The following excerpt is taken from an original article published by Brian Krebs on his KrebsOnSecurity blog. The article details a massive internet based credit card scam affecting possibly thousands of consumers.
It is a complex scenario yet ultimately enlightening read which clearly displays Brian’s investigative skills as he digs deeper and deeper to get to the heart of the matter:
Over the holidays, I heard from a number of readers who were seeing strange, unauthorized charges showing up on their credit and debit cards for $9.84. Many wondered whether this was the result of the Target breach; I suppose I asked for this, having repeatedly advised readers to keep a close eye on their bank statements for bogus transactions. It’s still not clear how consumers’ card numbers are being stolen here, but the fraud appears to stem from an elaborate network of affiliate schemes that stretch from Cyprus to India and the United Kingdom.
One reader said the $9.84 charge on her card came with a notation stating the site responsible was eetsac.com. I soon discovered that there are dozens of sites complaining about similar charges from similarly-constructed domains; for example, this 30-page thread at Amazon’s customer help forums includes gripes from hundreds of people taken by this scam.
I did a bit of digging into that eetsac.com domain, ordering a historic WHOIS report from domaintools.com. The report shows that the domain eetsac.com was originally registered using the email address firstname.lastname@example.org. Domaintools also reports that this email address was used to register more than 230 other sites; a full list is available here (CSV).
A closer look at some of those domains reveals a few interesting facts…
You can read Brian’s illuminating article in full here: Deconstructing the $9.84 Credit Card Hustle