A member of an elite Russian cybercrime community started a thread looking to find a reliable supplier of used and canceled credit cards. The requirement to have victims’ billing phone number for each record caught the attention of Flashpoint analysts.
It is not uncommon to see criminals purchasing “dead” or previously sold credit card records, only to be blended later with freshly compromised data and resold to other fraudsters at high market prices (similar to drug dealers who cut their product to increase profit). However, Flashpoint analysts have not yet noticed anyone requesting the corresponding billing phone number to be included.
Seemingly useless and bargain-priced data could prove to be a gold mine for a determined and resourceful fraudster. Source reporting indicates that one possible monetization scheme could be an SMS spear phishing attack against cardholders, executed as follows:
- Separate data by appropriate financial institution
- Register a separate toll free number for each financial institution
- Launch an SMS spamming campaign, urging credit card holders to confirm suspicious transactions by calling the toll free number
- A professionally recorded audio greeting, resembling legitimate financial organization, prompts users to input full credit card data and other personally identifiable information
Considering that the fraudster will be using the data obtained from already compromised records, aimed at previously victimized customers, and under the disguise of one’s financial organization, such a method may prove extremely successful at compromising recently reissued credit card information.
Financial organizations benefit by understanding how these schemes are hatched in the Deep & Dark Web. This knowledge better equips them to put in place preventative measures to protect the organization and its customers.