Hackers and cybercriminals often gather in "underground" forums to buy exploits, or to cooperate with each other.
They can advertise upcoming project for which they need help, to sell databases of stolen passwords access and credit card information or advertise exploits for new security vulnerabilities that can be used to break into devices or computing systems.
However, these deals often don't always go according to plan.
The new research, published today by the security firm Sophos, reviews these failed transactions and complaints made by members of these forums.
"Scammers are scamming scammers on illegal forums and the amounts are much higher than we first thought," says Matt Wixey, a researcher at Sophos X Ops who studied illegal markets.
Wixey examined three of the most important illegal forums: the Russian-speaking ones Feat and XSS, as well as the English-language BreachForums, which it replaced RaidForums when it was seized by US law enforcement in April.
While the sites operate in slightly different ways, they all have “arbitration rooms” where their members can complain if they believe they have been cheated or wronged by others.
For example, if someone buys malware and it doesn't work, they can complain to the site administrators.
Complaints can sometimes help get their money back, but more often they act as a warning to other users, Wixey says.
In the last 12 months – the period covered by the investigation – criminals on these forums lost more than $2,5 million to other scammers, according to the analysis of research.
There are some who complain about as little as $2, while the average scam on each of the sites ranges from $200 to $600, according to the research, which will be presented at security conference BlackHat Europe.