Credit card fraud is a huge problem, and by its very nature falls across the entire security spectrum – whether dealing with phishing, malware, social engineering or exploits there’s always a way someone may be trying to cheat you out your payment information (even if the tables are occasionally turned and malware authors are given a hard time of things).

Of course, the threats to your card safety don’t always begin online – your details are always potentially up for grabs:

There are many ways for scammers to swipe some card details at cashpoints and elsewhere, and the interview on this entry about card skimming is particularly interesting in terms of how the stolen data moves around (especially the debunking of the urban legend that typing your PIN into an ATM backwards in an emergency alerts the Police – it doesn’t).

It’s a hop, step and jump from stolen real world data to online reselling of said pilfered accounts, and one of the easiest ways for people to jump onto this particularly naughty bandwagon is through Carding forums.

These are underground sites where people ensure that stolen data works, then purchase it before reselling themselves, or spending as much money as they can to buy that sweet gold-plated yacht they always wanted.

Getting yourself on the carding ladder can be bad for your long-term “Stay out of prison” health. While you can take a gamble and reply to the odd carding missive arriving in your mailbox, it’s not a good idea as more often than not you’ll end up out of pocket while potentially breaking a laundry list of laws in your local area.

Typically any carding sites overtly generating attention via random spam blasts don’t tend to stick around too long, and they normally try to be at least a little bit discreet.

Here, however…

Spam galore

Spam details

“Sorry for the spam”, they say, as they send you no less than 15 emails across six days. Also note the faintly optimistic attempt at Bayesian poisoning in an effort to get around the spam filters in place (yeah, it didn’t work).

All the excitement seems to be over their services which look like the usual assortment of dumps (information pulled from compromised cards), bank identification numbers and auto checkers (to ensure stolen details are valid, to avoid buyers demanding refunds for non-functional card details).

This slideshow requires JavaScript.

This is, of course, something we’d advise you not to bother getting involved in. While teens and those interested in what they perceive as the dark underbelly of the web may think it all sounds very exciting, make no mistake – things can go wrong very quickly if you become addicted to the world of Carding and malware. You may go several lifetimes and numerous mailboxes without ever seeing an invite to a carding forum, but if you do, delete the mails (yes, all of them) and get on with your day.

Now if you’ll excuse me, I have some more spam messages to contend with…

Christopher Boyd