Investigated for scamming more than 5,000 euros with the carding method

Made fraudulent purchases with the victim's bank card in various online betting houses and businesses abroad.

September 11 2024 (13:07 WEST)
Updated in September 11 2024 (17:04 WEST)
Exteriors of the Civil Guard barracks of San Bartolomé
Exteriors of the Civil Guard barracks of San Bartolomé

The Civil Guard in Lanzarote, within the framework of Operation Carding, the Unit specialized in the fight against cybercrime, has proceeded to investigate a person as the alleged author of a fraud crime on the network, for making more than 60 charges of various fraudulent purchases with the victim's bank card in various online betting houses and businesses abroad.

The Civil Guard became aware of this following a complaint filed in August 2024 at the facilities of the Main Post of the Civil Guard of San Bartolomé de Lanzarote, in which the complainant reported that he had detected up to 63 unauthorized charges on his bank account with his bank card, with all purchases amounting to 5,018 euros.

The Arroba Team of Lanzarote, within the tasks entrusted to them in the exercise of their specific functions in the fight against Cybercrime, collected all the data on the events that occurred and carried out the appropriate police investigations, identifying the alleged perpetrator of the events, being a citizen residing on the same island of Lanzarote.

For the location of the perpetrator of the fraudulent charges, investigation techniques aimed at detecting technological fraud on the Internet were necessary, which is why the rapid action of the specialized team of the Civil Guard was requested.

In this type of attack, cybercriminals use information from stolen, lost or accessed cards for any reason, with security breaches on the Internet being one of the main sources of information for scammers.

 

Security tips. What is CARDING?

Carding is a type of fraud that uses information from stolen credit/debit cards to use them fraudulently in online purchases or subscriptions on virtual platforms. The data that is stolen is related to these cards, hence the terminology of "carding" (card: card in English).

Cybercriminals use different techniques to obtain the data of the victims' cards. Below, we list some of the most common:

Users who are victims of fraud such as: phishing, smishing, vishing or shoulder surfing.

Distribution of malware, such as Keyloggers, capable of capturing keystrokes.

Database of clients/users of websites whose security has been breached, and which are published on the Internet.

Fraudulent websites in which users have entered their bank details.

Cloning of bank cards to which they have access through work, friendship, etc.

Use of readers with RFID or NFC wireless communication capable of obtaining card data. They approach the victim's card at a distance of less than 15 centimeters and in a matter of seconds, the data is saved.

Once the card data has been obtained, cybercriminals proceed to make purchases to verify that the information they have replicated on a virtual card is valid. They generally start by making purchases of products or services that have a low amount, thus avoiding in many cases the double authentication systems and will increase them in order to try to determine the available balance of the card and/or the operations.

If the previous step was carried out successfully, the scammers will have verified both the card details and the quality of the stolen account information to determine its value.

It must be taken into account that, in general, carding increases during the periods of the main commercial campaigns, taking advantage of the overload of transactions due to purchases, so special attention must be paid on these dates to avoid being victims of fraudulent charges beyond the will of the holder.

An example of a real case of carding and with considerable repercussions in Spain was the "Proxy" operation, in which the members of the scam network residing in various countries around the world resold the products obtained fraudulently at prices lower than those stipulated in the market.

 

Protect corporate systems against hacking attempts

USE antivirus, firewalls and other tools, and perform frequent scans of computers and devices to prevent malicious code infections.

KEEP your personal and business computers up to date: pay attention to security alerts, update security patches, and perform system checks periodically.

MAKE SURE your email accounts are well protected and do not share your password.

DO NOT CLICK on attachments that you are not expecting, even if they have harmless-sounding names (for example, invoice). They often contain malicious code that gives access to the control of your emails and the activities of your computers.

ACTIVATE the SPAM mail filter and block access to suspicious websites or those that are blacklisted.

How can we protect ourselves from this attack?

Carding is an attack that is closely related to social engineering since cybercriminals use this and other techniques to obtain bank and personal data from their victims.

We provide you with 10 tips that will help you protect yourself from this fraud:

Ignore spam messages or emails with unknown senders.

Keep a regular check of your banking operations and transactions. Pay special emphasis on dates when you make more online purchases: sales, holidays, Christmas periods, Black Friday, etc.

Deactivate the NFC system of your mobile device while you are not using it or use an anti-theft card protector to store them in your pocket.

When making online purchases, make sure that the store is trustworthy, and that it uses a payment gateway or accepts secure payment methods. Do not provide information on pages of dubious reputation.

Make use of the wallet or virtual cards offered by the bank for online payments.

Disable the NFC and RFID option in your bank's application if you do not use this payment method. If you do use it, enable it to request confirmation with a PIN for the use of this payment method with a card.

Under no circumstances provide bank details over the phone.

Do not use public computers to make purchases.

Update the programs and applications that you use frequently.

Activate the double authentication factor for card payments and distrust any email that asks you for card details or credentials.



 

Avoid becoming a target

 

If you suspect that you have been a victim of this technique, contact your bank immediately to report the problem and reverse the possible consequences. In addition, report the facts to the State Security Forces and Corps, providing all the evidence you have.

Attacks on the Internet are becoming more frequent and for this reason it is necessary to protect ourselves adequately. It is no longer enough to think that it will never happen to us, since we are all exposed. Therefore, we must be aware of this and act accordingly. Knowing the main frauds that will be used, such as carding, is the first step to prevent them.

 

Most read