I came across something intriguing while performing page reviews, an important exercise we in the RiskIQ Research team undertake to train our machine-learning model. Take a look at the site below called "ABN Dumps," which gives free tutorials on how to steal credit card data and offers to buy the resulting CVV dumps from its trainees. CVV dumps are the raw information collected from credit cards' magnetic strips, which can be stolen via skimming, a point-of-sale device infected with malware, or a data breach.
Apparently, the site is for “educational purposes only” and doesn’t “condone any illegal activity.” They do, however, strongly encourage it:
The business model employed by this site is interesting, and so is the terminology it uses: CVV Dumps, Rippers, Cashiers—we’ve seen some of this language used by scammers before. This type of fraud has given way to an entire underground economy of commoditized stolen credit card information, which uses this jargon.
According to our PassiveTotal data, the domain has been around since at least 2014. It comes complete with a list of “trustworthy” cashiers, or folks who pay for CVV dumps. For example, here’s contact info for a “cashier” known as Maywell, who’s very “honest and reasonable”:
But beware! Not all credit card fraudsters are honest, virtuous people. “Rippers,” or those who rip off cashiers by claiming to have a juicy CVV dump only to take the money and run, are apparently using ABN Dumps’ sterling reputation to build their ill-gotten fortunes. To prevent these acts of fraud against the fraudulent, ABN Dumps has offered a direct line of communication; a red phone if you will.
The creator of ABN Dumps is using an instant messenger service called ICQ, which is owned by the Russian company, Mail.Ru, as well as a mail.ru email suggesting the operation is based out of the Russian Federation:
Along with reliable cashiers, the site also hosts an index of known rippers. Fraud not your fellow fraudsters, lest you end up on the “Ripper List”:
The site seemingly covers all aspects of a credit card purchase/sale operation. There’s a page outlining the terms a buyer should use, how much they should pay, what services they should provide, and the benefits of a no-refund policy. There’s even a page of tutorials explaining how to get into the business of buying and selling CVV dumps, such as how to:
- Vet buyers (gotta make sure they’re not rippers)
- Defeat the different types of credit card security checks, such as Verified by Visa (VBV) and Mastercard Secure (MCSC)
- What you need to successfully use a dump, which is an incredibly extensive and detailed section (although the newest post is from 2015, so the info may be stale)
Being the inquisitive sort, I started checking what else I could find from the info on PassiveTotal and Googling bits of information on the various ABN Dumps pages. PassiveTotal pointed me towards carder007[dot]pro, which is similar to ABN Dumps regarding page content, only with sweet green cat eyes and black wings in the banner:
This site tries to run Paypal scams that are very similar to RDC scams we’ve previously discussed:
Not surprisingly, the owner of this site is well aware of the dealings of ABN Dumps, our virtuous scam guru. A quick Google search of the contact info ABN Dumps provided immediately turned up this:
Wow. So what’s the moral of this story? Is it that there's no honor amongst thieves? Never trust anyone on the internet? Always train your machine learning model? Pick one. Meanwhile, I’ve got to get back to doing more page reviews to make sure we catch stuff like this.
The RiskIQ Intelligence Connector for Microsoft Azure Sentinel Is the Context-Rich Force Multiplier Security Teams Need
Digital initiatives have changed the enterprise attack surface and how organizations appear online, both to users and malicious actors. Meanwhile, the threat landscape has evo...