While many victims have linked their troubles to the recent CreditCards.com database heist, MSNBC.com has learned that a much larger heist may be responsible for the rash of fraud. According to a GartnerGroup analyst, computer intruders earlier this month made off with a database of 3 million credit cards.
Such a large heist would explain the flurry of fraud that has been reported to MSNBC.com in the past 24 hours. The analyst, Bill Malik, said he couldn't provide details about which companies were hacked, but he did describe an elaborate money-laundering scheme that was foiled by credit card companies. The criminals created a fake adult porn site and then had the site bill a $10 charge to each card, hoping the small fees wouldn't get noticed or victims would be too embarrassed to come forward.
"The idea was $10 doesn't attract a lot of attention," Malik said. However, after quickly netting some $30 million, credit card issuers discovered the scheme and recovered most of the money, Malik said. Visa International did not immediately respond to a request for an interview. The stolen card numbers appear to still be in circulation, Malik said, making their way through the Internet's underground. That means consumers will continue to discover fraudulent charges during the next several weeks, similar to the aftermath of last year's CD Universe credit card heist.
That process may have already begun, as reports of fraud have been trickling in to MSNBC.com for the past 24 hours. Meanwhile, credit card criminals apparently have a new strategy for laundering money from stolen cards: small charges, a few dollars at a time.
MSNBC.com research has revealed that for at least the past six months, hundreds and perhaps thousands of consumers have found charges between $5 and $25 billed to their credit cards. The laundering efforts appear to involve a group Russian telecommunications and Internet companies. Since July, Net users have widely complained about charges from companies named Skiftelecom, Incomtel, Global Telecom, and Inetplat. It was not immediately clear if the Russian firms were participants or victims of the scheme.
After initial e-mail contact, Inetplat didn't respond to a request for an interview. None of the others immediately replied to e-mail.
There has been a fresh flurry of charges-at least 100-billed this week by Global Telecom and Inetplat, which appear from their Web site to be the same company.
Because the CreditCards.com attacker was described as Russian, many victims suggested that recent incident may have led to the fraud. But most of the fraud victims were not in the CreditCards.com database, suggesting the incident Malik described may be the root of the recent fraud.
Even though the laundering attempt Malik described was thwarted, stolen credit card numbers are easily copied and often find their way around the Internet quickly.
About 100 eagle-eyed victims who are users of MyCoupons.com spotted fraudulent charges on their card statements recently, billed by Global Telecom or Inetplat. Most of the victims check their card statements daily.
"I've never had anything like that happen," said Angela Downing of Logan, Utah. " I've done extensive online shopping." A $5 charge to her card was authorized on Dec. 18. "It ticks me off."
Anna Lea Esposito of Comfort, Texas, was shocked to receive a bill on Saturday that included a charge of 275.32 rubles - about $10.20. "I would never make a charge for anything from Moscow, Russia," Esposito said. "And then when the gentleman at MasterCard did not even give me a hard time about the charge I was wondering what was up. I guess maybe they have gotten other calls similar to mine and it was just easier to send me a new card."
Many of the most recent set of victims visited IHateShopping.net to see if their personal information had been compromised in the CreditCards.com incident. IHateShopping has a link on the site that allows consumers to see if their card numbers were compromised in that heist. But IHateShopping president Harry Widdifield said many of the Russian charge victims who visited his site indicated they were not in the CreditCards.com database, suggesting they are victims from another heist.
It's not clear if the various flurries of Russia-based charges-Skiftelecom in the summer, Incomtel in October and Global Telecom/Inetplat this week-are linked, or merely copycat crimes. But at least one victim was burned in both incidents, suggesting a connection.
Lauren Bricker, a Seattle-based software consultant, had her first brush with a rogue Russian charge in July, when a $26.30 charge issued by Skiftelecom in Stavropol appeared on her bill. Then in August, a slightly smaller charge billed by Inetplat.com appeared.
"I've been doing research on this since it happened in July," she said. "People as far away as France had these charges on their card." She said one of her fellow victims had received a reply from Inetplat earlier this year after complaining. In the e-mail, the company was said to reply: "Possible your credit card data was stolen by hackers and used to enter one of the sites of our clients. We refund you all the money charged from your card within one week. Please do not make chargeback within this week."
Meanwhile, even today, victims have complained to MSNBC.com about new fake charges billed by Global Telecom/Inetplat. Patricia Fike of Baltimore started keeping track of complaints after her card was charged on Dec. 16-of the 60 or so complaints she found on a single bulletin board, nearly all the charges were between $5 and $20. She is frustrated that companies don't inform consumers when their private information has been compromised. "The secrecy thing really irks me. There's got to be a better way," she said. "I think if they went right to people and said what happened, said you have the option to cancel cards, this guy would profit a heck of a lot less. Forget the bad PR. You're going to get bad PR when it comes out anyway."
