Sometimes, fraudsters are lone actors who look for isolated opportunities to make some quick cash. Other times, they form coordinated teams with diverse skill sets that can pull off many different types of fraud at once. Or, due to their numbers, they can repeatedly defraud the same industry for an extended period of time. These groups are called fraud rings.
Here, you’ll learn what fraud rings are, how some of them typically operate (including who they commonly target), and what Trust and Safety teams can do to expose them and shut them down.
A fraud ring is an organized group of criminals working together to commit fraudulent activities. Because a fraud ring involves more than one fraudster, members can share resources to commit fraud on a larger scale. A fraud ring may specialize in one type of fraud, or commit multiple different types.
This fraud ring definition is intentionally broad because fraud rings can come in all shapes and sizes. One may consist of just a few people – perhaps friends or family members – while others can have membership numbers in the thousands.
Fraud ring members can have different skill sets, some of which are geared toward committing specific types of fraud. As a result, fraud rings can target many different types of entities: retail stores, eCommerce marketplaces and websites, payment processors, banks, currency exchanges, insurance companies, gambling platforms, crowdfunding services, and even individual people. And they can operate online, offline, or both.
Fraud rings are a big problem for Trust and Safety teams because they put customers’ accounts, personal/financial information, and money at risk. They are also more difficult to stop than lone opportunistic fraudsters because they involve several people working together as a team. This creates two issues.
The first is that fraud rings can pull off crimes with much greater reach. So even if one fraudster is caught, further investigation is needed to determine how many other criminals are operating in the same network to be able to catch them too.
The second is that fraud rings can perpetrate many different types of fraud at the same time. And while many fraud rings operate primarily online these days, some take their activities offline as well. So Trust and Safety teams have to defend against many different attack vectors when dealing with fraud rings, as opposed to with lone fraudsters.
Fraud rings are difficult to categorize because they target many different industries with many different tactics. Some fraud rings are large enough that they may target several different industries at the same time.
To give a basic understanding of how fraud rings operate, here are examples of six common types of fraud rings. We’ll explain some of the typical schemes they employ, as well as identify what kinds of businesses or institutions they usually target.
These types of fraud rings find or steal people’s personal information, and sometimes combine pieces of it to create synthetic identities. They then use these stolen or forged identities to do things like take out loans, make expensive purchases, or gamble. When creditors come to collect the money they’re owed, they find the debtors are either unsuspecting fraud victims or made-up people.
These types of fraudsters typically target banks and other loan providers, as well as online gambling companies or any businesses that offer “buy now, pay later” systems.
Some fraud rings will steal large quantities of credit card credentials, or else purchase them on the black market. Then they will transfer these pieces of information onto blank credit cards.
From there, they will use the counterfeit cards to make fraudulent purchases. Often, they will purchase gift cards or items they can easily resell (such as high-end electronics or jewelry) in an attempt to launder money.
Legitimate credit card holders are most immediately affected by these fraud rings, as they are left to file chargebacks over purchases they never personally made. However, the businesses that were purchased from – whether they are brick-and-mortar or online – suffer even more.
They not only lose money from having to refund fraud victims, but they also lose the purchased products. In addition, their reputations can suffer from having to resolve so many chargebacks.
Insurance covers many different life facets, such as automobiles, healthcare, and housing. So insurance companies need to be aware that professionals including doctors, auto repair technicians, building contractors, and lawyers can be involved in insurance fraud rings.
One common type of insurance fraud that involves a fraud ring is a staged automobile accident. This is where a fraudster (or group of them) in a vehicle intentionally collides with another vehicle. The second vehicle is sometimes driven by a co-conspirator (or a group of them), so the fraud ring can file additional false insurance claims.
From there, other professionals who are part of the fraud ring can exaggerate the damage caused by the “accident" to let the “victims” claim more money. For example, doctors can claim they ordered medical tests that never actually took place. Or they can deliberately misdiagnose fraudsters with injuries – especially soft-tissue injuries such as whiplash, which are difficult to disprove.
Auto repair technicians can get in on the fraud, too. For instance, they can falsely claim that pre-existing damage to a fraudster’s vehicle was actually caused by the collision. Or they can intentionally cause further damage to the vehicle, and then falsely claim that the damage happened because of the collision.
There are many ways in which criminals can commit fraud using checks. They include:
Fraud rings may work to steal checks en masse from people’s mailboxes, then alter and/or copy them. They may also rely on fraud ring members who are bank employees to provide them with the information necessary for counterfeiting checks. The fraudster gains access to banking information required to cash a check under a legitimate customer’s name, but they send the money to a different account.
Other common check fraud schemes involve sending out counterfeit checks as part of eCommerce purchase scams, advance fee fraud, employment opportunity scams, romance fraud, etc.
The goal is to get victims to open bank accounts, deposit counterfeit checks, and then give the fraudsters (some of) the money by either wire transfer or withdrawing cash. It’s only later the victims find out the checks were fake and that they’ve given away money they never actually had.
Another way fraud rings use identity theft is to claim unemployment benefits fraudulently. As part of this type of scheme, they may set up fake websites appearing to let people apply for unemployment benefits. In reality, these websites’ purpose is to steal users’ personal and financial information.
Once fraudsters have this information, they typically use it in one of two ways. One is to file fraudulent unemployment claims using the identity information of people not on welfare. The financial information given then directs benefits to accounts controlled by the fraud ring.
Another is to hack into the accounts of people currently on welfare and change their payment information. This causes benefits to be sent to accounts owned by the fraud ring, rather than the rightful beneficiaries.
This type of fraud ring is important to know about for government departments that administer unemployment benefits, such as state workforce agencies. Their Trust and Safety teams need to be on guard against these types of fraudulent schemes – including educating applicants about them – to prevent legitimate users’ accounts from being abused to fund fraudsters.
A SIM jacking fraud ring involves fraudsters finding (or stealing) people’s mobile phone numbers, along with as much other personal information as possible about those people. Then, they call each person’s telecommunications provider and use the person’s credentials to claim that they own that person’s phone number fraudulently.
From there, they ask for the person’s phone number to be transferred to a new SIM card – one on a device controlled by the fraud ring. This allows fraudsters to intercept people’s phone calls and text messages to bypass multi-factor authentication on their accounts.
In doing so, members of the fraud ring can break into people’s accounts for any number of malicious purposes. They could steal money and even more personal information. They could resell the accounts to unscrupulous individuals. They could even impersonate the real account owners to phish or scam their contacts.
Prominent individuals and companies need to be aware of these types of fraud rings. Their reputations can be damaged by news of fraudsters taking over their accounts, or by abusive actions fraudsters take while controlling their accounts. Telecom providers need to be especially vigilant, as giving people’s phone numbers away to fraudsters is an easy way for them to lose the trust of their customers.
The greatest weapon Trust and Safety professionals have in fraud ring detection is link analysis. Unit21 customer Prizepool prevented $500,000 in fraudulent activity on their platform using a combination of transaction monitoring and link analysis to identify an ACH fraud ring.
This involves using robust data visualizations, along with their related pieces of information, to look for suspicious patterns. This speeds up investigation times, allowing teams to process more cases in less time.
Many fraud rings will use the same information – or slight variations of it – over and over on different accounts, devices, transactions, and so on. This can include personal information, financial credentials, device fingerprints, IP addresses, and more. It’s through these connections that companies can identify and take action against fraud rings.
Other standard anti-fraud practices can be helpful for a platform as well. One is to educate users on the danger that fraud rings represent, and thus why it’s important to protect their personal and financial information. Another is to require stricter verification measures, such as passwords of minimum length and complexity, multi-factor authentication, or even ID documents / biometrics / liveness detection.
Finally, Trust and Safety professionals should cooperate closely with law enforcement officials to investigate and prosecute suspected instances of fraud ring activity.