US Credit Card Fraud Props Up The Russian Black Market

Researchers have uncovered a complex web of shipment scams, which rely on US operators and stolen credit card information to provide goods fraudulently to customers in Russia.

Credit card fraud is big business. Data breaches at high-profile companies are becoming commonplace, and as data collection -- and theft -- surges, the sale of stolen information has become established as a business in its own right.

Unfortunately for victims that often bear no responsibility for such theft, this can lead to pillaged bank accounts and identity theft as goods are purchased using their funds for other purposes.

Large-scale criminal operations often rely on fraud to keep going. According to Hewlett-Packard Enterprise (HPE)'s security research analyst report, stolen credit card data is being used in "reseller" operations in areas where many US companies will no longer ship due to high levels of fraud -- such as Eastern Europe.

Items in high demand are purchased in the US using stolen information and then resold for cash through international scams made possible through the Internet.

Bypassing these corporate restrictions is important, and so cybercriminals will often find an intermediary able to receive the goods before they are sold on in other countries.

This intermediary part of the supply chain is of particular interest to HPE's researchers. In a study taking place between August 2015 and February 2016, the team found that reshipping websites are commonly used to maintain contact with "stuffers" -- those who use stolen credit card data in the United States to purchase items fraudulently -- and "drops," who often unwittingly will accept these products for reshipment across restricted areas, such as Russia and Ukraine.

Drops are most often recruited in the United States through email, where they later visit reshipment websites to be assigned their tasks.

"Bosses make their profits by selling high-demand goods in grey markets, realising high margins due to low acquisition costs," said the report, released recently.

"Admins make a cut of these profits by creating the website, recruiting drops, providing fraudulent shipping labels and selling the goods. Stuffers make their cut of the goods purchased typically as a percentage assigned to each product type."

Most drops are located in the US however Germany is also impacted by such schemes. Everything from consumer electronics to clothes and toys are purchased online by stuffers.

While a number of the reshipping websites have only been in operation for a few months, business is booming. HPE found that despite this short time frame, hundreds of drops have taken place, leading to thousands of products already being purchased using stolen information before shipment.

People seeking a "work from home" setup are most often recruited. They may be promised a base monthly pay or as cash-per-package. Often, however, the stuffers are scammed and no payment is ever made, bumping up the profit margins of the cybercriminal operator -- who makes every effort to appear legitimate to recruit staff.

In short, not only are the victims of credit card fraud left potentially out of pocket, but the mules which support the underlying structure of the scam through their efforts under the belief the work is a legitimate enterprise receive nothing, either.

"Spotting these fraudulent transactions can be difficult as they often occur soon after a card is breached and before the issuer is able to shut down the card number," HPE says. "HPE Security Research advises retailers to monitor for this activity and stay aware of scam operations such as these, as the operations in turn evolve their tactics to avoid detection and maximise profit."

ZD Net

 

« FBI Calculate $2.3 Billion Lost In CEO Email Scams
Hackers-For-Hire Services Booming »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ISF Annual World Congress

ISF Annual World Congress

ISF Annual World Congress, our flagship global event, offers attendees an opportunity to discuss and find solutions to current security challenges.

Security & Intelligence Agency (SOA) - Croatia

Security & Intelligence Agency (SOA) - Croatia

SOA is the Croatian security and intelligence service. Areas of activity include Cyber Security and Information Security.

Ataya & Partners

Ataya & Partners

Ataya & Partners is a consulting company that delivers data protection, cybersecurity and IT & Digital governance services.

ZeroNorth

ZeroNorth

ZeroNorth provides a new approach to improve software and infrastructure security, simplify continuous compliance reporting and to create more cost-effective risk management programs.

Caulis

Caulis

Caulis FraudAlert is a cyber security solution. It can detect fraud and identity theft based on users’ online behaviour.

Data Eliminate

Data Eliminate

Data Eliminate provide data destruction, secure end-of-life IT asset disposal, and data protection consultancy services.

SpyCloud

SpyCloud

SpyCloud is a leader in account takeover (ATO) prevention, protecting billions of consumer and employee accounts either directly or through product integrations.

EPIC Insurance Brokers & Consultants

EPIC Insurance Brokers & Consultants

EPIC is an insuarnce broker and consultancy firm. Risk management services include risk consultancy and cybersecurity insurance.

Internet Infrastructure Investigation

Internet Infrastructure Investigation

Internet Infrastructure Investigation offers a bespoke Internet Governance Solution to your brands online infringement problems.

Onfido

Onfido

Onfido is building the new identity standard for the internet. We digitally prove people’s real identities using a photo ID and facial biometrics.

Motorola Solutions

Motorola Solutions

Motorola Solutions build mission-critical services, software, video and analytics, backed by secure, resilient land mobile radio communications.

Infosec Cloud

Infosec Cloud

Infosec Cloud is a specialist Cyber Security company offering fully managed Training & Testing Services in addition to market leading Cyber Security technology and accredited professional services.

Binarly

Binarly

Binarly has developed an AI-powered platform to protect devices against emerging firmware threats.

Symbol Security

Symbol Security

Through situational learning, simulations, and a gamified user experience, Symbol strengthens the cyber awareness of employees and helps companies lower cyber risk.

CatchProbe Intelligence Technologies

CatchProbe Intelligence Technologies

CatchProbe provides actionable web intelligence, OSINT, deception systems, threat intelligence, and digital crime analytics solutions and products through an AI-Driven intelligence platform.

VT Group (VTG)

VT Group (VTG)

VTG delivers force modernization and digital transformation solutions that expand America’s competitive advantage in the modern battlespace.