Home Money Fraudsters sign up to credit card skimming ‘subscription service’ for £80 a month

Fraudsters sign up to credit card skimming ‘subscription service’ for £80 a month

0 comments
Credit card theft: Criminals are using malware to harvest personal and card details, with an estimated 600,000 card details leaked on the dark web this way

Malware, or malicious software, has been revealed to be helping fuel a shady underworld of bank card theft on the dark web.

Criminals are selling software programs to other criminals that allow them to more easily collect personal card details from unsuspecting victims, often in exchange for “subscriptions” costing as little as £80 a month.

Scammers have also been stealing credit card details using this software, which they then bundle together and sell to other criminals on the dark web.

Details of more than 600,000 bank cards around the world have been leaked online in this way, a new report from cybersecurity firm NordVPN reveals.

And it’s not just card numbers that criminals steal. Worryingly, 99 percent of stolen card profiles also include additional data, such as the victim’s name, computer files and saved credentials, which can be used for other types of fraud.

Credit card theft: Criminals are using malware to harvest personal and card details, with an estimated 600,000 card details leaked on the dark web this way

How do criminals steal card data?

Malware is malicious software designed to infiltrate, damage, or exploit computer systems and networks.

Malware tools, which are often paid for by subscription, are used by criminals to steal information. They work like any other subscription service, in that the criminal pays a fee and receives access to various data-stealing features.

NordVPN cybersecurity expert Adrianus Warmehoven said: “Malware is often used as a weapon of mass infection because the results can spread on a large scale, even to relatively unskilled people.”

Malware-as-a-service is available for purchase for as little as £80 to £120 per month on specialist dark web marketplaces, often found on Telegram.

Malware vendors go the extra mile to help their customers, often providing detailed guidance, user guides, reviews, and dedicated forums where new users can get help.

Malware is readily available and relatively inexpensive to criminals of all technical abilities.

Adrianus Warmehoven from NordVPN

The malware of choice for criminals is called RedLine. Six out of ten payment cards were stolen using this malware, according to NordVPN.

RedLine is a sophisticated information-stealing program that emerged in March 2020 and quickly became the dominant malware during the pandemic.

Redline primarily infiltrates devices via phishing emails, exploiting weaknesses in other software programs, misleading advertisements, and compromised public USB ports.

Warmehoven said: “RedLine is one of the most popular malware-as-a-service tools globally and our research has found that it is being used by cybercriminals in the UK. It is an easily accessible and relatively inexpensive tool for criminals of all technical abilities.

‘The National Cyber ​​Security Centre, the UK’s national cybersecurity agency, identifies RedLine Stealer as a significant threat, highlighting its popularity and ease of use.

‘RedLine Stealer specifically targets login credentials, credit card information, and other sensitive data. This stolen information can then be directly used to make fraudulent online purchases, making it a valuable tool for CNP fraud.’

Targeted: Armed with someone's card details and phone number, a scammer can call someone and convince them they are calling from their bank.

Targeted: Armed with someone’s card details and phone number, a scammer can call someone and convince them they are calling from their bank.

Card data stolen via Redline is then put up for sale on various channels, including Telegram and dark web marketplaces.

Criminals can purchase these card details in bulk or individually, depending on the level of information available. Cards with additional information are in higher demand and are likely to sell out quickly.

Stolen data is sold and used at incredible speed, often within hours. Criminals know that the faster they exploit stolen payment card data, the greater the likelihood that their fraudulent transactions will be carried out.

Having someone’s credit card details can also enable other types of fraud. For example, if a fraudster had someone’s credit card details and phone number, they could call them and convince them that they are calling from their bank, before persuading them to transfer cash to them in an authorised automatic payment scam.

Which credit cards do scammers choose?

More than half of the 600,000 cards were Visa, a third were Mastercard, while 1 percent were American Express, NordVPN found.

All payment cards are at risk of theft, and Visa cards are the most likely to be stolen because more people use them.

A Visa spokesperson said: “Visa’s unwavering commitment to security has kept fraud at historic lows and our continued investment in fighting fraud and enhancing security delivers tremendous benefits to consumers and businesses.

‘We maintain active awareness of any cyber and fraud threats as we monitor the dark web, continually looking for indicators of attacks associated with such threats.

‘We work with our partners and customers globally to protect the network against a wide range of cyber and fraud threats. As part of this, we work closely with our client banks to educate and inform cardholders about the dangers of fraud and malicious actors is also a key part of this activity.

Mastercard is currently working with banks, fintech companies and merchants to phase out manual card entry for e-commerce in Europe by 2030, in favour of a single-click button that will work on any online platform.

It has created ‘tokenization’ as a way to protect customers’ card data, which replaces the 16- to 19-digit card number with a randomly generated one.

Instead of passing your actual 16-digit card number to a store, you pass a tokenized number that is unique to you, the transaction, and the merchant.

This makes any stolen card data effectively useless to hackers.

Mastercard now uses generative artificial intelligence to quickly detect when criminals are using stolen debit and credit card data.

Visa has also been using AI to analyze billions of historical banking transactions for signs of fraudulent activity.

SAVE MONEY, EARN MONEY

5.09% cash for Isa investors

Boosting investment

5.09% cash for Isa investors

Boosting investment

5.09% cash for Isa investors

Includes 0.88% bonus for one year

Cash Isa at 5.17%

Includes 0.88% bonus for one year

Cash Isa at 5.17%

Includes 0.88% bonus for one year

No account fees and free stock trading

Free stock offer

No account fees and free stock trading

Free stock offer

No account fees and free stock trading

You have 365 days' notice

5.78% savings

You have 365 days' notice

5.78% savings

You have 365 days’ notice

BT £50 Reward Card: £30.99 for 24 months

Fiber broadband

BT £50 Reward Card: £30.99 for 24 months

Fiber broadband

BT £50 Reward Card: £30.99 for 24 months

Affiliate links: If you purchase a product This is Money may earn a commission. These offers are chosen by our editorial team as we believe they are worth highlighting. This does not affect our editorial independence.

Some links in this article may be affiliate links. If you click on them we may earn a small commission. This helps us fund This Is Money and keep it free to use. We do not write articles to promote products. We do not allow any commercial relationships to affect our editorial independence.

You may also like