target
diff --git a/‎src/content/techniques.json‎
Lines changed: 12 additions & 7 deletions b/‎src/content/techniques.json‎
Lines changed: 12 additions & 7 deletions
diff --git a/‎src/content/techniques/authorized_account_abuse.json‎
Lines changed: 65 additions & 0 deletions b/‎src/content/techniques/authorized_account_abuse.json‎
Lines changed: 65 additions & 0 deletions
diff --git a/‎src/content/techniques/crypto_currency.json‎
Lines changed: 44 additions & 0 deletions b/‎src/content/techniques/crypto_currency.json‎
Lines changed: 44 additions & 0 deletions
diff --git a/‎src/content/techniques/damaged_shipment.json‎
Lines changed: 67 additions & 0 deletions b/‎src/content/techniques/damaged_shipment.json‎
Lines changed: 67 additions & 0 deletions
diff --git a/‎src/content/techniques/digital_wallet_apps.json‎
Lines changed: 50 additions & 0 deletions b/‎src/content/techniques/digital_wallet_apps.json‎
Lines changed: 50 additions & 0 deletions
diff --git a/‎src/content/techniques/double_refund.json‎
Lines changed: 80 additions & 0 deletions b/‎src/content/techniques/double_refund.json‎
Lines changed: 80 additions & 0 deletions
diff --git a/‎src/content/techniques/fake_receipt_generation.json‎
Lines changed: 57 additions & 0 deletions b/‎src/content/techniques/fake_receipt_generation.json‎
Lines changed: 57 additions & 0 deletions
@@ -1,9 +1,14 @@
  [
-    { "pre_compromise": "Reconnaissance", "initial_access": "Shoplifting", "control":"Gift Card Extortion", "monetization": "Resale"},
-    { "pre_compromise": "Social Engineering","initial_access": "Social Engineering","control":"Valid Accounts", "monetization": "Checkout" },
-    { "pre_compromise": "Fake Pages","initial_access": "Gift Card Extortion", "control":"Gift Card Return", "monetization": "" },
-    { "pre_compromise": "Acquire Database","initial_access": "Check Gift Card Balance", "control":"Gift Card Merging", "monetization": "" },
-    { "pre_compromise": "Gift Card Number Generation","initial_access": "Valid Accounts", "control":"Gift Card Tampering", "monetization": "" },
-    { "pre_compromise": "Password Reset","initial_access": "Password Reset", "control":"Gift Card Redemption", "monetization": "" },
-    { "pre_compromise": "Proxy Abuse","initial_access": "Credential Stuffing", "control":"Loyalty Points Abuse", "monetization": "" }
+    { "pre_compromise": "Reconnaissance", "initial_access": "Shoplifting", "defense_evasion": "Valid Accounts", "control":"Gift Card Extortion", "monetization": "Resale"},
+    { "pre_compromise": "Social Engineering","initial_access": "Social Engineering", "defense_evasion": "VOIP Abuse", "control":"Valid Accounts", "monetization": "Checkout" },
+    { "pre_compromise": "Fake Pages","initial_access": "Gift Card Extortion",  "defense_evasion": "Digital Wallet Apps", "control":"Gift Card Return", "monetization": "Fraudulent Refund" },
+    { "pre_compromise": "Acquire Database","initial_access": "Check Gift Card Balance",  "defense_evasion": "Crypto Currency", "control":"Gift Card Merging", "monetization": "Social Engineering" },
+    { "pre_compromise": "Gift Card Number Generation","initial_access": "Valid Accounts",  "defense_evasion": "Gift Cards As Defense Evasion", "control":"Gift Card Tampering", "monetization": "Crypto Currency" },
+    { "pre_compromise": "Password Reset","initial_access": "Password Reset",  "defense_evasion": "", "control":"Gift Card Redemption", "monetization": "" },
+    { "pre_compromise": "Proxy Abuse","initial_access": "Credential Stuffing",  "defense_evasion": "", "control":"Loyalty Points Abuse", "monetization": "" },
+    { "pre_compromise": "Third Party Supplier Manipulation","initial_access": "Insider Recruitment",  "defense_evasion": "", "control":"Wardrobing", "monetization": "" },
+    { "pre_compromise": "Fake Receipt Generation","initial_access": "Impersonation of Retail Employee",  "defense_evasion": "", "control":"Item Manipulation", "monetization": "" },
+    { "pre_compromise": "Insider Recruitment","initial_access": "",  "defense_evasion": "", "control": "Returns Process Exploitation", "monetization": "" },
+    { "pre_compromise": "Impersonation of Retail Employee","initial_access": "",  "defense_evasion": "", "control":"Marketplace Exploitation", "monetization": "" },
+    { "pre_compromise": "","initial_access": "",  "defense_evasion": "", "control":"Crypto Currency", "monetization": "" }
   ]
@@ -0,0 +1,65 @@
+{
+  "code": "FT 1104.03",
+  "name": "Authorized Account Abuse",
+  "parent_technique": "Valid Accounts",
+  "tactics": [
+    "Defense Evasion"
+  ],
+  "schemes": [
+    "Gift Card Fraud",
+    "Account Take Over"
+  ],
+  "sub_techniques": [],
+  "technique_description": [
+    "The fraudster persuades a legitimate customer to grant access to their account, enabling the fraudster to leverage a seasoned profile with an established purchase history and associated metadata. This tactic helps bypass or weaken fraud detection controls."
+  ],
+  "mitigation": [
+    {
+      "type": "Multi-Factor Authentication",
+      "details": [
+        "Before permitting account changes, use multiple forms of authentication such as username and password paired with a Onetime Passcode before permitting access.",
+        "If relevant, send confirmatory message to the original contact fields (eg., original email address, phone number, street address)"
+      ],
+      "implemented": false
+    }
+  ],
+  "detection": [
+    {
+      "type": "Network Traffic Attributes",
+      "details": [
+        "Monitor for the Network Traffic Attributes such as IP Address, DNS Name, ASN, and other digital location attributes especially if some of these sources have known fraud activity or has a high risk of fraud activity."
+      ],
+      "implemented": false
+    },
+    {
+      "type": "Time-Based Attributes",
+      "details": [
+        "Based on the location of your operations, monitor for activities that occur during off hours."
+      ],
+      "implemented": false
+    },
+    {
+      "type": "Device Attributes",
+      "details": [
+        "Monitor device factors such as device type, user agent string, operating system, cookies."
+      ],
+      "implemented": false
+    },
+    {
+      "type": "Velocity Attributes",
+      "details": [
+        "Monitor for accounts that are created quickly in succession from the same location or with similar features."
+      ],
+      "implemented": false
+    }
+  ],
+  "references": [
+    {
+      "name": "Top 10 Digital Commerce Account Risks & How to Mitigate Them by Gunnar Peterson",
+      "source": "https://www.forter.com/blog/rh-isac-account-risk-mitigation"
+    }
+  ],
+  "hide": false,
+  "color": "",
+  "risk_score": 0
+}
@@ -0,0 +1,44 @@
+{
+  "code": "FT 1403",
+  "name": "Crypto Currency",
+  "parent_technique": "",
+  "tactics": [
+    "Defense Evasion",
+    "Control",
+    "Monetization"
+  ],
+  "schemes": [
+    "Return Fraud"
+  ],
+  "sub_techniques": [],
+  "technique_description": [
+    "Fraudsters in retail exploit cryptocurrency as a tool to hide their tracks and bypass traditional fraud controls. After committing fraud or policy abuse, they often convert refunds or store credits into crypto through gift cards, prepaid instruments, or resale of goods on secondary markets. Crypto’s anonymity, lack of centralized oversight, and irreversible transactions make it ideal for laundering value obtained from fraudulent returns. Fraudsters also use multiple wallets, peer-to-peer exchanges, and privacy coins to fragment and obscure transaction history. This enables them to quickly move value across borders and outside retailer monitoring systems, making detection and recovery extremely difficult."
+  ],
+  "mitigation": [
+    {
+      "type": "Behavior Prevention",
+      "details": [
+        "Do not accept Crypto Currency in your marketplace"
+      ],
+      "implemented": false
+    }
+  ],
+  "detection": [
+    {
+      "type": "Transaction data",
+      "details": [
+        "Use CTI to correlate and identify crypto wallets that are either suspicious or have been identified as supporting illegal activity or fraud."
+      ],
+      "implemented": false
+    }
+  ],
+  "references": [
+    {
+      "name": "Industry Partner Collaboration",
+      "source": ""
+    }
+  ],
+  "hide": false,
+  "color": "",
+  "risk_score": 0
+}
@@ -0,0 +1,67 @@
+{
+  "code": "FT 1207.002",
+  "name": "Damaged Shipment",
+  "parent_technique": "Returns Process Exploitation",
+  "tactics": [
+    "Control"
+  ],
+  "schemes": [
+    "Return Fraud"
+  ],
+  "sub_techniques": [],
+  "technique_description": [
+    "A fraudster orders multiple items in one shipment and then falsely claims that damage to one item rendered the entire order unusable (e.g., leakage, shattered glass, food contamination). They request an order level refund or reshipment rather than a partial remedy, exploiting lenient damage policies and limited evidence requirements.",
+    "One example is when a fraudster orders printer ink toner and a laptop, then claims the toner exploded during shipping and damaged the laptop. The fraudster requests a refund for all items while keeping them."
+  ],
+  "mitigation": [
+    {
+      "type": "Proof of Damage",
+      "details": [
+        "Require customers to submit photos or video evidence of damage.",
+        "Require the physical return of damaged goods before issuing a refund."
+      ],
+      "implemented": false
+    },
+    {
+      "type": "Enhanced Packaging",
+      "details": [
+        "Isolate items that could leak or cause contamination into separate packages",
+        "Use waterproof packaging or tamperproof seals."
+      ],
+      "implemented": false
+    },
+    {
+      "type": "Return Limit",
+      "details": [
+        "Limit the amount that can be refunded without requiring the item to be physically returned."
+      ],
+      "implemented": false
+    }
+  ],
+  "detection": [
+    {
+      "type": "Behavioral Attributes",
+      "details": [
+        "Flag customers with repeated claims tied to specific accounts, addresses, and/or payment identities.",
+        "Monitor for claims made on first-time orders by new customers."
+      ],
+      "implemented": false
+    },
+    {
+      "type": "Velocity Attributes",
+      "details": [
+        "Monitor for frequent damage claims of specific items."
+      ],
+      "implemented": false
+    }
+  ],
+  "references": [
+    {
+      "name": "Industry Partner Collaboration",
+      "source": ""
+    }
+  ],
+  "hide": false,
+  "color": "",
+  "risk_score": 0
+}
@@ -0,0 +1,50 @@
+{
+  "code": "FT 1402",
+  "name": "Digital Wallet Apps",
+  "parent_technique": "",
+  "tactics": [
+    "Defense Evasion"
+  ],
+  "schemes": [
+    "Return Fraud",
+    "Gift Card Fraud"
+  ],
+  "sub_techniques": [],
+  "technique_description": [
+    "Digital wallet applications (such as Apple Pay, Google Pay, and PayPal) are mobile or web-based platforms that store payment credentials and enable electronic transactions without physical cards. Fraudsters exploit these wallets to evade detection by creating multiple accounts under different identities, masking the original payment source, and requesting refunds to wallet balances instead of the original payment method, making it easier to convert funds into cash, gift cards, or resale value. In addition, Fraudsters may load stolen credit, debit and gift cards onto the wallet for reuse."
+  ],
+  "mitigation": [
+    {
+      "type": "Identity Verification",
+      "details": [
+        "Verify the person's identity matches what is on the card in the wallet."
+      ],
+      "implemented": false
+    },
+    {
+      "type": "Behavior Prevention",
+      "details": [
+        "Do not permit multiple use of the same credit, debit, or gift cards within a defined period"
+      ],
+      "implemented": false
+    }
+  ],
+  "detection": [
+    {
+      "type": "Location Attributes",
+      "details": [
+        "Identify impossible travel transactions for the same credit, debit, or gift card"
+      ],
+      "implemented": false
+    }
+  ],
+  "references": [
+    {
+      "name": "Industry Partner Collaboration",
+      "source": ""
+    }
+  ],
+  "hide": false,
+  "color": "",
+  "risk_score": 0
+}
@@ -0,0 +1,80 @@
+{
+  "code": "FT 1304.002",
+  "name": "Double Refund",
+  "parent_technique":  "Fraudulent Refund",
+  "tactics": [
+    "Monetization"
+  ],
+  "schemes": [
+    "Return Fraud"
+  ],
+  "sub_techniques": [],
+  "technique_description": [
+    "Fraudsters refund the same item multiple times either in multiple stores, online or some combination of both."
+  ],
+  "mitigation": [
+    {
+      "type": "Return Limit",
+      "details": [
+        "Link each order to an individual refund.",
+        "Restrict how many times a refund can be requested per order."
+      ],
+      "implemented": false
+    },
+    {
+      "type": "Escalation",
+      "details": [
+        "Escalate repeat attempts to return the same item to manager."
+      ],
+      "implemented": false
+    },
+    {
+      "type": "Behavior Prevention",
+      "details": [
+        "Stop refunds if the same order ID is already refunded."
+      ],
+      "implemented": false
+    }
+  ],
+  "detection": [
+    {
+      "type": "Transaction Data",
+      "details": [
+        "Identify multiple refund requests for the same order.",
+        "Identify the same return in multiple stores and online."
+      ],
+      "implemented": false
+    },
+    {
+      "type": "Behavioral Attributes",
+      "details": [
+        "Flag accounts doing frequent gift card refunds.",
+        "Identify in person or Online Identities attempting gift card refund."
+      ],
+      "implemented": false
+    },
+    {
+      "type": "Device Attributes",
+      "details": [
+        "Detect repeat attempts from the same computer or phone submitting duplicate requests."
+      ],
+      "implemented": false
+    },
+    {
+      "type": "Velocity Attributes",
+      "details": [
+        "Identify accounts requesting several refunds in a short time"
+      ],
+      "implemented": false
+    }
+  ],
+  "references": [
+    {
+      "name": "Industry Partner Collaboration",
+      "source": ""
+    }
+  ],
+  "hide": false,
+  "color": "",
+  "risk_score": 0
+}
@@ -0,0 +1,57 @@
+{
+  "code": "FT 1009",
+  "name": "Fake Receipt Generation",
+  "parent_technique": "",
+  "tactics": [
+    "Pre-Compromise"
+  ],
+  "schemes": [
+    "Return Fraud"
+  ],
+  "sub_techniques": [],
+  "technique_description": [
+    "A fraudulent receipt created by a fraudster that appears legitimate. The primary purpose is to fabricate proof of purchase or transaction to deceive systems, individuals, or institutions and often to claim refunds, reimbursements, or validate false returns."
+  ],
+  "mitigation": [
+    {
+      "type": "Behavior Prevention",
+      "details": [
+        "Validate the receipt with store records (preferably by electronic scan). Do not permit use of receipts without validation of store-controlled records."
+      ],
+      "implemented": false
+    },
+    {
+      "type": "Training and Awareness",
+      "details": [
+        "Identify fake receipts, which may appear visually different."
+      ],
+      "implemented": false
+    }
+  ],
+  "detection": [
+    {
+      "type": "Transaction Data",
+      "details": [
+        "Identify refunds that do not have proper proof of purchase."
+      ],
+      "implemented": false
+    },
+    {
+      "type": "Velocity Attributes",
+      "details": [
+        "A large volume of receipts may obscure or overlap with a genuine receipt.",
+        "A large number of items on the receipt."
+      ],
+      "implemented": false
+    }
+  ],
+  "references": [
+    {
+      "name": "Industry Partner Collaboration",
+      "source": ""
+    }
+  ],
+  "hide": false,
+  "color": "",
+  "risk_score": 0
+}