Cybersecurity researchers at ReasonLabs have unearthed a massive global multi-million dollar fraudulent scheme, operating since 2019. The number of victims including major firms like Amazon Web Services, Mastercard, and Visa is in the range of tens of thousands.
Scammers methodology
The fraudsters employed two types of websites, dating sites and customer support portals. When visiting the alleged firm’s websites, the researchers identified that the corporate sites either didn’t exist or had fake email addresses.
The sites, although operational, didn’t receive massive traffic and were ranked very low in Google Search results, as their motive wasn’t to lure individuals, but allegedly to serve as a money laundering gateway.
According to ReasonLabs cofounder and chief technology officer Andrew Newman, the domain structure and content of the websites were identical, indicating that were designed by automated tools. The customer support portals either use a fake identity or are created to impersonate real brands.
The biggest hurdle of the fraudulent scheme was the registration of these fake sites as payment acquirers with the processors, who would typically classify them as “high risk”. To avoid being blacklisted, these sites introduced a 24/7 support chat system and a working telephone line, outsourced to a genuine support center provider. The sites also included a toll-free number for users if they want to cancel their payments which typically is not available on fraudulent websites.
The researcher believes the scheme is operated from the middle of Europe or Russia, but the firm hasn't been able to fully verify the fraudsters' location.
Tens of millions of dollars siphoned
Once the legitimacy of the sites was approved, the scammers would tap into the pool of millions of stolen payment cards on the dark web (CC dumps), and charge them on the sites. The targeted cardholders were typically from the United States, but cards from French-speaking nations were also identified.
Small amounts were being charged from the cards through recurring payments, using generic names blending with the victims’ spending habits. In some cases, the scammers charge the users back via the integrated “cancel subscription” system to artificially lower the charge-back rate and make their business seem authentic.
By siphoning little amounts, this fraudulent scheme has been able to operate since 2019 without being discovered while generating tens of millions of dollars in revenue. The researchers randomly investigated several of the 275 fake websites, and unfortunately, they are all operating at the time of writing the article. Payment processors and law enforcement have reported the operation and are expected to take action soon.
