CHARLESTON, S.C.—How do cyber-thieves verify stolen credit and debit card data?
According to a new analysis by PhishLabs, by testing the cards on the websites of charities that accept card donations. PhishLabs said it has discovered an interactive bot script that enables cybercriminals to automate their card verification processes in a virtually undetectable way. PhishLabs said it found that the bot is programmed to automatically log on to online chat channels in search of instant messages containing payment card data. The company said it found that through a “selective invitation” process, certain hackers are invited to join a chatroom where they exchange information.
The bot resides in that chatroom. Once card data is submitted through chat, the bot parses the data and uses it to attempt a donation to a charity website that also has been infected by the bot. The bot then reports back to the hackers to let them know if the transaction was successful, PhishLabs said.
One analyst said the websites of charities and not-for-profits are targeted because they rarely challenge the donations they receive online.
Related links