It's 'Never Been Easier' to Become an Online Scammer as Cybercrime Markets Flourish
The internet has become a breeding ground for cybercrime, with an expanding network of underground marketplaces making it easier than ever to become a professional fraudster. The rise of organized online markets where cybercrime expertise and resources are bought and sold is posing unprecedented cybersecurity threats worldwide.
"Looking back to the 1990s and early 2000s, you needed to have a reasonable level of technical competence to pull off these types of crimes," says Nicholas Court, assistant director of Interpol's Financial Crime and Anti-Corruption Centre. "Today, the barriers to entry have come down 'quite significantly.'"
For example, obtaining personal data, such as email addresses, and sending them spam messages en masse – one of the oldest online scams in the book – has never been easier. Cybersecurity experts say the change is due to advances in scam technology and the growth of organized online markets where cybercrime expertise and resources are bought and sold.
The Emergence of Cybercrime-as-a-Service (CaaS)
"The last decade or so has seen an evolution of rogue cybercriminals into organized groups and networks all of which are part of a thriving underground economy," says NetSkope's Burnside. "This is exemplified by the rise of 'cybercrime-as-a-service' – where vendors offer their services to others, often for a fee."
Cybercrime-as-a-Service (CaaS) platforms allow individuals with limited technical expertise to access sophisticated tools and services typically reserved for professional hackers. These platforms cater to a wide range of scams, from phishing and social engineering to deepfake videos and voice cloning.
Advances in AI Tools and Deepfakes
AI-generated deepfake videos and voice cloning are increasingly looking more real, with previously infeasible attacks now realistic thanks to generative AI advancements," says Kim-Hock Leow, Asia CEO of cybersecurity company Wizlynx Group. "This makes it 'child's play' to create convincing fake emails, audio notes, images or videos designed to scam and trick victims."
AI tools are also being used to enhance phishing and social engineering scams, helping scammers write more personalized and human-like messages.
The Challenge of Policing Cybercrime Markets
Cybersecurity experts told CNBC that AI tools can be used to enhance phishing and social engineering scams, helping to write more personalized and human-like messages. However, the global and anonymous nature of CaaS vendors and cybercrime marketplaces makes them very difficult to police.
"The volume of criminality is going up so fast that it is actually harder for law enforcement to catch the same proportion of cybercriminals," says Interpol's Nicholas Court. "This calls for a significant focus on prevention and public awareness campaigns to warn about the rapid sophistication of scams and AI tools."
The Importance of Enterprise Cybersecurity Protocols
"As cybercriminals become more tech- and AI-savvy, so must companies' cybersecurity protocols," says Wizlynx Group's Leow. "AI tools can be used to help automate security systems on the enterprise level, lowering the threshold for detection and accelerating response times."
New tools are emerging, such as 'dark web monitoring,' which can track cybercrime markets and underground forums for leaked or stolen data, including credentials, financial data, and intellectual property.
Conclusion
"It's never been easier" to commit cybercrime, so it's crucial to prioritize cybersecurity by investing in technological solutions and enhancing employee awareness. As CaaS and cybercrime markets continue to grow, it's essential for individuals and organizations to stay vigilant and proactive in protecting themselves from the rapidly evolving threats of online crime.