See Sift in Action
Back to Fraud Intelligence Center

Fraud schemes exposed

Explore the latest scams and fraud tactics uncovered by Sift’s Trust and Safety Architects.

The global Fraud Economy

Fraudsters have evolved from siloed attacks to a full-blown Fraud Economy—a sophisticated and interconnected network of cybercriminals looking to exploit online businesses.

Global fraud economy

ATO-as-a-service

Fraudsters use automation to accelerate attacks

Atlantis AIO (also known as Atlantis-X) is a fraud-as-a-service credential stuffing tool, accessible via a simple link for $150 per month.

Step 1

A fraudster finds and clicks the Atlantis AIO link and pays the $150 monthly subscription fee. It’s common for users to sign up using cryptocurrency, adding a layer of anonymity to the transaction.

Step 2

Behind the paywall, the fraudster enters the stolen or purchased account credentials into the Atlantis tool, which uses automation to rapidly verify if, and where, those credentials are accurate and active.

Step 3

Login details can be entered individually or in bulk. Once credentials are either authenticated or proven defunct, the fraudster can plan the next phase of attack.

Step 4

The fraudster takes the Atlantis-authenticated data to the related website or app, quickly and easily accessing the compromised account and any funds or additional identification details protected behind it.

img
imgimg
img
img

Bots-as-a-service

Mechanics of an automated scam

Step 1

The fraudster joins a bot-as-a-service scam group on a deep web forum and pays for temporary use of the OTP bot.

Step 2

The fraudster enters the victim’s phone number into the OTP bot.

Step 3

The fraudster provides the bot with the caller ID for the site or app they want to spoof.

Step 4

The bot calls or texts the victim, impersonates the business, and asks them to provide their OTP.

Step 5

The fraudster receives the OTP to successfully log into the victim’s account.

Step 6

The fraudster can now access and steal the victim’s payment information to make unauthorized purchases.

img
img
img
img
img
img

Fraud-as-a-service

Mechanics of a criminal business model

img
img
img
img
img

Fraud attacks in one industry impact every industry.

The Fraud Economy is an interconnected web of fraud and abuse vectors that influence and impact one another. Explore data insights from the Sift global network of more than one trillion eventsper year, representing over 34,000 sites and apps across multiple industries, and learn how cybercriminals leverage the Fraud Economy to target businesses and consumers around the globe.

Crypto Cashout: When fraudsters join forces

Click through the timeline to see how the scam works.

imgimgimg
imgimgimg
imgimgimgimgimgimg
imgimgimgimgimgimgimgimgimg
imgimgimgimgimgimgimgimg
1
Fraudster A has access to stolen or illicitly-obtained funds.
2
Fraudster B takes over bank, crypto wallet, and crypto exchange accounts.
3
Fraudster A solicits on Telegram for combined bank and crypto account access. Fraudster B responds with offer to work together.
4
Fraudster A loads the stolen funds into Fraudster B's bank account. Fraudster B transfers the funds into stolen crypto exchange account or wallet.
5
Fraudster B withdraws the funds from the crypto wallet to an offline wallet. Fraudsters split the profits.

Close X

imgimgimg

Close X

imgimgimg

Close X

imgimgimgimgimgimg

Close X

imgimgimgimgimgimgimgimg

Close X

imgimgimgimgimgimgimgimg

Pig Butchering: The mechanics of the scam

Click through the timeline to see how the scam works.

imgimgimgimgimgimgimgimg
imgimgimgimgimgimgimgimg
imgimgimgimgimg
imgimgimgimgimgimgimg
imgimgimgimgimg
imgimgimgimgimgimgimgimg
imgimgimgimgimgimg
imgimgimgimgimgimgimg
Create phony profiles
Scammer creates dozens of phony profiles on dating apps
Swipe
right
Scammer matches with multiple victims
Switch platforms
Conversation moves to a private, encrypted messaging platform
Manipulate Emotionally
Scammer emotionally manipulates victim
Talk
crypto
Conversation turns to crypto investing
Pressure to invest
Scammer convinces victim to invest using fake crypto exchange
Show False Profit
Victim starts seeing false profit and is persuaded to invest more
Steal
Funds
Scammer takes money and ceases communication

Close X

imgimgimgimgimgimgimgimg

Close X

imgimgimgimgimgimgimgimg

Close X

imgimgimgimgimg

Close X

imgimgimgimgimgimgimg

Close X

imgimgimgimgimg

Close X

imgimgimgimgimgimgimgimg

Close X

imgimgimgimgimgimg

Close X

imgimgimgimgimgimgimg

Proxy Phantom: The anatomy of a fraud ring

In Q3 2021, the Sift data science team identified and blocked an attack coming from multiple large IP clusters (related groups of internet protocol addresses) across the Sift global network. This interactive visualization illustrates the fraud ring and how it used bots to commit sweeping, large-scale account takeover (ATO) attacks against e-commerce merchants all over the world.

Disclaimer: All personally identifiable information is simulated.

In Q3 2021, the Sift data science team identified and blocked an attack coming from multiple large IP clusters (related groups of internet protocol addresses) across the Sift global network. The video below illustrates the fraud ring and how it used bots to commit sweeping, large-scale account takeover (ATO) attacks against e-commerce merchants all over the world.

FRAUDSTER
TRANSACTION
CREDENTIALS
PAYMENT DETAILS
PROXY SERVER

Additional resources

Q4 2023 Digital Trust & Safety Index: Dispute data, consumer insights, and emerging trends

Read the report

Comprehensive fraud guides from Trust & Safety University

Start learning

Sift Fraud Industry Benchmarking Resource (FIBR)

Explore data

Secure your business from login to chargeback

Stop fraud, break down data silos, and lower friction with Sift.

  • Achieve up to 285% ROI
  • Increase user acceptance rates up to 99%
  • Drop time spent on manual review up to 80%
Your information will be used to contact you about our service and subscribe you to our direct marketing communications. You can, of course,unsubscribe at any time. Please see our Website Privacy Notice.