TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

F5 Labs

Bots Cheat to Win

2024-02-05 · Read original ↗

ATT&CK techniques detected

9 predictions
T1585.002Email Accounts
97%
“within these account creation attempts. disposable emails a disposable or temporary email refers to an email address that is unique but is typically only used for a limited number of transactions and may be used only to forward incoming messages to a more permanent email address.…”
T1585.002Email Accounts
96%
“these disposable domains appeared more often in manual account creation attempts than they did in automation, underscoring their use by lower - tech fraudsters. however, there were several days during the contest where a large share of the daily account creation attempts that use…”
T1585.002Email Accounts
96%
“account creation series, this technique abuses certain email platforms ’ use of special characters such as “. ” or “ + ”. the technique is also sometimes called “ sub - addressing ”. some email services ignore “. ” in any email address, such that “ johndoesoap @ gmail. com ” or “…”
T1585.002Email Accounts
89%
“will have a “. ” or “ + ” in their email address. the percentage of email addresses containing either of these two special characters that were entered into this site ’ s account creation form skyrocketed shortly after the contest began, jumping from a daily average of 15. 8 % of…”
T1585.002Email Accounts
73%
“the usernames that was also heavily associated with domains that allow their email users to create and delete custom email aliases on demand as an online privacy and spam prevention tool. the pattern was unusual for an email address, but not overly suspicious when seen in isolati…”
T1585.002Email Accounts
69%
“site. the fake account creation seen on a typical day by this retailer happens for various reasons, many of which were described in the first article in the fake account creation series. an additional reason that daily fake account creation may be seen on this site is that the ac…”
T1585.002Email Accounts
67%
“accounts that use these domains, but the approach amounts to a game of a whack - a - mole, in which new fake email domains pop up as others disappear. there wasn ’ t a significant change in the portion of new accounts being created using disposable domains during the contest. acr…”
T1585.002Email Accounts
44%
“conclusion when a popular brand used a contest to engage with new and loyal customers, the fraudsters also crawled out of the woodwork to benefit from the promotion. the fraudsters did not play fair and rushed to create large numbers of fake accounts, with some using manual means…”
T1657Financial Theft
36%
“can be used in retrospective analysis to identify suspected manual fraud. we were able to identify several suspicious clusters of manual transactions that had a high likelihood of being related to fraudulent activities. prior to the contest start, the daily rates of highly suspic…”

Summary

How automated fraudsters tried to ruin a restaurant’s promotional contest.