ReasonLabs experts have uncovered an unusual malware scheme that has been running since 2019: carders used fake dating sites to steal and launder funds.
Also read our article: Signs you are dealing with an online scam.
According to the researchers, with his help, hackers stole millions of dollars from tens of thousands of victims. It turned out that the attackers operate a large network of over 200 fake dating and customer support sites, and use these resources to charge other people’s bank cards purchased on the dark web.
This campaign uses two types of domains: dating sites and customer support portals (the list of addresses can be found in the company report). If you try to visit the websites of the companies that allegedly own these fake resources, you will find that they either do not exist at all or use non-existent email addresses, such as [email protected]
fake dating sites
At the same time, dating and customer support sites seem viable, but receive almost no traffic, occupying low positions in Google Search results. The fact is that they do not exist to attract users, but to serve as channels for money laundering.
Reason Labs analysts write that all sites have the same HTML structure and almost the same content, so it seems that they were created using automatic tools. At the same time, fake customer support portals often use the names of non-existent organizations or try to look like real brands such as McAfeeReasonLabs and other companies.
It is also worth noting that the operators of this campaign seem to have gone to great lengths to prevent the 75 bogus support portals from being indexed by search engines by using the anti-crawler instructions in Robots.txt.
But the biggest challenge for attackers is registering these sites with payment processors, who usually classify them as “high risk” (even if it’s a legit resource) because of their high traffic rates. high chargebacks. In order not to be blacklisted, each site applies individually, because campaign operators are afraid of losing all resources at once if fraud is detected.
If the resources need to prove their legitimacy, all sites have a 24/7 chat with support and a working phone, outsourced to a real call center. Additionally, all sites list a toll-free number in case users want to reverse a payment, which scammers usually don’t offer.
Once the payment processor approves the request, hackers use millions of stolen payment cards purchased on the dark web and charge them through their fake websites. Most of the cards belong to residents of the United States, but there are also reports of hackers buying cards in French-speaking countries.
Site operators are very careful and try not to draw attention to themselves. They withdraw small amounts, use common names that can get lost among the victim’s other expenses, use recurring payments of the same amount, and avoid test transactions.
Payment page on one of the fraudulent sites
Moreover, in some cases hackers even reimburse the victims, making their transactions more authentic and making the chargeback ratio seems weak.
While many of the 275 fake sites are still up and running, ReasonLabs experts have already notified payment processors and law enforcement of their findings.
We have reported this scam to over a dozen parties involved in one way or another. These include Visa and MasterCardas well as many other services, including AWS, come on daddy, and various registrars. We have also alerted Fraud.orga National Consumer League nonprofit advocacy organization that shares consumer complaints with a network of more than 200 fraud and law enforcement partners.said specialists
You might also be interested in: 8 best practices to keep your Windows 10 computer secure in 2022.