Aiming to Dupe AntiFraud Systems: Digital Doppelgangers

Quite an interesting discovery.  Constructing fake user profiles to facilitate fraud.   Goes back to the need for stronger means of constructing foolproof real identities, probably cryptographically determined.  'Fraud on Demand'?  The linked-to article contains considerable detail on the current activity here.   Doppelgangers vs Digital Twins?     'Synthetic Identities'

Dark Web's Doppelgängers Aim to Dupe Antifraud Systems  By Paul Marks

Communications of the ACM, January 2020, Vol. 63 No. 2, Pages 16-18
10.1145/3374878

Deep within the encrypted bowels of the dark Web, beyond the reach of regular search engines, hackers and cybercriminals are brazenly trading a new breed of digital fakes. Yet unlike AI-generated deepfake audio and video—which embarrass the likes of politicians and celebrities by making them appear to say or do things they never would—this new breed of imitators is aimed squarely at relieving us of our hard-earned cash.

Comprising highly detailed fake user profiles known as digital doppelgängers, these entities convincingly mimic numerous facets of our digital device IDs, alongside many of our tell-tale online behaviors when conducting transactions and e-shopping. The result: credit card fraudsters can use these doppelgängers to attempt to evade the machine-learning-based anomaly-detecting antifraud measures upon which banks and payments service providers have come to rely.

It is proving to be big criminal business: many tens of thousands of doppelgängers are now being sold on the dark Web. With corporate data breaches fueling further construction of what market analyst Juniper Research calls "synthetic identities," Juniper estimates online payment fraud losses will jump to $48 billion by 2023, more than double the $22 billion lost in 2018.

The existence of a doppelgänger dark market was first discovered in February 2019 by security researcher Sergey Lozhkin and his colleagues at Kaspersky Lab, the Moscow-based security software house. His team was carrying out their regular threat analyses on several underground dark forums, "when we discovered a private forum where Russian cybercriminals were hosting information about something called the Genesis Store," Lozhkin says.  .... "