"Fake Sites Siphon Millions of Dollars in 3-Year Scam"

A subscription service scam has amassed millions of dollars in credit card charges by creating fake sites, staffing them with live customer support, and paying for "services" with stolen credit card accounts. ReasonLabs, an endpoint security firm, recently released an advisory stating that a Russian-speaking cybercrime group has created hundreds of fraudulent websites since 2019, most likely using third-party proxies, as well as dozens of business sites that serve as both a generic name for credit card charges and a hub for customer support calls. The fraudsters were able to keep chargeback requests low enough to avoid being shut down and continue profiting from the scam by using recurring charges small enough to escape many customers' notice. While the individual components of the scheme are not novel, the scheme as a whole managed to avoid credit card companies' fraud detection and generate millions of dollars in revenue. The three-year scam illustrates the resurgence of credit card fraud, particularly among businesses dealing with a hybrid workforce. According to a recent KPMG study, two-thirds of businesses experienced fraud in the previous year. Meanwhile, security experts have warned that third-party scripts on websites, which are part of the software supply chain, could be used to steal credentials and credit card information. In the latest credit card scam, cybercriminals created the right mix of components to avoid anti-fraud defenses and go unnoticed by consumers who do not always check their credit card bills. The campaign is still active, but ReasonLabs has notified the companies affected by the fraud in order to assist in shutting down the cybercriminal enterprise. This article continues to discuss the Russian crime syndicate stealing millions of dollars from credit card companies using fake sites across hundreds of domains.

Dark Reading reports "Fake Sites Siphon Millions of Dollars in 3-Year Scam"