This school isn’t a scam. It teaches you how to commit one.
Online courses have become a digital alternative to the classroom, as millions of students take to their computers to learn new skills like coding or to earn a college degree. The trend isn’t lost on cybercriminals, who have developed a six-week seminar to turn beginners into full-fledged fraudsters.
Digital Shadows, a security firm based in the UK, dove into the online fraud ecosystem and released part of its research on Wednesday. Its goal was to get a deep look at the online environment that fosters budding thieves.
The company found several guidebooks online that can sell for $1 or forums where thieves can trade tips in secrecy, but nothing as in-depth as the six-week course. Digital Shadows enrolled in the WWH-Club’s online seminar, which charges $745 for “tuition” and an additional $200 for course materials.
“It’s on a scale that [we] haven’t seen before, and they refresh the course material every six months,” said Rick Holland, the company’s vice president of strategy.
New students pay in cryptocurrency, like Webmoney or Bitcoin. WWH-Club advertises itself as the “world’s largest carding forum.” Carding is slang for using stolen credit cards for fraud.
Like any online course, WWH-Club has a curriculum. There are 20 lectures, five instructors, required reading and quizzes. Each lecture lasts more than an hour, and there is a maximum class size of 15 students.
The lectures touch on topics like “Bruteforcing Paypal,” “Working on Android” and taking advantage of specific industries like hotels and flights. The classes are in Russian only and offer retraining every six months — if you are willing to pay again.
The teachers see their service as a way to enrich their students.
“You will learn to have a free holiday at the resorts of Europe, America and Asia,” reads an advertisement for the crash course in scamming.
The instructors tell students that they can make more than $3,000 a month while working less than 12 hours a week. They suggest websites where a newly minted scammer can buy a stash of stolen credit cards, and then how to turn those into cash.
One of the lectures lists websites that allow purchases with stolen credit cards, followed by instructions on how to sell the goods for cash.
Several lectures also offer social engineering advice, like how to trick unsuspecting victims into giving up their PIN or how to get a hotel agent to accept the stolen credit card information.
Holland said the course is a prime example of how easy it has become to get into cybercrime and a reminder that people need to be even more cautious with their security.
“You could know nothing and it ramps you up on understanding the different kinds of cards that are out there, the security measures that are out there, what do you need on your computer,” Holland said.
You know how colleges loves to show off their successful alumni? “Graduates” of this six-week seminar are the same. Former students return to the forum, showing off pictures of goods they’ve bought thanks to the lessons they learned.
In one thread, there were photos of a PlayStation 4, a GoPro Hero 5 camera and a hoverboard. One thief took a picture of a beach view with palm trees and wrote, “Thank you for creating the Hotel Group.”
Digital Shadows hopes by studying the course, it can advise companies on the latest strategies that new crops of thieves will try out to make a quick buck.
The company will disclose more information during a presentation at the Black Hat cybersecurity conference, set for July 26 and 27 in Las Vegas.
Logging Out: Welcome to the crossroads of online life and the afterlife.
Virtual reality 101: CNET tells you everything you need to know about VR.