browsing system information or any other matters that support the Web browser while it gets into the
Web servers.

Corporate fraud

Corporate fraud is the purposeful falsification of the financial data of a company or the actions that have
been made by the company to deliver fake information to the public, in order to increase the company
profits. Characteristic cases of corporate fraud are complicated, extremely private, and if exposed consist
of the economic indignities and elusions of financial accountabilities that the company has committed.

Corporate Identity Theft

Corporate Identity Theft, also known as CIT, is the deceitful and careful falsification of an identity of a
company. It is also sometimes called a white-collar crime since it is commonly performed in a cyber
setting, and is not in the field of the conventional criminal.

Counterfeiting

Counterfeiting is defined as the planned attempt to duplicate a real and authentic article such as a symbol,
trademark or even money with the purpose to distort and convince the purchaser or the recipient to
believe that he or she is really purchasing or receiving the real article itself.

Crawler

Fraudology Handbook Series 101 Doc's, Tutorials, Scamily University

 The Federation Marketplace: Automated Escrow Cryptocurrency-Exchange BTC Tumblr

A web crawler, also known as a web spider or web robot, is a program, software package, or automated
script which browses the Global Web in a systematic and automated method. Web crawlers are mostly
used to generate a duplicate of all the pages they visit, then processing them throughout a search engine
that will file the copied pages to deliver faster search results.

Credentials

Credentials refer to achievements or titles bestowed upon someone, generally by an authoritative body,
that are brought up in order to validate the capabilities and suitability of that person for a certain task.

Credential Stuffing

Credential stuffing is a form of cyber-attack where a taken account's credentials, usually containing the
lists of usernames and/or email ID along with the matching passwords, are stolen and then used to gain
illegal access to real user accounts over a large-scale automated login.

Credit Bureau

A credit bureau is an organization that gathers and also investigates the entirity of credit information from
a person and then sells the information to the creditors to get a fee so that they will able to make a
decision regarding the permitting of a loan. These organizations usually associate with all kinds of loaning
institutions and credit issuers to assist them in making any loan decisions.

Credit Card Number

A credit card number is the exclusive number printed on a credit card. The first six numbers written on a
credit card are the issuer's identification numbers, and the last remaining numbers are exclusive to the
specific card. These credit card numbers are typically available in embossed form on the credit card.

Cryptomining

Cryptocurrencies require large amounts of computer power to be created, or mined. Some legitimate
companies specialize in mass cryptomining through dedicated mining farms.

Cyber criminals and fraudsters, however, like to deploy cryptomining viruses or bots on unsuspecting users
computers, or even organizations servers. This allows them to mine at scale, without spending extra
money on equipment or resources like electricity.

CVV (Card Verification Value)

The card verification value (CVV), is a three- or four-digit code on the back of a debit or credit card. It is
sometimes referred to as a CID, or card identification number. This unique code is used to verify that a
shopper has physical access to the card they're using to pay for goods or services. Other qualities of a card
can be stolen or copied through methods like using a card skimmer, but the CVV won't be recorded
through those methods, making the CVV a useful and important authenticator in online card transactions.

When paying online or via phone, merchants request the CVV to check whether it matches the
information from the issuing bank. Banks and credit card companies use advanced algorithms that are
impossible to spoof to generate CVVs. They are based on information like the account number or
expiration date of the card.

Fraudology Handbook Series 101 Doc's, Tutorials, Scamily University

 The Federation Marketplace: Automated Escrow Cryptocurrency-Exchange BTC Tumblr

Asking for the CVV during checkout protects merchants and consumers from card-not-present fraud. This
fraud is on the rise. In fact, payment fraud involving credit cards amounts to $100 billion in losses each
year globally.

Data Capture

Data capture, or electronic data capture, is the process of extracting information from a document and
converting it into data readable by a computer.

Data Breaches

A data breach, also known as a data leak or data spill, is an event that includes the illegal inspection,
access or retrievial of data by a person, an application or otherwise a service. It is a form of security
breach that is intended to steal or broadcast the data to an unsafe or illicit site.

Data Set

Data set is an assortment of data. Usually a data set match up to the subjects of a distinct database table,
or otherwise a particular arithmetical data matrix, where each single column of the table indicates a
specific variable, and each row match up to a set of affiliates of the query data set.

Debit Card

A debit card, also known as a bank card, plastic card, or check card is a payment card that can be used as
an alternative to cash when making any purchase transactions. Physically, it looks quite similar to a credit
card, however, unlike a credit card, the money is transferred directly from the bank account of cardholders
when making a purchase transaction.

Debit Card Fraud

Debit card fraud is any kind of fraud where debit card accounts are accessed by fraudsters without the
account owner's authorization in order to manipulate or usually drain their funds. Debit card fraud is quiet
easy to commit due to the fact that a debit card's information can be gained with ease.

Dedicated Hosting

A dedicated hosting service, also known as a dedicated server or a managed hosting service, is basically an
Internet hosting structure where the customer leases an entire server not shared with anyone else. This is
even more flexible when compared to shared hosting, since with dedicated hosting organizations have full
access and control over the server(s) and all hardware involved with them.

Deep Fake

A technology that overlays a video with different audio or video, in order to make a real-looking video of
somebody saying or doing something. A famous example could be a deepfake of Nancy Pelosi (in May
2019) that caught a lot of news attention before being recognized as an authentic-seeming deepfake.

Deep Learning

Deep learning is an artificial intelligence function that imitates the workings of the human brain in
processing data and creating patterns for use in decision making. Deep learning is a subset of machine

Fraudology Handbook Series 101 Doc's, Tutorials, Scamily University

 The Federation Marketplace: Automated Escrow Cryptocurrency-Exchange BTC Tumblr

learning in artificial intelligence (AI) that has networks capable of learning unsupervised from data that is
unstructured or unlabeled.

Device Cloning

Device cloning is the practice of producing an accurate copy of any application driver. The term can be
used to indicate a body, software design or an application that has roles and behavior related to another
body or application driver, however, it does not comprise the real source code of body or the
apprehensive program.

Device ID

A device ID or device identification is a unique number related to a cell phone or to the handheld device
itself. Device IDs are separate from the hardware serial numbers. It could be a mixture of a number of
elements and it is also able to include an inception to allow incomplete advancements.

Digital Signature

A digital signature, also known as an electronic signature, proves the legitimacy of an electric file or text in
digital communication and uses encryption methods to keep the content of the file secure. Digital
signatures are used in e-commerce, software dissemination, economic dealings and other circumstances
where counterfeiting or interfering may otherwise be possible.

Digital Wallets

A digital wallet is basically a software-based structure designed for building e-commerce transactions.
With the use of a digital portfolio, online acquisitions can be made simply by using computers or
smartphones. Generally, users bank accounts are linked to their digital wallet as well. In a digital wallet
system, user identifications are securely saved and approved in all transactions.

Dispute

A credit card dispute refers to the process of denying charges to a credit card for whatever reason. Billing
errors may consist of custodies for products which you have ordered but never received, charges for
products that you have returned, or charges that you never authorized.

Domain Name

A domain name is a tag that recognizes a network domain: a discrete cluster of computers under a
fundamental management or authority. Within the Internet, domain names are designed by the guidelines
as well as the procedures included in the Domain Name System (DNS). Any name listed and registered in
the DNS is considered as a domain name.

Drop Address

A "drop address" is the address where fraudsters send goods purchased illegally (for instance with a stolen
card).

While having a secondary address or P.O. box is entirely legal, the distinction for "drop addresses" falls
under the purpose of the address, and the means by which the goods shipped there were purchased.

Fraudology Handbook Series 101 Doc's, Tutorials, Scamily University

 The Federation Marketplace: Automated Escrow Cryptocurrency-Exchange BTC Tumblr

This kind of scheme is often well planned and executed. Some will go as far as making an abandoned
house look lived in. Examples of this could be mowing the lawn, plugging in electricity generator to make
the property seem lived in.

Accomplices in drop address scams are often unaware they are helping fraudsters. They are often
recruited through online job offers. The fraudster pretends to be in a different country, and offers to pay
the hired person to forward them the stolen goods.

Dumpster Diving

The practice of rummaging through someone garbage bins to find personal information (account numbers,
PINs, passwords). Fraudsters often combine digital attacks and real-life information gathering. This is why
it is recommended to shared important documents before discarding them.

EID Services

EID services are used to identify users on a specific platform and are often used by key systems to ensure
the security of the central building blocks of a Digital Single Market and cross-boarder electronic
transactions. It allows owners of a given platform to identify the user who is visiting a specific platform.

Email Fraud

Email fraud is a rather popular and inexpensive way to commit fraud. Fraudsters distribute fraudulent
emails or messages to a variety of clients, generally with the goal of attaining their passwords, usernames,
or other personal information, which they can then use to commit fraud schemes.

Email Spam

Email spam, also known as junk mail, is an unsolicited email that is sent to many people. Generally, there
is no meaning to this mail and is generally meant to bring the receiver to a certain website.

Employment Scam

Employment scams refers to when advertising scammers create fake job listings in order to collect
personal information of applicants, such as payment credentials and other types of information that can
be used for blackmailing the applicants.

Emulator

An emulator is a special kind of robot that copies human activity when it comes to purchasing a service or
product. Examples of emulators include targeted scripts which are aimed at buying a limited-quantity of
items or at gaining an advantage in a time-limited sales event.

EMV

Europay Mastercard Visa or EMV is an international standard for debit and credit cards which are based on
chip card technology. EMV cards are able to make in-person transactions safer than before, but the risk of
card-not-present transactions has increased with it.

EV SSL

Fraudology Handbook Series 101 Doc's, Tutorials, Scamily University

 The Federation Marketplace: Automated Escrow Cryptocurrency-Exchange BTC Tumblr

The certification of EV SSL is actually the symbol of the highest level of trust for a virtual business. All
modern browsers support a completely new technology, known as EV or Extended Validation which offers
color-coded alerts which are used to inform about the website validity.

Fake check

A fake check is normally used by a fraudster with either a duplicate signature or writing for withdrawing
cash from bank. This is a fairly common type of scam that is done by obtaining the necessary information
from the real member of the bank to create a fake check and cash it later.

Facial Recognition

Facial Recognition is a type of biometric check used to identify the person and unlock the system. It
focuses on the facial structure of a person and identifies whether the person has the necessary
authorization or not. Normally, it is used in phones and other security systems.

False Data

False data refers to information which is not accurate, especially the information which, in a specific
context, differs directly from the required information.

False Identity Fraud

False identity fraud occurs when a person creates a fake identity to commit criminal activities. Fraudsters
commit identity fraud to apply for credit under false information, submit for loans or open bank accounts.

Fraudsters obtain the information they need to construct a false identity through identity theft methods
like phishing, credit card fraud, and obtaining fullz. Once they have this information, they invent some of
their own rather than impersonating a living person.

For example, they may combine an existing social security number with a falsified address and name. This
results in a synthetic identity they then use to commit fraud. Additionally, they may engage in social
engineering to make false identities seem more legitimate, to avoid detection.

Children SSNs are more likely to be selected for synthetic identity fraud, as they offer a blank slate for
fraudsters to build their identity upon. Additionally, false identities can be harder to discover with
childrens SSNs, as their financial history is rarely paid attention to until the child grows older.
Unfortunately, children's identity information is often easier to obtain due to their vulnerability to phishing
and other online scams.

Fraudsters use false identities to commit a variety of fraudulent and criminal actions. They include:

Application Fraud

Fraudsters use the good reputation (or blank slate) of an identity to apply for loans or credit cards. Then,
they disappear once it comes time to pay back the loan or credit debt. An application for a credit card,
even if rejected, can serve to legitimize a false identity. Afterward, a fraudster can use that legitimated
identity to apply for loans and credit cards more easily.

Credit Bust-Out Fraud

Fraudology Handbook Series 101 Doc's, Tutorials, Scamily University

 The Federation Marketplace: Automated Escrow Cryptocurrency-Exchange BTC Tumblr

Fraudsters open new credit accounts with falsified information and establish a normal usage pattern over
several months or years. Suddenly, they max out all cards with no intention of paying back the debt. Then,
they repeat the process.

Money Laundering

Criminals use false identities to engage in the trafficking of people, money, and drugs. The use of false
identities allows them to avoid government detection.

Fraud Rings

Fraudsters manage thousands of fake accounts with falsified data to commit fraud simultaneously. In
these, they employ methods like bust-outs or application fraud at a large scale.

False Vendors

False Vendors refer to any scheme that is completed by creating fake vendors. This can have multiple uses
for fraud; for one, the fraudster can send invoices to companies asking for payments on a service or good
that was never actually provided. Another example is when a fraudster will create a duplicate payment
system, causing consumers to have to pay twice to buy a good, one payment going to the fraudster.

FIDO

Fast Identity Online is a set of open technical specifications for mechanisms of authenticating users to
online services that do not depend on passwords. FIDO authentication seeks to use the native security
capabilities of the user device to enable strong user authentication and reduce the reliance on passwords.

Food Fraud

Food fraud is the activity of changing, perverting, mislabeling, replacing or interfering with any food
product at any theme alongside the farm 鈥搕 o 鈥搕 able food supply 鈥揷 hain. The fraud may appear
within the fresh material, inside the ingredient, in the finishing product or maybe in the wrapping or
packaging of the food.

Fraud Score

A Fraud Score is an informational tool that helps you gauge risk involved with orders before processing.
This is done by identifying traits and historical trends associated with suspicious behavior and fraudulent
orders. This process is commonly used across businesses, as they try to detect fraud in their transactions
to avoid major profit losses. Fraud detection is applied to many industries like banking, insurance, and e-
commerce. With so much at stake and so many variables changing, it vital to have a real-time monitoring
system for fraud.

Fullz

Fullz is fraudster slang for an information package containing a person's real name, address, and form of
ID, or their null information. Fullz can be considered a component of 3rd party fraud, as the person whose
credentials are sold is not complicit. Fraudsters use these credentials to steal identities and commit
financial fraud.

Fraudology Handbook Series 101 Doc's, Tutorials, Scamily University

 The Federation Marketplace: Automated Escrow Cryptocurrency-Exchange BTC Tumblr

Fullz usually contains a person name, address, SSN, driver's license, bank account credentials, and medical
records, among other details. Fraudsters use the client financial reputation for identity theft and fraud,
resulting in low credit scores and financial insecurity for the clients. For example, they apply for a loan or
credit card with the clients good credit. The fraudster applies for the card and uses it, while the client
cannot pay it off and/or attempts to cancel it, harming their credit score.

Geolocation Detection

Geolocation refers to the identification of the geographic location of a user or computing device via a
variety of data collection mechanisms. Typically, most geolocation services use network routing addresses
or internal GPS devices to determine this location.

GPS Spoofer

A GPS spoofer allows a device to pretend it is at a different location than its current location. This can be
used to deceive services that attempt to track where you are located.

Hash

A Hash or hash function is a function that can be used to transform digital data of an arbitrary size to
digital data of a fixed size. The values returned by a hash function are called hash values, hash codes, hash
sums, or most commonly, hashes. A cryptographic hash function takes input data, like an address or a
credit card number, and transforms it into a compact string of seemingly random characters that generally
renders the data useless in the event of a breach.

Identification (ID)

Identification is the process by which something denotes another object as being a part of a certain
category. A human could simply be identified as a human, or could be identified as their role or profession,
or by their name; an object could have multiple identifications. In the world of fraud, identificarion is a
term brought up often, as people have their identity "stolen", which is when others pretend to be you in
for malicious purposes.

Identity Fraud

Identity fraud is the situation where a fraudster uses the personal information of a client, without any
approval, to perform a criminal action or to mislead or defraud the other person. Most identity fraud is
dedicated to the use of financial benefit, such as access to a credit card, a bank account, or even a client's
loan accounts.

Identity Provider

An identity provider is a federation partner that vouches for the identity of a user. The identity provider
authenticates the user and provides an authentication token (that is, information that verifies the
authenticity of the user) to the service provider.

Identity Theft

Identity theft refers to the act of accessing and acquiring elements of another person's identity (i.e. name,
date of birth, billing address, etc.) in order to commit identity fraud. Identity theft can take place whether
the client is alive or deceased. Once a person identity data is obtained, the data can be monetized by
gaining access to their accounts, stealing their resources or obtaining their credit and other benefits.

Fraudology Handbook Series 101 Doc's, Tutorials, Scamily University

 The Federation Marketplace: Automated Escrow Cryptocurrency-Exchange BTC Tumblr

Identity theft (in combination with, and often used interchangeably with, identity fraud) is one of the
fastest-growing crimes globally. A criminal can also use stolen identity information to hijack a consumer
accounts, commonly referred to as "account takeover".

Identity Spoofing

Identity spoofing occurs when a scammer assumes the identity of another person/entity and uses that
identity to commit fraud.

Spoofers steal credentials from people or businesses through password attacks and credential capture
processes.

They use those credentials to facilitate phishing, pharming, identity theft, and business email compromise
(BEC) by relying on the trustworthiness of the original identity. Identity spoofing differs from content
spoofing, in that the spoofer attempts to "change" the identity of the sender rather than the content
being sent. Often these spoofs lead to business email compromise and identity theft, causing
organizations millions in losses and/or damages.

Most common forms of identity spoofing

It can be hard to determine whether you face an identity spoofing threat. Users often trust familiar names
and addresses despite the possibility that they may be compromised. Familiarize yourself with several
forms of spoofing in order to spot them in the future.

ARP Spoofing

ARP spoofing occurs by binding the spoofer & MAC address (their Media Access Control address) to a
legitimate IP address default local access network (LAN) gateway. Essentially, a spoofer takes the place of
the destination IP and through that spoofing, gains access to their local network. With this access, they
capture sensitive information and access unrestricted information on the network. They also manipulate
information before it reaches the legitimate IP address. Spoofers then carry out phishing and pharming
attacks and assume new identities based on the information they receive. Additionally, ARP spoofers
attempt a distributed denial-of-service attack (DDoS) which overwhelms existing security systems by
dramatically increasing the number of users it must authenticate.

MAC Spoofing

Each device should have a unique Media Access Control address (MAC) that should not be encountered
elsewhere. However, spoofers take advantage of vulnerabilities and imperfections in hardware to spoof
the MAC address. As a result, the local network recognizes the MAC address and bypasses certain security
protocols. Because spoofers operate with a trusted address, other users fall client to business email
compromise fraud, data breaches, and more. In addition, with trusted access, a spoofed address can
deposit malware on a local network. Spoofers then prey on vulnerabilities and steal sensitive information.

IP Spoofing

The source or destination of a virtual message traces back to an IP address associated with a physical
location. However, spoofers mask themselves with a legitimate IP address or assume the IP address of
someone in that low-risk geolocation. Because many systems do not implement authentication protocols,
the masked IP address takes the place of the legitimate source without the legitimate sender or recipient

Fraudology Handbook Series 101 Doc's, Tutorials, Scamily University

 The Federation Marketplace: Automated Escrow Cryptocurrency-Exchange BTC Tumblr

鈥檚 knowledge. With this IP spoof, a spoofer can deploy a man-in-the-middle attack within a network,
allowing them to steal sensitive information and inform themselves for future fraud attempts. IP spoofing
relates to geolocation spoofing:

Geolocation Spoofing

One can spoof their geolocation using a Verified Protected Network (VPN). Some companies offer this
direct-to-consumers to protect their information as well as access location-restricted content. Fraudsters
use VPNs to place themselves in low-risk locations to avoid their sender information being flagged as an
anomaly. Additionally, they use them to mislead security efforts and mask their location to avoid being
traced.

Fraudsters also use geolocation spoofing to place themselves in particular states or countries to take
advantage of lessened restrictions in the new geolocation. For example, a user in California spoofed their
geolocation to play online poker in New Jersey, taking advantage of New Jersey gambling laws. State law in
both states prohibits this, so both states located and apprehended the user. The user forfeited about
$90,000 in winnings.

DNS Spoofing

Spoofers assume a Domain Name Server (DNS) identity by piggybacking on DNS server caching flaws. As a
result, users click on a domain name they trust, but end up on a replica page that leads to phishing or
pharming attacks against the user. They click on links within that page and expose themselves to these
attacks because they trust the original domain. DNS spoofs, just like many other identity spoofs, often lead
to a loss in reputation for the business due to users trust being violated by the replica site.

This relates to website spoofing, the use of a replica site in order to steal user information. Spoofers target
websites that employees use routinely for their work and construct an almost exact replica. Users click on
the link to a trusted website, not knowing that the URL is spoofed. They interact with the website,
unknowingly entering sensitive credentials or providing backdoor access to their local network. These
spoofs are usually most effective when combined with phishing emails.

Caller ID Spoofing

Spoofers forge caller ID information, presenting false names or numbers and assuming the identity of
particular people or organizations. Public networks and Voice over IP (VoIP) networks make this more
possible. Callers answer these, believing their legitimacy, and often share credentials or bank account
information due to their trust in the legitimate identity. These calls tend to originate in foreign countries
where certain protections may not apply to the caller if they find out that they have been scammed.

Email Spoofing

Sender information in the from section of an email can be spoofed to hide the origin of fraudulent emails.
As long as an email fits the protocols needed by the Simple Mail Transfer Protocol (SMTP) Server, a spoofer
easily sends from a falsified email address. The consequences resemble those of IP spoofing and Caller ID
spoofing. Spoofers either leverage a man-in-the-middle attack or receive sensitive information, relying on
the trustworthiness of the legitimate entity.

GPS Spoofing

Although this is a relatively new form of spoofing, it poses an especially dangerous threat. Identity-based
GPS spoofing takes the form of a rebroadcast of a genuine signal, or broadcasting fake signals that very

Fraudology Handbook Series 101 Doc's, Tutorials, Scamily University

 The Federation Marketplace: Automated Escrow Cryptocurrency-Exchange BTC Tumblr

closely represent legitimate signals. A spoofer takes on the identity of the trusted GPS satellites, sending
falsified or genuine information with malicious intent.

Issuer (Issuing Bank)

The Issuing Bank is the financial institution which issues individuals with credit cards or debit cards and
extends short-term lines of credit to purchase goods and services. Familiar issues include Bank of America,
Wells Fargo, Citibank and The issuer settles card transactions for the purchaser or card holder whereas its
counterpart the acquiring bank or merchant acquirer, is the bank that is responsible for settling credit and
debit card transactions on behalf of the merchant. Issuers generally manage the credit and debit card
programs on behalf of the card networks, such as Visa and Mastercard, and for their role in the card
payment process, receive the majority of the interchange and other fees in a credit card and debit card
transaction. Discover and American Express are both issuers and card networks.

Jitter

Jitter is an anti-skimming method that alters the information on the magnetic stripe by changing the
bustle or gesture of the card while it is swiped or dragged into a card reader or ATM. Jitter is intended to
make unreadable any type of information that has been copied from a skimmer, and therefore the
information will be unusable.

Keylogging

A keylogging program logs the keypresses on a device. Fraudsters covertly download these onto devices
through various methods, and then read the keys recorded in order to discover things like the client 鈥檚
passwords or bank details.

Keystroke Logger

A keylogger, sometimes called a keystroke logger or system monitor, is a type of surveillance technology
used to monitor and record each keystroke typed on a specific computer's keyboard. Keylogger software is
also available for use on smartphones, such as Apple's iPhone and Android devices. Keyloggers are often
used as a spyware tool by cybercriminals to steal personally identifiable information (PII), login credentials
and sensitive enterprise data.

Lending

Lending (also known as "financing") in its most general sense is the temporary giving of money or property
to another person with the expectation that it will be repaid. In a business and financial context, lending
includes many different types of commercial loans. Lenders are businesses or financial institutions that
lend money, with the expectation that it will be paid back, generally with some type of interest. The lender
is paid interest on the loan as the cost of receiving the loan. The higher the risk of not being paid back, the
higher the interest rate.

Man-In-The-Middle

Man-in-the-middle (MITM) is an attack where the attacker secretly relays and possibly alters the
communications between two parties who believe they are directly communicating with each other.

Man-In-The-Browser

Fraudology Handbook Series 101 Doc's, Tutorials, Scamily University

 The Federation Marketplace: Automated Escrow Cryptocurrency-Exchange BTC Tumblr

A man-in-the-browser is a type of online threat, where a hacker uses a trojan horse virus to gain access to
your computer. From there, the hacker manipulates the content you see within your web browser, which
can allow them to record your personal information and passwords, as well as manipulate your
transactions so that the money you think you are spending on an online product actually goes to the
hacker, without anything looking any different from normal on that webpage.

Merchant Account

A merchant account is a type of bank account that allows businesses to accept payments made by debit or
credit cards.

Merchant Account Provider

Merchant account providers give businesses the opportunity to accept debit and credit cards for the
payment of goods and services. This can be conducted face-to-face, over the phone, or even over the
Internet.

MFA (Multi-Factor Authentication)

MFA or Multi-Factor Authentication, also called Step-Up Authentication, is an approach to security

authentication, in which the user of a system provides more than one form of verification to prove their
identity and be granted access. Multi-factor authentication is so named because it leverages a
combination of two or more factors of authentication. In the field of cybersecurity, the three major factors
of authentication and verification are: 1) something a user knows (such as a password or the answer to a
question), 2) something the user has (such as a smart card, a mobile phone or a security token), and
something the user is (such as a unique biometric marker like a fingerprint).

Mobile Phone Fraud

Mobile phone fraud is simply any fraud that involves the use of mobile phones. One type of this fraud is
call-forwarding fraud, where a fraudster tricks a client into mistakenly forwarding their phone calls to
another number.

Money Laundering

Money laundering is the process of concealing the origins of illegally obtained money by going through a
complex sequence of bank transfers to make the money look as if it came from a legitimate source or
business transactions.

Mortgage fraud

Mortgage fraud is a crime in which the fraudster omits information on an application for a mortgage loan
to obtain to greater loan than they would likely normally be eligible to recieve.

One-time Password

One-time Password is a password that is valid for only one login session or transaction, on a computer
system or other digital device. This means that a potential intruder who manages to record an OTP that
was already used to log into a service or to conduct a transaction will not be able to abuse it, since it will
no longer be valid.

Fraudology Handbook Series 101 Doc's, Tutorials, Scamily University

 The Federation Marketplace: Automated Escrow Cryptocurrency-Exchange BTC Tumblr

Open Authorization

Open Authorization, sometimes called OAuth, is an open standard for access allocation, usually used as a
method for Internet users to give websites or applications access to their information on different
websites but without providing them with the passwords. This method is used by some companies such as
Amazon, Google, Facebook, Microsoft and Twitter to allow the users to share their account information
with third parties, such as applications or websites.

Payroll Fraud

Payroll Fraud is a category of accounting fraud typically carried out by people who have access to
employee information, their incomes or their wages. Companies that have not applied the accurate
controls in their financial section particularly in times of financial distress will face more complex fraud
risks than other companies.

Phishing Kit

The phishing kit can be described as a collection of several software programs that allows an individual to
manage and launch specific types of campaigns and phishing scams. The phishing kit makes it easy for
those with even few technical skills to launch some kind of phishing exploit.

Scammer

The term scam refers to fraudulent schemes in which goods and money are taken from unsuspecting
persons, generally through the deceit of the client.

Scraper

A site scraper can be defined as a kind of software that duplicates content from a website. Site scrapers
work similarly to web crawlers, which essentially perform the same function for the purposes of indexing
websites. Web crawlers cover the whole Web, however, unlike site scrapers, which target user-specified
websites.

Shopping Cart

A shopping cart is a feature in online shopping that works as a temporary record of items selected for
eventual purchase from the online vendor's website.

SIM Cloning

SIM cloning is the procedure through which a genuine SIM card is reproduced. When the cloning is
accomplished, the cloned SIM card classifying information is transported onto a separate, secondary SIM
card. The secondary card can then be used in a different phone while consuming all the calls and related
charges credited to the original SIM card.

SERP

Search Engine Results Pages (SERP) are the pages displayed by search engines in response to a query by a
searcher. The main component of the SERP is the listing of results that are returned by the search engine
in response to a keyword query, although the pages may also contain other results such as
advertisements.

Fraudology Handbook Series 101 Doc's, Tutorials, Scamily University

 The Federation Marketplace: Automated Escrow Cryptocurrency-Exchange BTC Tumblr

Single sign-on

Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login
credentials (e.g., name and password) to access multiple applications. SSO can be used by enterprises,
smaller organizations, and individuals to mitigate the management of various usernames and passwords.
In a basic web SSO service, an agent module on the application server retrieves the specific authentication
credentials for an individual user from a dedicated SSO policy server, while authenticating the user against
a user repository such as a lightweight directory access protocol (LDAP). The service authenticates the end
user for all the applications the user has been given rights to and eliminates future password prompts for
individual applications during the same session.

Skimmer

Skimmers are essentially malicious card readers attached to real payment terminals so that they can
harvest data from every person that swipes their cards. The typical ATM skimmer is a small device that fits
over an existing card reader.

Skimming

Skimming is considered a type of white-collar crime,and is described as the theft of cash from a business
prior to its entry into the accounting system for that company. Although skimming is one of the smallest
frauds that can occur, it is also the most difficult to detect.

Skimming cash receipts

Skimming is slang for taking cash "off the top" of the daily receipts of a business (or from any cash
transaction involving a third interested party) and officially reporting a lower total. The formal legal term is
defalcation. Even though skimming is one of the smallest frauds that could appear, they are considered as
the most difficult fraud to detect.

Sniffing

Sniffing is the process of monitoring and capturing all data packets passing through given network, and is
illegal to be done by an unauthorized party. This stolen information can be used for fraud and obtaining
other significant data from users. Sniffers are used by network/system administrators to monitor and
troubleshoot network traffic. Attackers use sniffers to capture data packets containing sensitive
information such as password, account information etc.

Social Engineering

Psychological manipulation done through human interaction that gets people to reveal personal
information for fraudulent purposes. It can happen in one or multiple steps, and can range from basic to
complex methods, like attackers impersonating co-workers or officials to solicit information.

Social security number (SSN)

A Social Security number (SSN) is a nine-digit number that the U.S. government issues to all U.S. citizens
and eligible U.S. residents who apply for one. The government uses this number to keep track of your
lifetime earnings and the number of years worked. Using a social security number, personal data can be
obtained, and can let a criminal use the information for purposes of defrauding the owner of that social
security number. Often this involves stealing money or the identity of that SSN owner.

Fraudology Handbook Series 101 Doc's, Tutorials, Scamily University

 The Federation Marketplace: Automated Escrow Cryptocurrency-Exchange BTC Tumblr

Tax Identity Theft

The term "tax identity theft" represents fraud made by someone to get advantages in tax returns and tax
payments. Tax-related identity theft occurs when someone uses your stolen Social Security Number to file
a tax return claiming a fraudulent refund. People create false identity by using the personal information of
another person to demand a fraudulent tax return. The only way to detect this kind of fraud is a notice
from IRS (The Internal Revenue Service).

Theft of Checks

Check theft involves stealing, and usually cashing, the check of another. Check theft may also refer to
receiving goods or services by passing a bad check which is noncollectable due to insufficient funds or
closed account. Penalties for this fraud vary by state.

Transaction Authentication Number (TAN)

A transaction authentication number (TAN) is a one-time use code involved in processing online
transactions. It offers additional security on top of a password to log in to an account or make
transactions. To decrease chances of fraud in transactions, some companies may require a TAN as a form
of multi-factor authentication (MFA), in addition to a PIN number or CVV. New TANs may be provided with
each interaction, or a list of trusted TANs may be provided to an individual that they can choose from
when conducting business.

If the document or token containing a TAN is stolen, it is useless without the original password. Conversely,
if one logged in without a valid TAN, they would not be able to gain access.

Two-Factor Authentication (2FA)

2FA or Two-Factor Authentication, also called Step-Up Authentication, is a security process in which the
user provides two means of identification, one of which is typically a physical token, such as a card, and
the other of which is typically something memorized, such as a security code. Two-Factor Authentication
gives users an extra layer of security when accessing their online accounts. In addition to a typical
combination of username and password, a second 'factor' is added, such as a numeric code displayed on a
trusted device, to heighten the certainty that you are the one attempting to access your account. 2FA is a
method of determining a user's identity by confirming two factors among 1) something the user knows
(i.e. mother's maiden name), 2) something the user has (i.e. mobile phone) and 3) something the user is
(i.e fingerprint). 2FA is a subset of the broader multi-factor authentication (MFA).

URL spoofing

URL spoofing is the process of creating false or fake URLs which pose as another website. The spoofed URL
or website address appear to be very similar to the original, actual URL, but in reality redirects the user to
a 'booby trapped' website.

Wire Fraud

Wire fraud can be defined as an online fraud based on promises. In this fraud a person conducts a plan or
scheme to attain a sum of money by blackmailing the other person, or by otherwise convincing them to
send the fraudster money. The main communication methods used for this purpose are phone call, fax,
email, text , or any social media source used to contact any other person.

Fraudology Handbook Series 101 Doc's, Tutorials, Scamily University