Fraud Service Uses Charity Websites to Validate Stolen Credit Card Data

By Lindsey Havens 4 years agoNo Comments
Home  /  News  /  Fraud Service Uses Charity Websites to Validate Stolen Credit Card Data

From Security Week

From Security Week

Cybercriminals who specialize in payment card fraud can verify the validity of stolen data by using an automated tool which conducts transactions on the websites of non-profit organizations, researchers at PhishLabs reported on Friday. The card data verification service relies on a bot developed in the Perl programming language and an IRC channel.

Once they log in to the IRC channel, cybercrooks must simply send a private message containing credit card numbers, cardholder names, and expiration dates to a moderator by using a special input syntax.

“One moderator offered the absurd suggestion that letting the charities keep the funds used to verify the cards somehow compensated for damage done to the actual cardholders. Another moderator suggested that cardholders would be less inclined to report payments as fraudulent since they were sent to a charity or non-profit,” said Don Jackson, Director of Threat Intelligence at PhishLabs. 

Categories:
  NewsPress

Leave a Reply

Your email address will not be published.

})(jQuery);