The cybersecurity analysts at ReasonLabs have recently identified a massive operation that has been exploiting credit card data since its launch in 2019 and has siphoned millions of dollars from it.
The massive operation is believed to be responsible for the losses of tens of thousands of people. A large number of bogus dating and customer support websites were operated by operators of these websites, which were believed to originate from Russia.
In order to take advantage of the credit cards purchased from the dark web, threat actors use all these fraudulent websites to charge them.
By doing so, the charges will appear legitimate in the eyes of the public. As a result of fraudulent transactions on the websites, they are unable to approve the return of funds quickly. Due to these activities, the crime cartel responsible for these operations is enriching itself through increased profits.
Global Credit Card Scam
As a basis for this operation, there are two types of domains that are utilized by the threat actors, which are as follows:-
- Dating sites
- Customer support portals
It must be noted that a number of these alleged dating sites, as well as the websites for the organizations who ran them, had no existence and their e-mail addresses had been deleted or they also do not exist.
While some of these are working, but they do not receive any real traffic and cannot be found on Google easily. The maximum number of these fake websites appear to have been created automatically with the help of any automated tool, and this can be confirmed by their identical HTML structure and content.
In addition to the fake names that are used for the customer support portals, lots of the sites are designed to look like real brands, such as McAfee, ReasonLabs, and other renowned security companies.
A stronger effort has also been made by the operators to block search engines from indexing the 75 support portals that have been created. While the threat actors did so with the help of anti-crawler instructions that are provided in Robots.txt.
Domains Used
Here below we have mentioned all the domains used by the threat actors:-
- localblackmilfs[.]com
- dotprofiles[.]com
- weeklyprofile[.]com
- learnprofile[.]com
- profilesburg[.]com
- jadaparks[.]com
- asiangfsexbook[.]com
- lonelywifehookup[.]com
- lonelywifesexclub[.]com
- thinkprofile[.]com
- bbwgfsexbook[.]com
- milfaholic[.]com
- ratemylingerie[.]com
- milfaddicts[.]com
- rsxtrack[.]com
- members[.]bbwdesire[.]com
- nsadating[.]info
- gfucking[.]com
- 1upforsex[.]com
- blackcupidlovers[.]com
- affairluv[.]com
- amateurcougars[.]fr
- hotsinglesflirt[.]com
- milfbbws[.]com
- redirect[.]wister[.]biz
- mydategirls[.]com
- curvybbw[.]com
- mb102[.]com
- pornblogfest[.]com
- fatgalleries[.]com
- myblack[.]xxx
- xprofiles[.]me
- divorcedmeetups[.]com
- sexywifemeet[.]com
- naughtyflirters[.]com
- affairmates[.]com
- appcharges[.]com
- billerprotect[.]com
- divorcedcupidclub[.]com
- localebonydates[.]com
- bbwpassionlove[.]com
- ebonydatenite[.]com
- sitebiller[.]com
- wivesalone[.]com
- ezchrge[.]com
- payxai[.]com
- guardcharge[.]com
- scentofluv[.]com
- blackdatesearch[.]com
- chargetrust[.]com
- datingsweeties[.]com
- findlustpartners[.]com
- funflirting[.]com
- instcharge[.]com
- loveralert[.]com
- mylovesearch[.]com
- mylovemeeting[.]com
- perfectdatesearch[.]com
- sexywifematch[.]com
- singlemompassion[.]com
- thedatingtour[.]com
- fwbsex[.]com
- howtoprofile[.]com
- anytimeconnection[.]com
- connectioncompare[.]com
- ulust[.]com
- iheartbreaker[.]com
- mb01[.]com
- smashyourfriends[.]co[.]uk
- fbooksluts[.]com
- ebonygfsexbook[.]com
- blackcrush[.]com
- selfiebbws[.]com
- localmilfselfies[.]com
- members[.]blackcrush[.]com
- xfuks[.]com
- datingdiscreetly[.]me
- xtrackingnow[.]com
- exosuccess[.]com
- mobivids-xs[.]com
- vangchoor[.]net
- xmilfs[.]com
- naughtypinup[.]com
- sexybbwdates[.]com
- hardcorehotties[.]com
- mb103[.]com
- utahhobby[.]com
- mrandmissblack[.]com
- ebony-sexz[.]com
- sexbookdates[.]com
- blackcrushspot[.]com
- wivescupidclub[.]com
- blackdatingclubers[.]com
- meetbbwdates[.]com
- bbwsinglefun[.]com
- mommatchfinder[.]com
- affairthrill[.]com
- bbwhunt[.]com
- bigbeautifulfun[.]com
- firsttimeluv[.]com
- mylovealert[.]com
- divorcedandready[.]com
- ebonyhotdates[.]com
- surebiller[.]com
- 2heartstogether[.]com
- meetdivorcedmoms[.]com
- smrtbill[.]com
- myebonysingles[.]com
- trusterapp[.]com
- blacksexydaters[.]com
- clickdeliver[.]com
- findfunflirts[.]com
- flirtysinglesmatch[.]com
- hotflirtdates[.]com
- lonesomewives[.]com
- meethotloves[.]com
- mycupidmatch[.]com
- partnerspassion[.]com
- searchblacklove[.]com
- sexywifepassion[.]com
- techbiller[.]com
- teasingflirts[.]com
- choiceprofiles[.]com
- whatprofiles[.]com
- connectionmountain[.]com
- connectiontrophy[.]com
- affairalert[.]com
- xmeets[.]com
- planchaud[.]fr
- pinkselfies[.]com
- lustydesires[.]com
- dateprofits[.]com
- flirtbuddies[.]com
- teens1[.]net
- bangaroobabes[.]com[.]au
- blacksexhookups[.]com
- xshags[.]com
- nsadating[.]us
- exgfsexbook[.]com
- blackpornsites[.]com
- latinagfsexbook[.]com
- fuckingbbw[.]com
- xswipes[.]com
- spankmonkeytube[.]com
- localmilf[.]com
- allrealitypass[.]com
- milfaholic[.]in
- adulttrade[.]net
- mobile[.]xmeets[.]com
- secret-hookup[.]net
- xprofiles[.]us
- bbwdesire[.]com
- blackfuckfinder[.]com
- divorcedlover[.]com
- meetluvaffairs[.]com
- bbwsinglemingle[.]com
- acapitalsupport[.]com
- affairarrangment[.]com
- bbwflirters[.]com
- boldbbws[.]com
- localmilfmatch[.]com
- apluscharge[.]com
- ebonymeetups[.]com
- paynixx[.]com
- wifecupiddates[.]com
- affairattraction[.]com
- milfprowl[.]com
- soulmateluv[.]com
- billezza[.]com
- appbiller[.]com
- blacksweethearts[.]com
- cupidcuties[.]com
- findebonysingles[.]com
- friendsflirts[.]com
- hotloversmeet[.]com
- lonelywifehunt[.]com
- milfappeal[.]com
- mycupidsearch[.]com
- payocoin[.]com
- searchbbws[.]com
- singlesyingle[.]com
- support4dating[.]com
- yourheartmatch[.]com
- http://ZBMFEE[.]COM
- http://yisapp[.]COM
- http://WESTFEE[.]COM
- http://TwoFee[.]COM
- http://TOVABILL[.]COM
- http://TJXFEE[.]COM
- http://texxbill[.]COM
- http://TecroPay[.]COM
- http://SYNFEE[.]COM
- http://swxhelp[.]COM
- http://SURPLUSFEE[.]COM
- http://stebill[.]COM
- http://SECURECARTE[.]COM
- http://Safeonic[.]COM
- http://RokFee[.]COM
- http://RocoFee[.]COM
- http://REDZOFEE[.]COM
- http://Reddfee[.]COM
- http://RADIFEE[.]COM
- http://PRVTRUST[.]COM
- http://PRVFEE[.]COM
- http://PIXEBILL[.]COM
- http://PEAKBILL[.]COM
- http://PAYECLIK[.]COM
- http://PALOBILL[.]COM
- http://PAKFEE[.]COM
- http://OPTBILL[.]COM
- http://OLYMBILL[.]COM
- http://NOBELFEE[.]COM
- http://Netifee[.]COM
- http://MTCHPAY[.]COM
- http://MOBEBILL[.]COM
- http://micofee[.]COM
- http://MEDEFEE[.]COM
- http://MaxiFee[.]COM
- http://LeveBill[.]COM
- http://JETTFEE[.]COM
- http://ITEKBILL[.]COM
- http://irobill[.]COM
- http://INTECBILL[.]COM
- http://INETFEE[.]COM
- http://IDATABILL
- http://IBILLSTATS[.]COM
- http://hzatek[.]COM
- http://HEZABILL[.]COM
- http://GUARDBILLER[.]COM
- http://gteztech[.]COM
- http://GOTOFEE[.]COM
- http://GIGACLIK[.]COM
- http://EZCHRGE[.]COM
- http://EVOFEE[.]COM
- http://ESTARFEE[.]COM
- http://EPALFEE[.]COM
- http://ENNZTECH[.]COM
- http://EEZFEE[.]COM
- http://DTGPAY[.]COM
- http://DTAFORM[.]COM
- http://CryoFee[.]COM
- http://ClasBill[.]COM
- http://cerufee[.]COM
- http://CEBEFEE[.]COM
- http://BYTEFEE[.]COM
- http://bqibill[.]COM
- http://bpobill[.]COM
- http://BBTFEE[.]COM
- http://ayobill[.]COM
- http://AXPFEE[.]COM
- http://AWXCARD[.]COM
- http://ARGOSBILL[.]COM
- http://AresFee[.]COM
- http://APPCHARG[.]COM
- http://ABILLPRO[.]COM
- http://ABAFEE[.]COM
The following website provides a platform for affiliate management for all these fake websites.
https://dateprofits[.]com/
But, the shocking thing is that this is also a fake website that claims to be a referral program.
Many of these websites have barely any traffic, but, a few do manage to attract some visitors on a regular basis. The number of unique visitors they receive on a monthly basis is just 34K.
It’s strange that they have exceptional performance with exactly 11 pages viewed per visitor and an average visit time of 13 minutes.
Additionally, the unique visitors to the scam website are all from different parts of the world. However, they receive more than 95% of their traffic from the United States.
Payment Processing and Execution
Registering these sites with processors as payment acquirers poses the biggest challenge for the operation. Therefore, these merchants are usually categorized by the processor as being of “high risk”, even though the chargeback rate for merchants in this category is highly elevated.
In terms of proving their legitimacy, all sites provide a 24/7 support chat and number which you can use to get in touch with them.
There are millions of stolen credit cards available on the dark web, so once the payment processors have approved them, the operators can charge those stolen credit cards with the help of fraudulent websites.
A user can charge either via an API or by manually entering the information into the system. Site operators take care to not trigger anti-fraud alarms as well as prolonging the time before the victim becomes aware.
However, to avoid such a situation, cybersecurity experts have recommended users check their billing statements. In this way, users can identify if there are any suspicious charges, and contact the bank to prohibit further exploitation.
The Rise of Remote Workers: A Checklist for Securing Your Network – Download Free E-Book