+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Scammers are using stolen credit card data to set up fake websites that charge a small monthly fee that you may never notice. Here's how to protect yourself.

Sep 28, 2022, 20:30 IST
Business Insider
Examples of fake websites set up by the scammersReasonLabs
  • Researchers have uncovered a widespread credit card scheme that has gone undetected since 2019.
  • Amazon Web Services, Mastercard, and Visa could potentially be unknowingly participating in the scheme, the firm says.
Advertisement

Cybersecurity researchers say they have uncovered a massive, multi-million dollar credit card scheme, and major companies like Amazon Web Services, Mastercard, and Visa are all potentially unwitting participants.

Consumer-facing cybersecurity firm ReasonLabs exposed the scheme, which they said has flown under the radar for years by charging small enough monthly subscription fees for generic-sounding services to go undetected by scores of victims in the US.

ReasonLabs says the scam has been operating without notice since 2019 and has reaped fraudsters between $10 million to $50 million per year.

How the scheme works

The operation appears to have gone undiscovered largely due to its complexity. Scammers allegedly created a network of more than 200 fake dating and adult websites that are functional but have no real users or website traffic, ReasonLabs said.

The firm says these cybercriminals used hundreds of stolen credit card numbers, likely purchased from the dark web, and charged the cards monthly. Typical of many sites in the adult dating industry, the charges showed up on credit card bills with generic or official-sounding names, obscuring their origin.

Advertisement

The charges usually range from $29.95 to $49.95, ReasonLabs cofounder and chief technology officer Andrew Newman, told Insider.

In addition to the adult dating sites, the fraudsters allegedly set up a network of functional customer support sites to service complaints and issue legitimate refunds. Newman said the scammers processed refunds in order to avoid raising alarm bells with legitimate credit card companies.

He says he believes the scheme is operated from the middle of Europe or Russia, but the firm hasn't been able to fully verify the scammers' location.

Big companies' involvement

ReasonLabs says a number of major companies are unwittingly implicated in the ongoing scheme, including Amazon Web Services, Visa, Mastercard, and GoDaddy.

"We reached out to all the companies involved, so we were able to understand who was doing the hosting, who is doing all the domain registration. To date, not a single company returned or responded," Newman said.

Advertisement

He said ReasonLabs' next step would be to contact authorities via Fraud.org, a nonprofit that shares consumer complaints with law enforcement partners.

AWS told Insider it received the email from ReasonLabs, but it did not provide sufficient details about the alleged misuse of AWS services to investigate the matter. AWS says it has requested additional information from ReasonLabs but has yet to receive a response.

GoDaddy told Insider it is looking into the issue, and MasterCard said it doesn't have a record of being contacted regarding the scheme.

Visa did not immediately respond to comment.

How to protect yourself

"For this particular scam, what's crazy about it is there's really very little protection in the way of technology," said Newman.

Advertisement

"Something we preach all the time is really just education. If you see something odd, make sure you do something about it because it's not going to go away on its own," he added.

He advised people to be proactive about analyzing their credit card statements for unfamiliar charges. If people suspect a charge is fraudulent, they should contact their credit card companies directly because the companies can open internal investigations, Newman said.

"If you see something odd, make sure you do something about it because it's not going to go away on its own," he warned.

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article