Feeds

Carders scam spammers

Philching

Providing a secure and efficient Helpdesk

Fraudsters who deal in stolen credit card data have devised a means to extract money from sponsors of junk mail campaigns.

Carders have signed up as affiliates to spam campaigns, but instead of sending out junk mail themselves they are using stolen credit card data to make purchases from the sponsors of spam campaigns, such as online pharmacies.

The carders earn a cut of these sales of anything between 40 to 50 per cent, the Washington Post's security blog reports, more than enough to make the scam1 viable.

But the sponsors of spam campaigns end up losing out because of charge backs generated when fraudulent purchases are identified. Higher incidents of charge-backs result in higher merchant fees while drawing the attention of banks and credit cards sponsors to dubious businesses. Far from benefiting from increased sales, spam sponsors end up losing out. In this way, card fraudsters are scamming the backers of spam.

Spam sponsors are complaining about been ripped off, a factor that allowed net security firm CipherTrust to identify the new ruse during the course of its work monitoring online spam and fraud forums.

"Basically, we're seeing the carders and phishers starting to look for other ways to make money and starting to discuss new methods of making profits from their scams," CipherTrust research scientist Dmitri Alperovitch said. ®

1 The scam doesn't have a name as yet, but it's surely only a matter of time before it finds a catchy moniker. Philching, pharding and pstinging are among the early suggestions...

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.