To Catch a Credit Card Thief: The Dark Web, Scams, and Protecting Yourself
A bleary-eyed teenager in a country halfway around the world stares at a computer screen, considering a list of products. He selects one, paying $50 USD. A few minutes later, he opens the digital package, copies down numbers, and pastes them into another window — eBay. He buys an Amazon gift card.
How do credit card thieves get caught? How does your credit card number get on the black market? What do you do when faced with credit card theft? Let’s peel back the veil over the criminal underworld, and what you can do to protect yourself.
The Deep, Dark Web
There’s quite a few ways your credit card can be hacked or stolen. In any case, once stolen, your credit card details will likely end up somewhere in the deep web. In general, this refers to the part of the internet that can’t be accessed with a simple Google search — due to not being listed in Google — or hidden even further on a .onion site. Rather than using a conventional .com, .onion sites can only be accessed with special programs, like Tor, which functions as a normal browser, but is encrypted and passed through multiple proxy computers to hide both the start and end points.
These hidden sites – whether hidden as a “.onion” or just not listed on Google — make up the majority of the internet. Equifax likens the deep web to an iceberg, where the average user only sees the tip, not the massive chunk under the water. While many of these sites are lost and forgotten, some are fairly active. Part of the deep web is the dark web — a hive of criminal activity, where stolen goods like credit cards are exchanged with narcotics, weapons, and more.
While file sharing and leaked data make up the bulk of what can be found, financial fraud makes up about 12 percent of dark web sites.
On these forums and marketplaces, credit cards are sold individually or in bulk, depending on the perceived value of the card. A card with a low limit might go for $1, while high limits can start at $15. If enough information about the card is known, and it’s a higher limit, a single card could go for $100. Bulk lists of credit card numbers, usually from a hacked retailer, are worth less, as the numbers may or may not already be reported to lenders and thus useless to criminals.
The numbers are bought, and it’s time to make money off a credit card theft. Usually, this comes in the form of gift cards, or actual items.
First, the Mule Scam. Have you seen signs along the lines of, “Work from home for $2,500 a week!” on the roadside? This is one of the many possible outcomes. You are told all you have to do is accept packages, unbox them, rebox the contents with a pre-printed address, and ship out the new package. Easy money, right? Not quite.
The items have been purchased with stolen money, which means you just accepted stolen goods. You are obscuring where the stolen goods are going. As security researcher Brian Krebs points out, electronics in Russia can go for 30 to 50 percent markup, meaning the scammers get even more money out of the deal.
The scammer bought a card number for $10, bought an iPad at no cost to them, paid for shipping, and then sold the iPad in Russia at a premium, netting $700. At the end of the month, when you expect to be paid for your work-at-home reshipping job, you get nothing. You are “burned” and the company you “worked for” doesn’t exist. They’ve moved on to the next person who answered the ad.
Or, the item is reshipped to a neighborhood with foreclosed homes. Often, addresses are rotated, so the same foreclosed house is rarely used twice. The scammer drives around until they find the right foreclosed house, unoccupied, unmonitored, and picks up the package. They may spend money to fill up on gas consumed driving around a city, but they’ll make more than they spend in items bought with a stolen card.
Reshipping isn’t the only scam, of course. There’s the triangulation scam, which uses eBay and other retailers; or even just printing blank cards with your credit card’s information. For some scammers around the world, it’s a lucrative business. But, it’s a huge risk of possibly getting caught.
How can you catch someone using your credit card? Chances are, you won’t. You might catch a big purchase if you closely monitor your credit card bills, but with smaller purchases, it could slip right through.
That’s where computers come in. Neural nets are used by lenders to profile you as a consumer, and it’s more than just making a purchase far away from where you live. What you buy, how you buy, even how you type in information to an e-merchant’s site can all be factored in.
When the lenders computer system notices activity that doesn’t follow your normal habits, it can send you a text message, asking if it really was you. There are false positives; for every actual case of fraud caught, about 5 or 6 people are alerted to purchases they did make.
It’s easier to catch the actual fraud than the fraudster. The person behind the crime is probably hidden with multiple layers of encryption, proxies, and mules. They will disappear, using false names.
If they use the card in person, it’s possible to catch them on camera and build a case. Cybercriminals, however, are much harder to find.
If you do discover fraudulent charges, the Federal Trade Commission (FTC) can guide you through the steps for reporting to your lender, as well as helping you with identity theft, which can also result from a stolen credit card. You can set up fraud alerts, which can be sent by text message to your phone, instantly alerting you. It’s important to call your lender as soon as possible, to get the process started. You will probably get a chargeback to the merchant, refunding your money, or just refunding the money to your bank, and your lender will issue you a new card.
Be careful on the internet — even Amazon is susceptible to hacking. Check over your credit card statements regularly, and remain vigilant.
Image source: https://pixabay.com/
Cole Mayer is an online marketing specialist and corporate blog writer. A former newspaper journalist, he spends his free time freelance writing, playing video games, and learning about every subject under the sun. Follow Cole on Twitter: @ColeMayer42
This post was updated April 17, 2017. It was originally published April 13, 2017.