Cybersecurity is a constant battle between organizations and threat actors. Institutions, both financial and governmental, push out patches and security measures to protect society’s assets. Cyber-criminals rush to break those measures in hopes of making a profit or statement. Once a cyber-criminal finds an exploit, they take advantage of it themselves but also share it with other criminals in their network. They distribute this newfound knowledge and call it methods.
Methods, sometimes called sauce, are an informational guide on how to defraud an institution for financial gain. One of the most famous methods that was circulated around dark web marketplaces was the PPP loan method. PPP stands for the Paycheck Protection Program, which was a loan created by the government back during the height of the COVID-19 pandemic to aid businesses. Online criminals took advantage by creating false identities and businesses to take out massive loans.
A recent disaster that cyber-criminals have taken full advantage of is the relief for Texas citizens caused by Hurricane Beryl that hit the state in July 2024. The Federal Emergency Management Agency (FEMA) has assisted the people of Texas stricken by this disaster. In the image and video shown, a fraudster on a marketplace is announcing that they have a method to obtain funds from this relief program. The fraudster records a bank account displaying that they received $185,646 in relief grant. They even claim that the method they are using requires no docs, short for documentation such as license, utility bill, passport, etc.
Methods do not pertain solely to defrauding government programs. This image advertises multiple methods/sauce for sale, a majority being financial apps such as PayPal, Cashapp, and Zelle. One of the interesting things about the post is the advertisement of methods outside of the US such as the claim to have UK and Australia sauce. While the fraudster does not directly state the specific institution that the method is trying to defraud, it could be assumed that it pertains to banking or finance due to the other sauce being about banking and finance.
Fraudsters usually advertise the name of the method they have to sell it, but sometimes they will hand out methods for free. These images show a free method by a vendor that goes in-depth on how to defraud different types of banks using a Coinbase method to transfer Bitcoin.
In the end, it shows that the fraudster successfully withdrew $11,000 worth of Bitcoin. There are multiple reasons why a fraudster would hand out a method for free, rather than sell it like others do. The file could have a malicious virus in hopes of stealing info from other fraudsters, they want to network, or in this case, they want to influence other fraudsters to use their service. This image shows that on the very last page, the fraudster is also a vendor who suggests the reader should use their services to accomplish the method. (See the image below.)
Due to the nature of the internet, information can be spread all over the world for others to take in. That includes non-US fraudsters being able to learn from these methods to defraud institutions from a whole different region of the world and vice versa. The darknet knowledge market continues to escalate the growing threat of both domestic and international fraudsters on financial institutions, making cybersecurity just that much harder.
About Finovifi
Protect your financial institution and customers with Finovifi's fraud prevention solutions. SilverSafe provides real-time dark web monitoring to proactively identify compromised elder customer data. Our integrated FraudXchange ecosystem offers seamless protection against check fraud and financial exploitation.
With customizable enrollment options and full regulatory compliance support for CFPB and FDIC guidelines, Finovifi helps you stay ahead of fraudsters while meeting your compliance obligations. Don't wait for fraud to happen - contact Finovifi now to protect your customers and institution.