Massive cedit card scam network using dating and customer support sites

Researchers uncovered multi-million dollar credit card fraud operation

Credit card fraud scammers made millions

Global online credit card scam uncovered. Scammers managed to siphon millions of US dollars for credit cards since the launch of the campaign back in 2019.^[1] Reports state that there are tens of thousands of victims who suffered losses due to this newly uncovered campaign.^[2]

ReasonLabs reported these global operations and revealed their findings on the massive scam campaign. The operation is called one of the largest fraudulent online credit card schemes active today.

This significant and widespread global credit card scheme appears to have been operating since 2019. We estimate it has amassed tens of millions of dollars in fraud from tens of thousands of families and individuals.

The operation originates from Russia and is using an extensive network of various dating and customer support websites that get used to charging credit cards. Scammers transfer money via cards bought in the dark web, and these payments look legitimate, so fund returns are not initiated since there are no triggers for fraudulent transaction detection.^[3] This way, the scammer makes money from the crime.

Network of fraudulent dating sites and customer support services

The operation relies on two particular types of domains. These sites are mainly dating sites or customer support platforms. Once such a page gets visited, users can see company names and, corporate site links, email addresses supposedly representing the service provider, bet those details are all fake and non-existent, not working.^[4]

When the traffic on those sites got investigated, it was seen that there was no noticeable number of users who went to the page. However, these sites have one purpose – to draw victims to the page and serve as money laundering channels. These pages share the same HTML structure and content, so researchers think these are made using automated tools.

These pages either use the customer support portals with the name of the fake entity or design their sites to mimic other real brands like antivirus tool providers, security firms, and even ReasonLabs. The goal is to get many gray charges, so the user contacts the support of the company and falls into the scam. At least 75 support portals were detected.

Payment operation obstacle

The issue that scammers had to face was related to the operations registering these sites as payment acquirers. This process relies on processors that can be classified as high risk due to the money involved.^[5] This is a legitimate payment problem because the category has high charge-back percentages.

These operators managed to avoid blacklisting by applying each site individually. This can avoid losing all the pages at once if fraudulent operations get revealed in any of them. Then threat actors can pool millions of stolen payment cards on the dark web and charge them on these sites. Most of them were from people in the United States and from French-speaking countries.

This charging happens using the API or manually when site operators need to work carefully, so anti-fraud alarms will not get triggered. Charging small amounts and using generic names helped these scammers blend with victims; spending habits, so payments with the same amount would not get flagged alter on. These sites were reported to payment processors and law enforcement, so even though many of those sites are still online, they should not be there for long.