Neiman Marcus and Saks 5th Ave Method Illustrates How Cybercriminals Acquire Some Targets
It’s difficult to card electronics. By “Card”, I mean using stolen credit card information to order products or services online and sell them for cash.
Every Carder on the planet wants electronics. Smartphone, Laptops, TVs—they are all high dollar items which resell quickly for around 80% of the retail value. Electronics are the number one target of credit card thieves.
Retailers know this. As such, there is a massive amount of security around electronics purchases. That is where fraud is expected. Today, you have to be a competent carder in order to successfully steal smartphones and laptops online.
Crooks also realize that is where the security is concentrated. They know they are going to have a hard time stealing that new iPhone. As such, many experienced carders look for lower security items which also fetch high dollars and resell quickly. Things like Yeti Coolers, Swimming Pool Filters, Keurig Coffee Makers.
Things like Designer Clothes.
Historically, it has been easier for a carder to order expensive clothes (Burberry, Versace, Chanel, Etc.) direct from the source. Why, because the supplier, the smaller source has less security and is an easier target.
Every now and then, though, a major retail messes up and opens the door for fraudsters nationwide.
Currently on the Darknet, a technique is being shared on how to successfully card items from Neiman Marcus and Saks 5th Ave.
It started with Neiman. Some carder trying different ordering techniques and BAM! Got one to work. The one he got to work wasn’t even complicated.
It works like this:
1. Create an Account at Neiman or download the App.
2. Use a Socks5 Proxy or RDP (Remote Desktop) which is clean and residential and the IP shows as within 25 miles of the actual card owner of the stolen credit card.
3. Pick your items and leave them in the shopping cart for a couple of hours.
4. Come back and view some other items which are on sale. MAYBE put a couple of those items in your cart. No need to if you are feeling lazy.
5. Use an email matching the cardholders name. Example: BrettyJohnson@robbingyou.com
6. Use card owners billing address, and for shipping put down whatever drop address you, the crook, are using.
That’s it. Pretty simple. Not Rocket Science. It used to not work at Neiman Marcus, but is currently working as of TODAY.
Why? Usually an exploit like that coincides with a change in anti-fraud provider or a new hire as fraud manager for the company. New security means a new team which might not be used to seeing the types of fraud that specific company is encountering. Criminals find the exploit and a feeding frenzy starts.
But how does the same exploit spread to other companies? How does this one technique become the go to method at Saks 5th Ave?
Again, not Rocket Science.
As far as I know, crooks are the only people on the planet who read the Terms of Service for a specific website. No one else I know does so. Why do crooks read TOS? Because a lot of information can be found by doing so. You can find out payment policies, shipping policies, refund policies. You can find out a lot.
Sometimes you can find out which fraud solution a company is using. Sometimes its in the TOS.
Sometimes the company proudly displays it for every visitor to see.
Hmm. Which fraud solution a company is using. That info is handy. If I know Neiman Marcus uses a specific fraud solution provider and I have a way around those fraud barriers, then all I need to do is find other companies that use the same fraud solution provider.
Turns out Saks 5th Ave is open to the exact same exploit that hits Neiman Marcus.
This illustrates one of the ways online fraudsters find targets. An exploit is found at one company and then other companies are hunted down which use the same software, provider, etc. This is a very common method of finding targets.
There are many other methods fraudsters use to find victims. They may read news articles about people arrested for fraud. They may read indictments to gather specific details on how the crime was committed and how the crook was caught. They may run a numbers game: Throw a bunch of stuff against a wall and see what actually works and who responds (phishing).
Lesson to learn?
Changes in security often open doors for crooks. It is important that when a new security protocol is put in place (software, company, people) that vigilance is INCREASED until such time as all the kinks are ironed out. It is also important that lines of communication not only remain open, but are actively encouraged across all channels. Failure to do so only makes a fraudsters job easier.