Inside the mind of today’s cyber criminal

by Guest Contributor 2 min read August 8, 2014

Online crooks are getting more sophisticated by the second. Nowadays, fraudsters have the ability to conduct “clean fraud,” obtaining legitimate identities of users from the black market or data breaches to compromise a victim’s card account. Malware, too, is becoming more sophisticated both in the mobile and non-mobile space. But how can organizations fight such high-level tactics in such a broad, complex space? John Sarreal, Senior Director of Product Management at 41st Parameter, an online fraud prevention player, sat down with PYMNTS after the recent release of the white paper “Surveillance, Staging, and the Fraud Lifecycle” to reveal the inner workings of a cyber criminal’s mind, what should be done before and after data is snatched, and which aspects of account takeover are the most overlooked and dangerous.

Interview excerpts

Take us through the mind of a cyber-criminal. What are the most sophisticated tactics used today to capture account information from corporate systems?

JS: The amount of clean fraud that we see with our customers is unprecedented. By focusing on obtaining legitimate credentials and identities, fraudsters are more easily able to bypass traditional controls. This means that fraud tools need to adapt and gather additional attributes to augment their fraud screening. Although the techniques they’re using now to obtain these credentials are increasingly sophisticated, the MOs are still rooted in basic phishing and social engineering attacks.

Fraudsters will use identity information obtained from the black market or data breaches to conduct very convincing phishing attacks to reveal everything that is needed to compromise a victim’s card account. There’s also increasing sophistication in the use of malware to steal sensitive credentials in both the mobile and non-mobile arena. In Android, for example, Google recently passed a vulnerability that allows sophisticated malware to impersonate digital certificate signing authorities. This vulnerability allowed the malware to install itself on a mobile device without any user notification or intervention – obviously, a very dangerous attack.

Link to the podcast and transcript here.

Related Posts

Explore how Experian Verify Hub is simplifying income and employment verification as Sophia Cheung shares insights on reducing complexity, improving data access, and helping organizations make faster, more confident decisions.

Published: July 3, 2026 by Ted Wentzel
How Union Credit Expands Access to Credit Unions with Experian

Discover how Union Credit and Experian help credit unions reach younger consumers through personalized digital lending experiences.

Published: July 1, 2026 by Scarlet.Nickel@experian.com
Faster Decisions, Better Outcomes: Experian Verify™ Now Available Through Centro, Mezzo’s Orchestration Engine 

Explore how Experian Verify™ and Mezzo’s Centro orchestration engine are helping mortgage lenders modernize income and employment verification, reduce workflow complexity, and make faster, more confident lending decisions at scale.

Published: July 1, 2026 by Lizel Ferrer