Massive Multi-million Dollar Credit Card Fraud Attacked Tens of Thousands of Victims

In addition to the fake names that are used for the customer support portals, lots of the sites are designed to look like real brands, such as McAfee, ReasonLabs, and other renowned security companies.

A stronger effort has also been made by the operators to block search engines from indexing the 75 support portals that have been created. While the threat actors did so with the help of anti-crawler instructions that are provided in Robots.txt.

Domains Used

Here below we have mentioned all the domains used by the threat actors:-

• localblackmilfs[.]com
• dotprofiles[.]com
• weeklyprofile[.]com
• learnprofile[.]com
• profilesburg[.]com
• jadaparks[.]com
• asiangfsexbook[.]com
• lonelywifehookup[.]com
• lonelywifesexclub[.]com
• thinkprofile[.]com
• bbwgfsexbook[.]com
• milfaholic[.]com
• ratemylingerie[.]com
• milfaddicts[.]com
• rsxtrack[.]com
• members[.]bbwdesire[.]com
• nsadating[.]info
• gfucking[.]com
• 1upforsex[.]com
• blackcupidlovers[.]com
• affairluv[.]com
• amateurcougars[.]fr
• hotsinglesflirt[.]com
• milfbbws[.]com
• redirect[.]wister[.]biz
• mydategirls[.]com
• curvybbw[.]com
• mb102[.]com
• pornblogfest[.]com
• fatgalleries[.]com
• myblack[.]xxx
• xprofiles[.]me
• divorcedmeetups[.]com
• sexywifemeet[.]com
• naughtyflirters[.]com
• affairmates[.]com
• appcharges[.]com
• billerprotect[.]com
• divorcedcupidclub[.]com
• localebonydates[.]com
• bbwpassionlove[.]com
• ebonydatenite[.]com
• sitebiller[.]com
• wivesalone[.]com
• ezchrge[.]com
• payxai[.]com
• guardcharge[.]com
• scentofluv[.]com
• blackdatesearch[.]com
• chargetrust[.]com
• datingsweeties[.]com
• findlustpartners[.]com
• funflirting[.]com
• instcharge[.]com
• loveralert[.]com
• mylovesearch[.]com
• mylovemeeting[.]com
• perfectdatesearch[.]com
• sexywifematch[.]com
• singlemompassion[.]com
• thedatingtour[.]com
• fwbsex[.]com
• howtoprofile[.]com
• anytimeconnection[.]com
• connectioncompare[.]com
• ulust[.]com
• iheartbreaker[.]com
• mb01[.]com
• smashyourfriends[.]co[.]uk
• fbooksluts[.]com
• ebonygfsexbook[.]com
• blackcrush[.]com
• selfiebbws[.]com
• localmilfselfies[.]com
• members[.]blackcrush[.]com
• xfuks[.]com
• datingdiscreetly[.]me
• xtrackingnow[.]com
• exosuccess[.]com
• mobivids-xs[.]com
• vangchoor[.]net
• xmilfs[.]com
• naughtypinup[.]com
• sexybbwdates[.]com
• hardcorehotties[.]com
• mb103[.]com
• utahhobby[.]com
• mrandmissblack[.]com
• ebony-sexz[.]com
• sexbookdates[.]com
• blackcrushspot[.]com
• wivescupidclub[.]com
• blackdatingclubers[.]com
• meetbbwdates[.]com
• bbwsinglefun[.]com
• mommatchfinder[.]com
• affairthrill[.]com
• bbwhunt[.]com
• bigbeautifulfun[.]com
• firsttimeluv[.]com
• mylovealert[.]com
• divorcedandready[.]com
• ebonyhotdates[.]com
• surebiller[.]com
• 2heartstogether[.]com
• meetdivorcedmoms[.]com
• smrtbill[.]com
• myebonysingles[.]com
• trusterapp[.]com
• blacksexydaters[.]com
• clickdeliver[.]com
• findfunflirts[.]com
• flirtysinglesmatch[.]com
• hotflirtdates[.]com
• lonesomewives[.]com
• meethotloves[.]com
• mycupidmatch[.]com
• partnerspassion[.]com
• searchblacklove[.]com
• sexywifepassion[.]com
• techbiller[.]com
• teasingflirts[.]com
• choiceprofiles[.]com
• whatprofiles[.]com
• connectionmountain[.]com
• connectiontrophy[.]com
• affairalert[.]com
• xmeets[.]com
• planchaud[.]fr
• pinkselfies[.]com
• lustydesires[.]com
• dateprofits[.]com
• flirtbuddies[.]com
• teens1[.]net
• bangaroobabes[.]com[.]au
• blacksexhookups[.]com
• xshags[.]com
• nsadating[.]us
• exgfsexbook[.]com
• blackpornsites[.]com
• latinagfsexbook[.]com
• fuckingbbw[.]com
• xswipes[.]com
• spankmonkeytube[.]com
• localmilf[.]com
• allrealitypass[.]com
• milfaholic[.]in
• adulttrade[.]net
• mobile[.]xmeets[.]com
• secret-hookup[.]net
• xprofiles[.]us
• bbwdesire[.]com
• blackfuckfinder[.]com
• divorcedlover[.]com
• meetluvaffairs[.]com
• bbwsinglemingle[.]com
• acapitalsupport[.]com
• affairarrangment[.]com
• bbwflirters[.]com
• boldbbws[.]com
• localmilfmatch[.]com
• apluscharge[.]com
• ebonymeetups[.]com
• paynixx[.]com
• wifecupiddates[.]com
• affairattraction[.]com
• milfprowl[.]com
• soulmateluv[.]com
• billezza[.]com
• appbiller[.]com
• blacksweethearts[.]com
• cupidcuties[.]com
• findebonysingles[.]com
• friendsflirts[.]com
• hotloversmeet[.]com
• lonelywifehunt[.]com
• milfappeal[.]com
• mycupidsearch[.]com
• payocoin[.]com
• searchbbws[.]com
• singlesyingle[.]com
• support4dating[.]com
• yourheartmatch[.]com
• http://ZBMFEE[.]COM
• http://yisapp[.]COM
• http://WESTFEE[.]COM
• http://TwoFee[.]COM
• http://TOVABILL[.]COM
• http://TJXFEE[.]COM
• http://texxbill[.]COM
• http://TecroPay[.]COM
• http://SYNFEE[.]COM
• http://swxhelp[.]COM
• http://SURPLUSFEE[.]COM
• http://stebill[.]COM
• http://SECURECARTE[.]COM
• http://Safeonic[.]COM
• http://RokFee[.]COM
• http://RocoFee[.]COM
• http://REDZOFEE[.]COM
• http://Reddfee[.]COM
• http://RADIFEE[.]COM
• http://PRVTRUST[.]COM
• http://PRVFEE[.]COM
• http://PIXEBILL[.]COM
• http://PEAKBILL[.]COM
• http://PAYECLIK[.]COM
• http://PALOBILL[.]COM
• http://PAKFEE[.]COM
• http://OPTBILL[.]COM
• http://OLYMBILL[.]COM
• http://NOBELFEE[.]COM
• http://Netifee[.]COM
• http://MTCHPAY[.]COM
• http://MOBEBILL[.]COM
• http://micofee[.]COM
• http://MEDEFEE[.]COM
• http://MaxiFee[.]COM
• http://LeveBill[.]COM
• http://JETTFEE[.]COM
• http://ITEKBILL[.]COM
• http://irobill[.]COM
• http://INTECBILL[.]COM
• http://INETFEE[.]COM
• http://IDATABILL
• http://IBILLSTATS[.]COM
• http://hzatek[.]COM
• http://HEZABILL[.]COM
• http://GUARDBILLER[.]COM
• http://gteztech[.]COM
• http://GOTOFEE[.]COM
• http://GIGACLIK[.]COM
• http://EZCHRGE[.]COM
• http://EVOFEE[.]COM
• http://ESTARFEE[.]COM
• http://EPALFEE[.]COM
• http://ENNZTECH[.]COM
• http://EEZFEE[.]COM
• http://DTGPAY[.]COM
• http://DTAFORM[.]COM
• http://CryoFee[.]COM
• http://ClasBill[.]COM
• http://cerufee[.]COM
• http://CEBEFEE[.]COM
• http://BYTEFEE[.]COM
• http://bqibill[.]COM
• http://bpobill[.]COM
• http://BBTFEE[.]COM
• http://ayobill[.]COM
• http://AXPFEE[.]COM
• http://AWXCARD[.]COM
• http://ARGOSBILL[.]COM
• http://AresFee[.]COM
• http://APPCHARG[.]COM
• http://ABILLPRO[.]COM
• http://ABAFEE[.]COM

The following website provides a platform for affiliate management for all these fake websites. 

https://dateprofits[.]com/

But, the shocking thing is that this is also a fake website that claims to be a referral program.

Many of these websites have barely any traffic, but, a few do manage to attract some visitors on a regular basis. The number of unique visitors they receive on a monthly basis is just 34K.

It’s strange that they have exceptional performance with exactly 11 pages viewed per visitor and an average visit time of 13 minutes.

Additionally, the unique visitors to the scam website are all from different parts of the world. However, they receive more than 95% of their traffic from the United States.

Payment Processing and Execution

Registering these sites with processors as payment acquirers poses the biggest challenge for the operation. Therefore, these merchants are usually categorized by the processor as being of “high risk”, even though the chargeback rate for merchants in this category is highly elevated.

In terms of proving their legitimacy, all sites provide a 24/7 support chat and number which you can use to get in touch with them.

There are millions of stolen credit cards available on the dark web, so once the payment processors have approved them, the operators can charge those stolen credit cards with the help of fraudulent websites.

A user can charge either via an API or by manually entering the information into the system. Site operators take care to not trigger anti-fraud alarms as well as prolonging the time before the victim becomes aware.

However, to avoid such a situation, cybersecurity experts have recommended users check their billing statements. In this way, users can identify if there are any suspicious charges, and contact the bank to prohibit further exploitation.

The Rise of Remote Workers: A Checklist for Securing Your Network – Download Free E-Book