Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
A massive global multi-million dollar scam, operating since 2019, has been uncovered. The number of victims is in the range of tens of thousands. Thought to be originated from Russia, the gang operates an extensive network of fake dating and customer support websites, using them to charge credit cards bought on the dark web.
By acting in this way, the charges on the website appear legitimate.
How the Websites Worked
The operation used two types of websites, dating sites and customer support portals. When visiting the alleged company’s websites, BleepingComputer found that the corporate sites either didn’t exist or had non-existent email addresses.
The sites, although functional, didn’t receive noticeable traffic and are ranked very low in Google Search results, as their purpose isn’t to draw victims, but allegedly to serve as money laundering channels. BleepingComputer says that the HTML structure and content of the websites are the same, indicating that they have been created by automated tools. The customer support portals either use a fake identity or are created to impersonate real brands.
The operation’s biggest obstacle is the actual registering of these sites as payment acquirers with the processors, who would typically classify them as “high risk”. To produce proof of legitimacy, these sites featured a 24/7 support chat and a working telephone line, outsourced to a genuine support center provider. All sites also list a toll-free number for subscribers if they want to cancel their payments which typically are not found on fraudulent websites.
Tens of Millions of Dollars Extracted
The operators would draw from the pool of millions of stolen credit and debit cards on the dark web (CC dumps), once the payment processors approved them, and charge them on the sites. The cardholders were typically belonging to people from the United States, but cards from French-speaking nations were also discovered.
Small amounts were being charged from the cards through recurring payments, using generic names blending with the victims’ spending habits. In some instances, the operators charge the consumers back via the integrated “cancel subscription” system to artificially lower the charge-back rate and make their business appear legitimate.
By collecting little amounts, this business has been able to operate for so long without being found while generating tens of millions of dollars in revenue. BleepingComputer randomly tested several of the 275 fake websites, and unfortunately, they are all online at the time of writing the article. Payment processors and law enforcement have been notified of the operation and are expected to take action soon.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.
Cristian is a Content Editor & Creator at Heimdal®, where he developed a deep understanding of the digital threat landscape. His style resonates with both technical and non-technical readers, proof being in his skill of communicating cybersecurity norms effectively, in an easy-to-understand manner.
