What Is Fraud-as-a-Service (FaaS)?



            By Zac Amos, Features Editor, ReHack


            Fraud-as-a-service (FaaS) has emerged as one of the most concerning cybercrime trends. Unfortunately,
            organized threat groups have learned they can successfully monetize fraudulent activities, tools and
            resources. What does this scheme entail, and how will it impact business?



            What FaaS Looks Like

            FaaS is a catch-all term for criminals who carry out fraud on behalf of a client for money. It covers
            everything from minor threat groups to cybercriminal enterprises. These entities offer services, tools,
            skills, resources, or insider knowledge in exchange for an upfront fee or a cut of the earnings made from
            successful attempts.

            Many threat groups involved in FaaS operate similarly to a typical organization — they consider client
            acquisition,  develop  marketing  material  and  have  a  product  development  team.  They  often  have  a
            hierarchical business structure comprised of hackers, researchers, technical specialists, managers and
            money mules.

            The typical offerings of FaaS schemes include out-of-the-box solutions like botnets, malware and social
            engineering  kits.  Many  organized  cybercrime  groups  also employ  teams  of  specialized  hackers and
            money mules that clients can rent out.





                                                                                                            272