US Credit Card Fraud Props Up The Russian Black Market

Researchers have uncovered a complex web of shipment scams, which rely on US operators and stolen credit card information to provide goods fraudulently to customers in Russia.

Credit card fraud is big business. Data breaches at high-profile companies are becoming commonplace, and as data collection -- and theft -- surges, the sale of stolen information has become established as a business in its own right.

Unfortunately for victims that often bear no responsibility for such theft, this can lead to pillaged bank accounts and identity theft as goods are purchased using their funds for other purposes.

Large-scale criminal operations often rely on fraud to keep going. According to Hewlett-Packard Enterprise (HPE)'s security research analyst report, stolen credit card data is being used in "reseller" operations in areas where many US companies will no longer ship due to high levels of fraud -- such as Eastern Europe.

Items in high demand are purchased in the US using stolen information and then resold for cash through international scams made possible through the Internet.

Bypassing these corporate restrictions is important, and so cybercriminals will often find an intermediary able to receive the goods before they are sold on in other countries.

This intermediary part of the supply chain is of particular interest to HPE's researchers. In a study taking place between August 2015 and February 2016, the team found that reshipping websites are commonly used to maintain contact with "stuffers" -- those who use stolen credit card data in the United States to purchase items fraudulently -- and "drops," who often unwittingly will accept these products for reshipment across restricted areas, such as Russia and Ukraine.

Drops are most often recruited in the United States through email, where they later visit reshipment websites to be assigned their tasks.

"Bosses make their profits by selling high-demand goods in grey markets, realising high margins due to low acquisition costs," said the report, released recently.

"Admins make a cut of these profits by creating the website, recruiting drops, providing fraudulent shipping labels and selling the goods. Stuffers make their cut of the goods purchased typically as a percentage assigned to each product type."

Most drops are located in the US however Germany is also impacted by such schemes. Everything from consumer electronics to clothes and toys are purchased online by stuffers.

While a number of the reshipping websites have only been in operation for a few months, business is booming. HPE found that despite this short time frame, hundreds of drops have taken place, leading to thousands of products already being purchased using stolen information before shipment.

People seeking a "work from home" setup are most often recruited. They may be promised a base monthly pay or as cash-per-package. Often, however, the stuffers are scammed and no payment is ever made, bumping up the profit margins of the cybercriminal operator -- who makes every effort to appear legitimate to recruit staff.

In short, not only are the victims of credit card fraud left potentially out of pocket, but the mules which support the underlying structure of the scam through their efforts under the belief the work is a legitimate enterprise receive nothing, either.

"Spotting these fraudulent transactions can be difficult as they often occur soon after a card is breached and before the issuer is able to shut down the card number," HPE says. "HPE Security Research advises retailers to monitor for this activity and stay aware of scam operations such as these, as the operations in turn evolve their tactics to avoid detection and maximise profit."

ZD Net

 

« FBI Calculate $2.3 Billion Lost In CEO Email Scams
Hackers-For-Hire Services Booming »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Secunet Security Networks

Secunet Security Networks

Secunet is a leading cyber security company offering a combination of consultancy and products, delivering the highest level of security for data, applications and digital identities.

Hotlava Systems

Hotlava Systems

HotLava network adapters enable today's powerful servers and workstations to deliver more productivity by reducing congestion at the network interface.

Sonatype

Sonatype

Sonatype protects the world's enterprise software from security, compliance, licensing risks, while reducing application development and deployment time.

SBS CyberSecurity

SBS CyberSecurity

SBS CyberSecurity is a premier cybersecurity consulting and audit firm.

Early Warning Services

Early Warning Services

Early Warning is committed to providing awareness, education, and enablement around fraud prevention.

TruSTAR Technology

TruSTAR Technology

TruSTAR is a threat intelligence exchange platform built to protect and incentivize information sharing.

Belkasoft

Belkasoft

Belkasoft is a software vendor providing public agencies, corporate security teams, and private investigators with digital forensic solutions.

Asvin

Asvin

Asvin provides secure update management and delivery for Internet of Things - IoT Edge devices.

Blockchain Firm

Blockchain Firm

Blockchain Firm is a leading Blockchain based software solutions and service provider with our roots of expertise running deep into the technology.

CyberASAP

CyberASAP

CyberASAP provides expertise, knowledge and support to convert academic ideas into commercial products in the cyber security space.

Cyber Pop-Up

Cyber Pop-Up

Cyber Pop-Up provide on-demand access to top security experts. No recruiting. No onboarding. No overhead costs.

Parameter Security

Parameter Security

Parameter Security is a provider of ethical hacking and information security services.

Evalian

Evalian

Evalian is a data protection services provider. Working with organisations of all sizes, we specialise in Data Protection, GDPR, ISO Certification & Information Security.

Predatech

Predatech

A cyber security consultancy offering a range of services, including CREST accredited penetration testing, vulnerability assessments and certifications incl. Cyber Essentials & Cyber Essentials Plus.

Ethiopian Cybersecurity Association (ECySA)

Ethiopian Cybersecurity Association (ECySA)

ECySA was formed to play an influential part in the ongoing and dawning cybersecurity practices of Ethiopia, efficiently creating public and private awareness on all kinds of cyber risks and threats.

Sec3

Sec3

Sec3 is a security and research firm providing bespoke audits and cutting edge tools to Web3 projects.