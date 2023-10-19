Understanding more complex registration workflows

For banking sites or sites that require a subscription, users must provide more information about their identity, including home address, government-issued ID, and phone number. The site will verify the email address and the other information with some level of scrutiny.

Fraudsters who want to create new bank accounts need reasonably valid and verifiable data. In this case, the attacker is not likely to use disposable emails since they would be too obvious an anomaly for the bank security team to miss.

The attacker is more likely to use regular email services like Gmail or Microsoft Outlook (Figure 11) for this kind of attack. In this scenario, two different fraudsters may supply information upstream:

One will supply valid inboxes (Figure 7, steps 1 and 2)

The other will supply PII that may have been harvested through major data leaks (Figure 11, step 3)

Fraudsters who open bank accounts and take advantage of promotional offers acquire both datasets from the dark web and combine them to create a synthetic identity (Figure 11, step 4).