New information from ReasonLabs indicates that scammers with origins in Russia leveraged Amazon Web Services, GoDaddy, and eNom to conduct a large-scale scam operation that stole millions of dollars from credit cards. The scam began in 2019 and continued into 2020. ReasonLabs states that the victims of the plot were customers of major credit card providers such as Mastercard, Visa, American Express, and others. The operation involved the scammers establishing a massive network of fake dating and customer support websites in order to exfiltrate the card details, ReasonLabs says.
In total, the fraudsters created 75 different fraudulent customer support sites. The threat actors used websites to charge credit cards bought on the dark web. The scam primarily targeted US consumers, however, French-speaking locations such as France were also targeted. During the scheme, the fraudsters likely reached the maximum available chargeback rate, and the ability to charge more cards was probably revoked. However, by this point the majority of the funds were already withdrawn. ReasonLabs states that the fraudsters likely transferred the funds to an account owned by a mule.