Security researchers at cybersecurity firm ReasonLabs have uncovered what they say is one of the largest fraudulent online credit card schemes to date.
Active since 2019, the operation involved a massive network of fake dating and customer support websites, which were used to charge credit cards bought on the dark web. According to the estimates, the scam has amassed tens of millions of dollars from tens of thousands of people.
Believed to be originated from Russia, the operation appears to abuse several security brands, such as McAfee and ReasonLabs, to execute fraudulent credit card charges.
“The fraudster group operating this scam has most likely been using proxy people to create a number of fake dating websites. These websites are functional, yet they do not receive real traffic and are very hard to locate on Google,” ReasonLabs said in a report.
This suggests that the websites were likely created as money laundering channels and did not pursue the goal to entice more victims.
The operation used infrastructure built on top of Amazon Web Services and used GoDaddy to circulate hundreds of domains.
“Once the sites are live, the scammers coerce payment providers to gain the ability to accept credit card payments. At this point, the fraudsters search the darknet and acquire thousands of stolen credit cards and charge them to their fake website’s services,” the researchers explained.
“Once all the prep work is complete, the fraudsters seem to begin charging the stolen credit cards, either by using an API, or manually. Users are subscribed to monthly recurring payments that look very similar to a generic subscription from any service provider. In case a credit limit is reached, they will reduce the amount charged.”
Most of the cards used in the operation belonged to people in the United States, but the cybercriminals also bought cards from French-speaking countries, the researchers said.
In this regard, credit card owners are advised to check their monthly billing statements and report any suspicious charges as soon as they appear.