Fraud Service Uses Charity Websites to Validate Stolen Credit Card Data

Userlevel 7
Badge +48
By Eduard Kovacs on November 24, 2014 Cybercriminals who specialize in payment card fraud can verify the validity of stolen data by using an automated tool which conducts transactions on the websites of non-profit organizations, researchers at PhishLabs reported on Friday.
The card data verification service relies on a bot developed in the Perl programming language and an IRC channel. Fraudsters can use the IRC channel to communicate with each other, while the verification process takes place via private messages.
Once they log in to the IRC channel, cybercrooks must simply send a private message containing credit card numbers, cardholder names, and expiration dates to a moderator by using a special input syntax. The bot monitors messages and when the specific syntax is identified, and then conducts a transaction on the website of a charity or a non-profit organization. The fraudsters are then provided with transaction details from which they can learn if the stolen card data is valid, researchers said.
Full Article

0 replies

Be the first to reply!


    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept or continue browsing you agree to our cookie policy. Learn more about our cookies.

    Accept cookies Cookie settings