Why fraudsters pretend to have better credentials than they actually do

The average login credential attack now has a nearly one in 10 chance of succeeding. But how do fraudsters do it and why does it matter?