|
Hey Travis, Joseph here with what I think is a really rare piece of insight into the fraud world. I found an underground site selling videos of real people simply moving their head side to side. Why? To bypass selfie verification checks when setting up accounts at cryptocurrency exchanges or other online services. Not only does it show how fraudsters may bypass know-your-customer (KYC) checks, but also reveals a hidden part of the fraud ecosystem: the people who are potentially exploited to give up their faces for the benefit of criminals. I hope you take a look.
With funk music in the background, a man standing in front of a white background stares forward into a camera. He blinks slowly, then looks upwards. He rotates his head clockwise: first to the right, down, then to his left, and up again, before rotating in the opposite direction.
In another video, the man simply looks to his left, and then his right, and then the center as more music blares. In a series of related photos, the man holds blank pieces of paper, or an open laptop with nothing on the screen. At no point in any of the material does he speak or identify himself.
That’s because this man has been reduced to a shell. These videos, and this individual, are tools that can be used by fraudsters to bypass verification checks on cryptocurrency exchanges and other online services. This real man has been turned into a stock video model for services specifically designed to do fraud.
This segment is a paid ad. If you’re interested in advertising, let's talk.
Join Orange Cyberdefense SensePost at Black Hat USA this August for epic hacking training. Our expert team will be delivering 6 world-class technical trainings covering a range of ethical hacking topics.
Level-up your cyber-attack & defense skills and learn the art of hacking with us at infosec's biggest event–Black Hat USA.
Register now to secure your seat.
Often sites ask for a selfie video of a user to prove that they are real and who they say they are. These videos are designed to sidestep that, with scammers able to buy specially-made sets of photos and videos of ordinary people to sign up to accounts with, some of whom may have provided their likeness for a small amount of cash. Fraudsters can then photoshop identity documents, names, dates, or anything else they need into the blank canvas sections of the photographs.
One of the videos obtained by 404 Media. Blurring by 404 Media.
The videos, which 404 Media obtained by buying a set from an underground service, show one method for how fraudsters may bypass some know-your-customer or KYC checks, a vital step in money laundering or some other crimes. But the videos also represent a usually unseen and potentially exploited part of the fraudster ecosystem: people who sell their faces, which are then used to later commit fraud.
“They go to places like Serbia, they give 20 bucks—even 5 bucks in some cases—to people there to just take a selfie and video of themselves. Then they offer those sets for sale,” David Maimon, head of fraud insights at cybersecurity firm SentiLink, and who closely follows the fraud ecosystem, told 404 Media. Maimon said he hadn’t previously seen the specific service 404 Media found, but that it had similarities to others he had. “Part of what we do involves us infiltrating the channels and infiltrating the markets, that these guys spend a lot of time in,” Maimon added. The idea that fraudsters are paying people for their photos is based on “some of the conversations that we’re seeing out there.”
💡
Do you know anything else about KYC bypass techniques? I would love to hear from you. Using a non-work device, you can message me securely on Signal at +44 20 8133 5190. Otherwise, send me an email at joseph@404media.co.
The specific service 404 Media bought a pack of photos and videos from is called Fotodropy Store. Launched in 2021, the site has uploaded many more packs in the last few months. They stretch across various demographics: Black people and white people, men and women, young and old. Scrolling through the site’s homepage presents a list of hundreds upon hundreds of faces that are destined to end up being used for some sort of fraud or financial crime.
The set 404 Media bought for around $30 in Bitcoin includes 80 photos and four videos of the same person. According to the files’ metadata, these were taken on February 8th with an iPhone XR. In the photos the man is holding a white card or pieces of paper of various sizes: one about the shape and size of a drivers’ license, another that looks like a passport, more with an A4 sheet of paper, and many with some variation of those at the same time. Some photos also include the man holding a phone with a blank white background, as well as a blank laptop and the pieces of paper.
When browsing through the available photos, a green checkmark is stamped on the listing if the set has allegedly been sold fewer than five times. Broadly speaking, the more a fake identity has been used, the more suspicious online services may be of that persona.
“We have been in a professional manner engaged in the photography for over a year,” Fotodropy’s website, which is available in both Russian and English, reads. In addition to the advertised, premade images, the site says “contact us and we will make custom-made photodrops sets.” On Telegram, the administrator also suggests that they may sell access to certain photosets to interested buyers before uploading them to the site. They also advertise already verified accounts on various cryptocurrency exchanges. The administrator, who goes by the name Sam Bonusom on Telegram, did not respond to multiple requests for comment.
Presumably to pass a KYC check, the fraudster would also need to superimpose a convincing looking identity document into the selfie photo. The pack 404 Media bought came with the man wearing multiple outfits, meaning someone could theoretically use another for a passport or drivers’ license photo. Maimon said some services sell identity documents along with the selfie videos.
Fotodropy appears to have multiple satisfied customers. “The photodrops are very high quality!” one review on a Russian crime forum reads, according to a machine translation of the post. “I only said my age and gender, and in response they sent me the best options. I recommend them and will definitely come back again!” read another.
|
