Cybercrime , Cybercrime as-a-service , Fraud Management & Cybercrime
EU Law Enforcement Prevents $47.5 Million in Payment Fraud
Europol, Group IB Analyzed 90,000 Pieces of Card Data During the 3-Month-Long OperationAn operation led by law enforcement agencies in Italy and Hungary and supported by Europol prevented payment fraud losses of $47.5 million by targeting fraudsters who were selling stolen card data on darknet websites known as card shops.
See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk
Europol, the EU's law enforcement intelligence agency, said in a Thursday statement that the fraudsters were identified during a three-month-long operation called Carding Action 2020 that set out to disrupt card-skimming attacks against financial institutions and cardholders in the EU. Europol's role included coordinating the information exchange between law enforcement authorities and partners from the private sector and providing "operational analysis on large volumes of data and supported with expertise in the field of payment card fraud," the agency said.
During the course of the operation, the law enforcement agencies analyzed about 90,000 pieces of card data that enabled them to block attacks that could have resulted in losses of about $47.5 million, Europol says. This data was obtained and analyzed using Group-IB's "Threat Intelligence and Attribution system from unique non-public sources, such as botnet and JS-sniffer infrastructure, as well as underground card shops and marketplaces," the security firm says.
The losses prevented were estimated by looking at the unique cards that were "detected and flagged by Group-IB and multiplied by the average spend on those cards," Group-IB says.
"Cybercriminals can attack us in different ways and this requires a robust response not only from law enforcement but also from the private sector," Edvardas Šileris, head of Europol’s European Cybercrime Center, notes. "With [$47.5 million] in losses prevented, Carding Action 2020 is a great example of how sharing information between private industries and law enforcement authorities is key in combating the rising trend of e-skimming and preventing criminals from profiting on the back of EU citizens," he adds.
Card-not-present fraud continues to increase as criminals now use e-skimming to target victims in different sectors, EC3 noted in its recent report on internet-based organized crimes (see: Cybercrime: 12 Top Tactics and Trends).
This rise is fueled by a wealth of readily available data, as well as a cybercrime-as-a-service community - making it easier for criminals to carry out highly targeted attacks, as well as to cash out stolen data, including payment card details.
In addition to e-skimming, business email fraud, phishing and other financial fraud are prevalent across the EU, the report said.
In response to rising payment fraud threats, law enforcement agencies in Europe and the U.S. have been increasingly clamping down on cybercriminals and their activities.
On Thursday, Interpol busted a massive Nigerian business email compromise gang that was active across more than 150 countries and targeted over 500,000 organizations across the world (see: Interpol Busts Massive Nigerian BEC Gang).
Earlier this year, Interpol's Cyber Capability Desk, backed by U.S. and European law enforcement agencies, arrested three suspected members of an e-commerce hacking crew that employed JavaScript attack code to steal customer and payment card data. The gang allegedly injected a code known as GetBilling into targeted websites. (see: Police Bust 3 Suspected Magecart Hackers in Indonesia)
Skimming Attacks
Magecart, an umbrella name for a group of cybercriminal gangs that conduct e-skimming attacks, has been active globally. The group is known to plant JavaScript skimmers, also known as JavaScript sniffers, or JS sniffers, on dozens of retail and e-commerce sites to steal payment card data. (see: Magecart Group Hits Small Businesses With Updated Skimmer)
Noted Magecart victims include British Airways, Ticketmaster and Newegg. The group is also known to update its e-skimming toolsets to target new victims (see: Magecart Group Continues Targeting E-Commerce Sites).
This month, researchers at security firm RiskIQ said Magecart has co-opted a new skimmer variant into its attack arsenals (see: Grelos Skimmer Variant Co-Opts Magecart Infrastructure).