A large–scale operation that reportedly stole millions of dollars from credit cards from 2019 to earlier this year has been exposed by cybersecurity company ReasonLabs.
The scammers, defined by ReasonLabs as a “crime syndicate with origins in Russia,” would have used Amazon Web Services, GoDaddy and eNom to carry out the scheme.
According to the company, the victims of the elaborate plot were users of major credit card providers, including Mastercard, Visa and American Express, among others.
From a technical standpoint, the operation involved establishing a massive network of fake dating and customer support websites.
“The fraudster group operating this scam has most likely been using proxy people to create a number of fake dating websites. These websites are functional, yet they do not receive real traffic and are very hard to locate on Google,” ReasonLabs wrote in an advisory published over the weekend.
“In addition to these dating websites, the fraudsters also created 75 different customer support–focused websites.”
The threat actors would have then used these websites to charge credit cards bought on the dark web, primarily derived from the US (as the websites found are registered in the US) but also from France or other French–speaking locations.
“At certain points of this scheme, the fraudsters will reach the maximum available chargeback rate, and the ability to charge more cards will probably be revoked,” ReasonLabs explained.
“But by then, they will have already managed to withdraw the funds (most likely to an account owned by a mule) according to their payment conditions. In addition, they will already be on the lookout for the next payment provider to scam.”
ReasonLabs said it has contacted the companies abused by the fraudulent network to help them shut down the operation.
“As intricate as the setup of this credit card scam is, it nonetheless relies on the naivety of the consumer and the possible unsuspecting payment processors in order to be successful. It’s our job to raise awareness in order to stop these schemes in their tracks, making them inoperable.”
To this end, the company called for credit card owners to regularly check their monthly billing statements and report all suspicious charges to their bank as soon as they appear.
The ReasonLabs report comes weeks after the Menlo Labs research team disclosed information about a phishing campaign targeting MICARD and American Express users in Japan.