– Don Jackson Director of Threat Intelligence at PhishLabs
Criminals are using poorly protected charity websites to test the validity of stolen credit-card numbers, cybersecurity experts said this week, costing some groups thousands of dollars. Simplified online donation pages make it easy for people to give — but also serve as prime testing ground for credit-card thieves.Stolen credit-card numbers aren’t worth much on the underground market until verified, so thieves use online payment websites to test whether the numbers work.
If the payment goes through, the criminal-services group reports back to the thief that the credit-card number is valid and will work for making larger fraudulent purchases.
“I think the reason charities and nonprofits are targeted is they want to set it up with as few bars to funding as possible,” Mr. Jackson said.