Yeah take for instance ransomware. That is easy since a lot of your targets might distrust regular user input but be much less cautious about stuff that should presumably be only accessible internally but isn’t actually even properly locked behind a VPN gate so a simple credential stuffing would do and from then onwards it is actually easier than a physical kidnapping since you don’t need to worry about using physical force to ensure your victim submits, doesn’t escape or recognize you. But then you need to actually be smart to make sure you don’t de-anonymize yourself in the process, don’t render your operation just some temporary disturbance by ensuring your victim doesn’t just restore their backups if your goal is a denial of service until you get paid and not expecting ransom for not releasing breach data.
Or take carding. Not technically super difficult, especially with the whole illusion of security that many non-technical users have (ie the infamous padlock when I can literally set up a phishing site with letsencrypt that’d log all the form data in minutes), but then good luck cashing out on that with all the KYC on virtually every crypto exchange out there and all that granted 3DS doesn’t stop you.
Yeah take for instance ransomware. That is easy since a lot of your targets might distrust regular user input but be much less cautious about stuff that should presumably be only accessible internally but isn’t actually even properly locked behind a VPN gate so a simple credential stuffing would do and from then onwards it is actually easier than a physical kidnapping since you don’t need to worry about using physical force to ensure your victim submits, doesn’t escape or recognize you. But then you need to actually be smart to make sure you don’t de-anonymize yourself in the process, don’t render your operation just some temporary disturbance by ensuring your victim doesn’t just restore their backups if your goal is a denial of service until you get paid and not expecting ransom for not releasing breach data.
Or take carding. Not technically super difficult, especially with the whole illusion of security that many non-technical users have (ie the infamous padlock when I can literally set up a phishing site with letsencrypt that’d log all the form data in minutes), but then good luck cashing out on that with all the KYC on virtually every crypto exchange out there and all that granted 3DS doesn’t stop you.