Weekly News

Thieves use free-to-play games to turn stolen credit-card numbers into cash

July 21,2018 15:13

Markets for video-game assets, sanctioned and unsanctioned, are a major target for credit-card scammers, who use bots to open fake Apple accounts using stolen cards, which are then used to buy up in-game assets that are flipped for clean, untraceable ...


Markets for video-game assets, sanctioned and unsanctioned, are a major target for credit-card scammers, who use bots to open fake Apple accounts using stolen cards, which are then used to buy up in-game assets that are flipped for clean, untraceable cash to players.
The whole market was documented by the security firm Kromtech, who say that an insecure database used by scammers and left visible on the internet gave them insight into the process.
The beauty of the system is its automation: everything from the creation of the Apple accounts to the game logins to the item purchases and resales is automated, meaning that the scammers just have to press Go and start cashing out.
According to the report, Google's anti-fraud systems were more robust than Apple's, and the scammers gave up on using Android accounts.
As with the SIM Swapping scam, there's an element of security economics here: the games companies design anti-cheating mechanisms that assume that the major advantage of cheating is superior gameplay, not extracting real cash from credit-card companies. So they build a system that assumes that players will only go so far and no farther to cheat -- but then along comes a way to turn cheats into significant cash, and all the assumptions about how much security needs to be in place turn out to be invalid.

“With the account creation process automated, the malicious actors then took the process further, automatically changing cards until a valid one is found, automatically buying games and resources, automatically posting the games and resources for sale, working with a digital wallet for order processing, and managing multiple Apple devices to distribute the load,” Kromtech’s report said. “The end result: an automated money laundering tool for credit card thieves.”
It used the grey market site g2g.com—a website that allows users to buy and sell digital currencies for games such as World of Warcraft and Clash of Clans—to move its ill-gotten in-game currency. Sock puppet accounts posting on g2g selling Clash of Clan accounts (which developer Supercell allows to be transferred between users) bundled with in-game currency cost between $30 to $90, the report said. Those transactions are small, but can add up quickly when run on an automated system posting thousands of them every day. Of the more than 30,000 credit cards, Kromtech was able to verify that just under 20,000 of them were used in the scheme.

Scammers Are Using ‘Clash of Clans’ to Launder Money From Stolen Credit Cards [Matthew Gault/Motherboard]
Digital Laundry: how credit card thieves use free-to-play apps to launder their ill-gotten gains [Kromtech]

SHARE / / 5 COMMENTS

Loading...

Online services increasingly rely on SMS messages for two-factor authentication, which means on the one hand that it's really hard to rip you off without first somehow stealing your phone number, but on the other hand, once someone diverts your SMS messages, they can plunder everything
READ THE REST

Smirking pharma-bro Martin Shkreli first came to public attention when he hiked the price of a drug used by people with HIV from $13.50/pill to $750/pill.
READ THE REST

The porn extortion scam works like this: you get an email from a stranger claiming that he hacked your computer and recorded video of you masturbating to pornography, which he'll release unless you send him some cryptocurrency.
READ THE REST

Summer’s here, which brings not only warmer weather but also the unsettling realization that the year is more than halfway over. So, for those who weren’t as productive as they would have liked during the first half of 2018, we’ve rounded up 5 skill course bundles you can start learning today to help you finish […]
READ THE REST

It’s good to be proactive, but when it comes to preparing for an emergency situation, one of the most important items you can pack is a flashlight. After all, whatever else you include in your kit won’t be of much use if you can’t see what you’re doing. The Viper 1000-Lumen Tactical Flashlights not only […]
READ THE REST

Chances are you took a handful of language classes in high school, and aside from a smattering of conjugations and vocabulary words, the only things you likely remember are the dry, rehearsed sentences that did little to make you speak like a true native. If you’re still hoping to learn a new language but want […]
READ THE REST

gamestar games gamestop gamestorrents games with gold games workshop games online gameshop gamespot gamesz

Share this article

Related videos

Thieves use stolen credit cards to buy gift cards
Thieves use stolen credit cards to buy gift cards
ATM FREE MONEY TRICK (Life Hacks)
ATM FREE MONEY TRICK (Life Hacks)

DON'T MISS THIS STORIES