Credit card fraud empire: Black industry pours into consumer finance and earns millions of dollars a month

[[188862]]

In the past two years, consumer finance has risen to the top of Internet finance and has become extremely popular.

A group of black market operatives who steal bank cards followed in the wake of the rise of consumer finance.

They integrate user information leaked from various channels and piece it together carefully like completing a puzzle.

Once they lock on to a target, they use a variety of tricks to exploit various loopholes and use new equipment to carry out large-scale cleansing.

A financial newspaper followed the clues of credit card fraud and found a huge credit card fraud empire behind it.

This is a lucrative underground world, where there are legends of overnight wealth and huge waves of instant subversion...

01 Empire

On a cold afternoon, the sun shone through the haze, leaving only a cold gray-yellow color.

Hacker VV appeared at the door of the hot pot restaurant wearing a skull mask. He said, "I just made a few big orders. I want to reward my brothers."

[[188863]]

The so-called big orders meant that in one night, "more than a dozen accounts were stolen and nearly 100,000 yuan was earned."

VV previously specialized in bank card fraud. However, with the unprecedented prosperity of consumer finance in the past two years, "many people in the black industry have followed this wave and poured into the emerging industry."

This young man, who is only 21 years old, has been engaged in consumer finance fraud for many years and is considered a veteran player on the Internet.

VV has two people under him, and "this small studio earns a million yuan a month."

Since 2014, many consumer finance platforms have launched the "overdraft" and "zero down payment installment" functions.

Based on the user's credit consumption record, the platform provides a certain "overdraft" limit for purchasing goods, the most typical of which is Ant Huabei.

These platforms are becoming fat meat in the eyes of the black industry.

For them, using the same method of stealing traditional bank cards to steal online consumer finance is a dimensionality reduction attack.

"Because many usernames and passwords can be easily obtained from the Internet," VV said, "any loopholes will be exploited by us."

In this world where interests are rampant, any small loophole will be dug deep by the black industry into a hole for money and desire.

Following the clue of VV, we tracked down what was underneath - a huge dark empire slowly emerging from under the clouds.

02 Black Material

VV is like a rope that connects all the people in the industrial chain.

The beginning of this industrial chain came from black material.

User information with financial value that has been repeatedly cleansed in the black market is the legendary "black material".

Generally, a financial account number and password that can be logged into is sold on the black market for between 0.5 yuan and 5 yuan.

According to industry practice, one should “not ask too many questions” about the source of data, and VV doesn’t care either; he only cares about whether the data is good.

There are many sources of negative information, and the most direct one is that hackers invade certain platforms and drag out the entire user information database from the background - in jargon, this is called "dragging the database."

These databases will be circulated on the black market, repeatedly cleaned and squeezed for value, "until nothing is left."

Usually, after VV obtains a batch of account numbers and passwords, it starts "information repair".

"Every hacker has a different attack method, and there are many different ways to crack. There is no unified way of fighting." VV likened the war between offense and defense to invading a castle.

Despite the moat and city walls, attackers could still break in through the main gate, dig tunnels underground, or even find a rat hole, making it difficult to defend against.

This is also the reason for the disparity in offensive and defensive strength.

VV and his team also summed up a unique set of tactics in actual combat.

Most accounts on consumer finance platforms now have a "payment password" set up, which is different from the login password. Therefore, the first step is to break the payment password.

The way to crack VV is to use the social engineering database to find other passwords that have been used for this account.

The so-called social engineering database is an underground database of the black industry, and its breadth and depth are probably no less than any "big data company". The data stolen by hackers are stored in the social engineering database for hackers to query.

"The data in the social engineering database can query many dimensions of data such as ID number, bank card number, commonly used passwords, home address, and even hotel check-in records." VV searched the social engineering database and his black market data and found other passwords that might be used under each account.

"Humans design passwords with flaws. Most people only have four commonly used passwords at most. Once they have more than four, they often get mixed up," VV said. Because of this, if one account is leaked, innocent people will be affected.

With double encryption, the intrusive target is almost locked down, and the remaining means of operation are even more varied.

But one theorem remains unchanged despite all the changes: SMS is becoming the most critical "Key" and the core safety valve.

[[188864]]

This is because most platforms will verify whether the operation is performed by the user himself by sending a text message verification code.

Generally, there are only two ways to control this "safety valve": one is to modify the "bound mobile phone number" and the other is to "hijack text messages."

Modifying the bound mobile phone number is to exploit the risk control loopholes of major platforms. VV calls it a "rat hole" intrusion.

VV recalled: "A year ago, it was relatively simple for many financial platforms to modify the rules for binding mobile phones. All they needed was a payment password. Later, they needed to provide their bank cards and payment passwords for modification. However, hackers could almost always obtain this information through social engineering databases, which became a feast for the black market of credit card fraud."

In this offensive and defensive battle, both sides check and balance each other in the fight - risk control rules keep changing, and hackers respond accordingly.

"I heard that a group of credit card thieves would call customer service with a new number and say that their original phone was lost. As long as they provided their ID card, bank card, recent delivery address, purchased items and other information, they could change their phone number," VV said. Credit card thieves would use all kinds of tricks to test the bottom line of risk control.

Some credit card fraudsters don’t even change their phone numbers.

After the goods were shipped, they left a message directly to the backend store, requesting to change the delivery address.

Some cloud vulnerabilities have also begun to be frequently exploited.

Recently, some media reported that Mr. He’s phone was locked and frequently shut down, and his money was stolen, resulting in a loss of 53,000 yuan.

It turned out that the hacker cracked his 360 smartphone cloud service platform, which contained a "reply SMS" interface that could reply to SMS from the cloud.

The hacker used the reply function to bind a "secondary card" to Mr. He's mobile phone card, which could receive his verification code synchronously, thus completing the fraudulent payment.

As the last safety valve, are text messages really safe?

In response to the pervasive black industry, many platforms have had to formulate more stringent risk control rules to plug loopholes.

"But there are many ways to control a person's mobile phone, and there are many loopholes. After patching one, we will switch to another," VV said. Planting a Trojan horse on the user's mobile phone is still the lowest-cost method.

At this time, the legendary second method began to surface - "SMS interception horse".

03 Ma Zi

The black production chain is like a machine that is unattended but can operate on its own.

What’s interesting is that there seems to be no industrial chain that can proceed in such an orderly and seamless manner without any organization or anonymity.

The only source of motivation (11.470, 0.01, 0.09%) is huge profits.

"Monthly subscription for girls is 500 yuan." Hacker Xiao N is a well-known girl supplier in the circle.

Because of his good skills, the viruses and Trojans he wrote were always effective in battles, so he became very famous.

Ma Zi’s monthly subscription means that you can only be “anti-virus free” (not killed by anti-virus software) within one month. If you need to continue using it, you need to “renew” it.

The "SMS Interceptor" is the core product developed by Xiao N.

Don't underestimate this Trojan. Once installed successfully, it can intercept user text messages.

VV will send this Trojan to the user's mobile phone via text messages or social software. It can be in the form of a URL, a picture or video of a beautiful woman, or even a seductive sentence.

"Sometimes we will find the user's social software through the mobile phone number, add friends, and then send the virus," said VV.

Once the user activates the Trojan, it will ask to download a plug-in.

This plug-in is a Trojan package. Once installed, the SMS will be completely monitored by hackers. When the user receives any verification code, it will be sent to the mailbox bound to VV at the same time, or the user's SMS will be directly intercepted so that he cannot receive it at all.

Or, send it directly to the mobile phone number specified by Xiao N.

Some hackers have begun to study new ways of fishing - phishing through social platforms with "red envelopes" and "cash coupons".

"Iron Knight" is a hacker who focuses on researching new horses.

"Nowadays, people's awareness of prevention has also increased, and the chance of clicking on URLs through text messages is getting smaller and smaller." This is also the original intention of Tieqi to start developing new horses.

In the social age, WeChat red envelopes are undoubtedly the most click-inducing thing.

"We use a small WeChat account to send red envelopes to a group of WeChat friends. It looks like a red envelope, but it is actually a web page." The Iron Cavalry does not fish through WeChat groups because there will always be "smart people" who point out abnormalities and they will be kicked out of the group quickly.

The possibility of breaking through a single point is greater, and mass sending during the Spring Festival will have a better effect.

After the user receives the red envelope, a prompt will pop up saying "There are too many people receiving the red envelope now, please withdraw the money first". At this time, general hackers will implant another page to obtain the user's bank card information, and finally install the "SMS interception horse".

"Most of the Trojans circulating on the market now are for Android systems," Tieqi said. For Apple users, they can only be intercepted through web page Trojans, "but once the other party closes the web page, the interception of text messages will become ineffective."

Taking over the Apple system has now become a fortress battle for the top hackers in the black industry. As for whether it can be breached, at least it has not yet begun to circulate on a large scale on the black market.

Whether it is Xiao N or Tieqi, transactions are generally conducted through QQ - which is obviously the most anonymous social tool at present.

Because he was too deeply involved in the black industry, the hundreds of QQ accounts registered by Xiao N were once "blocked".

"Thousands of customers, gone in the blink of an eye." At his peak, Xiao N could earn more than 200,000 yuan a month by selling "girlfriends."

"The life cycle of an account is only one or two months. Fortunately, I have gained some fame in the circle. When I register a new account, people will come to me because of my reputation," said Xiao N.

04 God Mode

Ma Zi hackers are usually hidden behind the scenes. They usually have some technical knowledge and can write small tools. They provide "technical" support to the entire industry chain.

Another group of people provide "equipment" support to the industrial chain.

VV will accumulate materials from accounts for a period of time, and periodically conduct centralized cleaning of concentrated areas of accounts.

The device used is a fake base station.

"Once a fake base station is used, God mode is turned on," said VV.

VV's long-term partner in the fake base station operation is called "Bentley". His fake base station equipment is really simple.

"A computer, a host, a transmitter and an antenna, these are all the equipment I have." This set of equipment was modified from a device for mass text messaging. Although simple, it is quite useful.

The function of a fake base station is the same as that of an operator's base station, which can intercept user text messages, calls and other functions.

When Bentley's "fake base station" starts up, the mobile phones of users within a radius of 1.5 kilometers are within his monitoring and control range.

In fact, the price of fake base stations is quite cheap.

"The price on the black market is six or seven thousand yuan, but if you buy it directly from the manufacturer in Guangdong, it only costs 3,700 yuan," said Bentley.

The price for VV to rent equipment for one night is only 300 yuan.

Nowadays, fake base stations are becoming a powerful tool for invasion.

With the cooperation of VV and Bentley, after logging into the user's account and starting to steal money, they can directly make the user's mobile phone "shut down" or "have no signal", and can also intercept all text message records.

"And fake base stations are being upgraded," revealed a black market worker who wished to remain anonymous. Now "combined base stations" have begun to appear, in which functional modules can be combined at will and run simultaneously. "And the limited distance has also been greatly enhanced, and can now be achieved within a radius of 10 kilometers."

The combined base station can not only intercept basic functions such as text messages, communications, and phishing WiFi, but can even read address books, installed APP data, and even chat records, which is comparable to the remote control "zombie" hijacking in the PC era.

At this point, it is the real God mode - the black industry has also reached a critical point of technological leap, and the dark power it releases is terrifying.

Whether it is a fake base station or a Trojan horse, the core logic is to control text messages and intercept verification codes.

05 Cash-out

When VV started to commit credit card fraud, the cash-out players at the end of the industry chain began to surface.

Bai Ye has been engaged in the cash-out business for 2 years. He takes two types of orders: black and white.

The so-called "white orders" are those users who are short of money and are trying to cash out.

"For general virtual items, I charge a 20% commission. If it is delivered by logistics, I charge a 10 to 15% commission," Bai Ye said, but most people cannot cash out.

"We block many people directly as soon as they transfer money to us," and since the users themselves violated the rules first, they would not call the police. It was precisely because of this that Bai Ye acted ruthlessly and without mercy.

Unless he thinks the other party can bring him more "business", otherwise it's a "one-time deal, catch a fool and take it as it comes."

Generally, if logistics is used, Bai Ye will send the designated goods to the user, and the user will use the overdraft function to pay after placing an order.

When delivering the package the next day, the user needs to send a text message to the courier: "Hello, sir, I am XXX. Please give the order to my friend XXX to sign for it," and leave the phone number of the person who will sign for it.

"Once the other party sends this text message, I will block them immediately," Bai Ye said. After the courier receives this text message, he can completely get away from the scam and the platform can no longer hold them accountable.

In fact, these delivery couriers were in collusion with Bai Ye, and "gave them 10% to 20% rebates every time."

What hackers come for is the blacklist.

VV and Bai Ye work closely together. There are some tricks before starting to steal money.

For example, in order to confuse users, VV will first use a "SMS bomber" to bombard the user's mobile phone, and dozens of verification code text messages from various platforms will pop up at once. "The purpose is to confuse users, and then hide the verification code of the fraudulent platform in it. Most users will only think it is harassment and will not open their accounts to check the information."

SMS verification code bombing

Next, Bai Ye will provide the items and address for the order, and VV will control the stolen account to place the order.

The first things to be stolen are virtual items, such as QQ coins, phone bills, gas cards, etc.

Because virtual items do not require logistics, they are easier to cash out. In order to prevent large-scale cashing out, the general platform has a low limit for virtual items, usually only a few hundred yuan.

After virtual items, the stolen items form a more complex industrial chain.

"Mobile phones, computers, watches, gold necklaces, and Maotai are generally products that are easy to cash in." VV will also occasionally buy himself some daily necessities.

Among the victims of credit card fraud interviewed by a financial publication, some had 10 bags of rice, 2 cartons of Coke, and even condoms stolen from them.

"Usually I will fill in the delivery address as a non-fixed address, such as a tobacco and alcohol supermarket, a street intersection, the entrance of a fast food restaurant, etc., and the consignee's contact information will be changed to the contact person's phone number," Bai Ye said, "The couriers are all acquaintances and will deliver the goods to the contact person at the designated location."

In order to "cash in" on these items, Bai Ye still needs to appear.

Downstream of him, there are some channels that "sell stolen goods" and cash in these stolen items. The items will flow to the special second-hand black market, such as a brand new iPhone, which is sold at a 20% discount.

For black orders, Bai Ye generally offers a higher rebate, 40% for virtual items and 30% for cargo logistics.

A few days ago, Bai Ye earned 20,000 yuan from a collaboration with VV. His net profit per month is about 100,000 yuan.

They are the "dirty dealers" in this industry chain.

In major QQ groups, there are a large number of cash-out people who openly "recruit investors" and "recruit intermediaries". Any platform that can provide installment shopping will become their cash-out target.

06 Licking Blood on the Blade

In the “credit card fraud rights protection groups” of major platforms, two or three victims of credit card fraud are added every day and come to look for allies.

[[188865]]

They generally believe that it was a platform loophole that led to the leakage of accounts, which triggered a series of subsequent credit card fraud incidents; and the platform's lax risk control rules also allowed credit card fraud to be carried out.

"Now my late payment fees are increasing every day, and I'm worried that this will affect my credit record," said Luo Qing, a victim of credit card fraud.

However, it is currently difficult for each platform to "fully accept" credit card fraud incidents - they are worried about being exploited in reverse, with users swiping their own cards and then saying it was done by hackers.

The evil and good of human nature will be infinitely magnified in the collision of interests.

"Every case is complicated, and it may be difficult to find a unified solution," VV said. Some credit card frauds are entirely due to account leaks and risk control loopholes, while some users are not careful and get infected by Trojans.

To completely untie this knot, it will probably require the joint efforts of multiple parties.

Operators should plug the loopholes of fake base stations; various platforms should improve security and risk control; and users should enhance their safety awareness. None of them can be left behind.

As for this black industry, it is probably difficult to completely strangle it. In the face of interests, they would rather live a high-risk life "licking blood on the edge of a knife".

Credit card fraudsters usually work in groups, and each group has different methods of attack and invasion.

It took a financial newspaper two months to dig deep into the VV clue, while most of the gang is still hiding in some dark corner underground.

This line connected by VV will generate millions of revenue every month, and everyone will share it.

However, behind the huge profits, there are also high risks.

A "master" who was active in various black market groups suddenly disappeared a few days ago.

A hacker who is familiar with the "master" said that the "master" was being targeted by the police and "maybe he has already been put in jail."

“If you walk by the river often, you will get your feet wet.” The news of the master’s accident made people in the circle panic. VV also prepared to retire and retreat with his two brothers.

Many people involved in organized crime will turn into the company's "security personnel" once they turn around. It seems that it is just a fine line between going from offense to defense, from black to white.

Sudden disappearance is a common story here - it could be retirement, or it could be that you never come back again.

In this lucrative credit card fraud empire, there are myths of getting rich overnight, retirement to cleanse oneself, and turbulent waves that can overturn a business in an instant.

Internet consumer finance has become the target of the black industry.

From credit cards to consumer finance, the black industry has also ushered in a critical moment of transformation and upgrading.

The black industry is like a beast, crawling behind the grass, waiting for the moment when the new flock relaxes...