So I was browsing some dodgy sites today and suddenly got a message. Let's see, can we learn something out of this story and not pay for the lesson.
It's interesting from a few points - my IP address shows that I'm a Virgin' customer lol. And the date automatically updates accordingly to the current time. I met this type of easy-to-conduct fraud many times in the past.
I used a few virtual cards issued before to see the whole process. Let's START! First of all - plenty of fake feedbacks and countdowns which restarted once they will reach 0.
I used a few virtual cards issued before to see the whole process. Let's START! First of all - plenty of fake feedbacks and countdowns which restarted once they will reach 0.
I used a few virtual cards issued before to see the whole process. Let's START! First of all - plenty of fake feedbacks and countdowns which restarted once they will reach 0.
Next, once you will enter your card, your browser will visit about 12 different websites, with no available information. / pages will return 403 or empty responses. Portscan/dirb won't show anything interesting. But you will loose £1.
Next, once you will enter your card, your browser will visit about 12 different websites, with no available information. / pages will return 403 or empty responses. Portscan/dirb won't show anything interesting. But you will loose £1.
Next, once you will enter your card, your browser will visit about 12 different websites, with no available information. / pages will return 403 or empty responses. Portscan/dirb won't show anything interesting. But you will loose £1.
Every time it will be a different merchant for payments - http://hulenshop.com , http://trainingportallobulus.com , http://fletwevshop.com , http://thinkthanktop.com , etc but the same MCC code - 5816 (Digital Goods). I guess it's easy to get and rotate merchant accounts.
Now, if we will enter a card with enabled 3DS, it will redirect to a legit payment provider - ACI worldwide GMBH. Their resources are http://ppipe.net  http://ctpe.net  http://oppwa.com  http://all4payments.com  and they all will use SSL.
So why do they need 3DSecure? Simple - since the Liability Shift, the merchant will be liable for fraudulent online payments which don't require 3DSecure on the site. Once customer actually entered it's OTP it will be hard to prove fraud.
If your card doesn't support 3DS, your bank will be in charge of online fraud. And here we come to the point. Recently Visa and MC started implementing aka seamless 3DS 2.0. It's when your card supports 3DS, but you actually don't need to do anything to finalize the payment.
Visa, for example, says they're using AI to monitor 500 variables and to spot fraud. Excellent! Or?!
So what happens here is that fraudsters will try to use recurrent payments to steal £1 from time to time, using your originally confirmed payment.
But what they do every now and again - initiate payments for much higher value - £38. And that's where your seamless experience will lead you to pay more for your mistakes.
If you would have to confirm payments manually - you could spot that £38 is a bit higher than the original £1. Stay safe!
If you would have to confirm payments manually - you could spot that £38 is a bit higher than the original £1. Stay safe!
If you would have to confirm payments manually - you could spot that £38 is a bit higher than the original £1. Stay safe!
You can follow @a66ot.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.