A member of a Spanish speaking underground forum is promoting a PayPal balance transfer/payback scheme to clients. This type of financial transaction is illegal and commonly supported by illicit funds. The forum member operates in Latin America, yet promotes business in worldwide Spanish forums. This report is being provided for your situational awareness.
- Spanish forum supports malicious cyber tools and activity.
- Spanish forum member operates in Mexico, Central, and South America
- Spanish forum member accepts payments via Bitcoin, Western Union and OXXO.
Forum member prefers to communicate via Facebook and accepts payments via Bitcoin, Western Union, and OXXO (a chain of convenience stores from Mexico with over 14,000 stores across Latin America. It also offers money wire transferring services like Western Union). We assess with high confidence that this forum member lives in Latin America, likely Mexico.
Publication Date: 16 December 2016
Handling Requirements: Traffic light protocol (TLP) GREEN
Attribution/Threat Actors: PayPal balance transfer scheme
Actor Type: Adversary capabilities have been assessed as Tier II
Potential Targets: Financial and PayPal
Past Reporting: The full reports may be viewed in Red Sky Alliance as DOC-3969. Contact Wapack Labs for more information.