Think cybercriminals are morally bankrupt? In fact, a few seem to be learning the value of philanthropy.
Security researchers at Symantec announced Friday, July 6, that they’d detected small transactions made with stolen credit card numbers, funneling money to some unexpected destinations: charities like Christian Aid, Islamic Relief and the Red Cross.
These cyberscammers aren’t suffering from pangs of conscience, says Zulfikar Ramzam, a senior principal researcher at Symantec. He speculates that the money transfers, which move only $5 or $10, are used to test whether stolen account information is still valid and usable.
Ramzam says that identity thieves frequently test credit card information by moving small sums of money, and banks have responded by scanning transactions records looking for unusual recipients of what look like test transactions. “Even a $5 transaction can raise eyebrows if it goes to someone the person has never done business with before, located in, say, Romania,” Ramzam says. “Small donations to charities are less suspicious, even if the donor has never made them before.”
Even if the charity test is performed on just a small fraction of stolen card numbers, the contributions could add up. The Federal Trade Commission recorded 670,000 cases of reported identity theft and fraud in 2006, 60% of which began with Internet solicitations. And corporate breaches spill millions of customers’ credit card information into the black market: A breach in January at the retailer TJ Maxx revealed the private financial data of more than 46 million customers, while Certegy Credit Systems, a branch of Fidelity National Information Services, announced last week that a former employee had stolen and sold customers’ data, exposing as many as 2.3 million accounts.
Given that Symantec’s researchers see the charity test as a growing trend, the tactic could mean significant sums of money moving into philanthropic coffers, if only in $5 and $10 increments.
Ramzam admits that the motivation for the donations is still a subject of speculation. “The mindset of these kind of attackers is always a bit of a mystery,” he says. “It could be that they’ve all suddenly become kindhearted. But I doubt it.”
Submitted by Reshadat [/html]