The European Cybercrime Centre has again acted against credit card fraud and is poised to reveal success on a similar scale to its 2020 campaign that prevented €40 million of losses.
Jorge Rosal Cosano, a team leader at the European Cybercrime Centre (EC3), today told CyberCrimeCon 21 – an event convened by threat-hunting and security software company Group-IB – that 2021 has seen an increase in denial-of-service attacks accompanied by ransom demands. Another very 2021 attack is phishing that fakes messages from parcel delivery firms.
Credit card fraud has also persisted, with crims conducting ongoing campaigns to acquire card numbers and use them to make unauthorised purchases. Cosano related how EC3 resolved to reduce the impact of carding by trying to find card numbers before they’re used so the Centre can inform banks and victims as soon as possible.
Carders know they need to protect the haul of card numbers obtained from e-shops with shoddy security, so much of the data they store is masked to hide the fact it records credit card numbers. Cosano said Group-IB helped to find masked data.
Finding the point at which cards are compromised is another focus of the EC3’s now-annual “carding action”. Cosano said that can be accomplished by letting JavaScript sniffers and other tools loose on e-commerce providers to detect those whose systems are open to attack.
Sometimes, a popped shop still has unmasked data available for EC3 to view.
However the data is obtained, Cosano said this year’s campaign has again delivered strong results. 2020’s effort saw 90,000 pieces of card data analysed and €40m of losses prevented, and Cosano predicted “We hope to have similar results in coming days.”
Group I-B has already claimed it helped a three-month campaign that avoided €14 million of losses for European banks. ®