[ad_1]
I was preparing to leave work for the week on a recent Friday night when a curious and annoying email arrived through the contact form on this site:
“Hello, I’m going by the username Nuclear27 on your site Briansclub[.]com,” wrote “Mitch, confusing me with the owner of perhaps the biggest subway mess for stolen credit and identity data. “I made a deposit to my wallet on the site but nothing has come up yet and I would like to know why.”
The real BriansClub login page.
Several elements emerge from Mitch’s message. For starters, this is not the real domain of BriansClub. And it’s easy to see why Mitch got snooked: the real BriansClub site is currently not at the top of search results when asked for the name of this store on Google.
Additionally, this novice criminal had clearly endorsed the BriansClub ad, which uses my name and image in a series of ads running on all major cybercrime forums. In these ads, a crab with my head on it zigzags across the sand. This is all meant to be a big joke: Krebs means “crab” or “cancer” in German, but a “crab” is sometimes used in Russian hackers’ slang to denote a “carder” or a person who regularly engages. in the street. – level of credit card fraud. Like Mitch.
At the end of 2019, BriansClub changed its homepage to include forged images of my social security and passport cards, a credit report and information on my cell phone bill. It was right after KrebsOnSecurity announced that someone had hacked BriansClub and siphoned off information on 26 million stolen debit and credit accounts. The hacked BriansClub database had an estimated collective market value of $ 566 million, and that data was then shared with thousands of financial institutions.
Mitch said he had just made a $ 240 bitcoin deposit at BriansClub[.]com, and wondered when the funds would be reflected in her account balance on the store.
Playing the game I said I was sorry to hear about his ordeal and asked Mitch if there were any stolen cards issued by a particular bank or in a specific region he was looking for. .
Mitch didn’t bite, but he also wouldn’t be dissuaded that I was at fault for his wayward funds. He shared a photo showing funds he had sent to the bitcoin address given by BriansClub[.]com – 1PLALmM5rrmLTGGVRHHTnB6VnZd3FFwh1Z – using a Bitcoin ATM in Canada.
The real BriansClub uses a dubious St. Petersburg, Russia-based virtual currency exchange service called Country Pin. The company’s website has long featured little more than a brand icon and an instant messaging address to reach the owner, and that same address is active on several of Russia’s leading cybercrime forums. The fake BriansClub told Mitch that the Bitcoin address he was asked to pay was a PinPays address that would change with every transaction.
The payment message displayed by the phishing domain of the BriansClub carding site[.]com.
However, upon registering on the phishing site and clicking to fund my account, I was presented with the exact same Bitcoin address that Mitch said he paid. In addition, the site did not use PinPays; he just pretended to do it to imitate the real BriansClub more.
According to the Blockchain, this Bitcoin address that Mitch paid has received over a thousand payments in the past five months for a total of over $ 40,000 worth of Bitcoin. Most are relatively small payments like Mitch’s.
The screenshot Mitch sent from his repository.
Reckless crooks like Mitch are a dime a dozen, as are phishing sites that spoof online criminal services. Shortly after going live as a phishing site last year, BriansClub[.]com was hosted at a company in Moscow with just a handful of other popular cybercrime store phishing domains including Jstashbazar[.]com, vclub[.]cards, vclubb[.]com and vclub[.]credit.
Whoever is behind these sites earns a decent income by defrauding clueless scammers. A review of the Bitcoin wallet indicated as payment address for BriansClub[.]organization, for example, shows a similar journey: 704 transactions totaling $ 38,000 in Bitcoin in the past 10 months.
“Wow, thanks for ripping me off,” Mitch wrote, after I fell asleep for the evening without responding to his increasingly shrill emails. “I should have spent the last money on my bills that I’m trying to pay. I should have known you were just a thief.
Deciding the ruse had gone too far, I confessed to Mitch that I wasn’t really the administrator of BriansClub and that the person he contacted was a freelance journalist who writes about cybercrime. I told him not to feel bad, because over a thousand people had been duped in the same way by the card.
But Mitch didn’t seem to accept my confession.
“If so, why is your name everywhere, including the window that opens when you go to make a deposit?†Mitch asked, referring to the phishing site.
Obviously, nothing I said was going to deter Mitch at this point. He asked in a follow-up email if a link he included in the message was the BriansClub’s “legitimate” address. My only response was that maybe he should consider another job before he got ripped off again, or the Royal Canadian Mounted Police showed up on his doorstep.
Scammers who fall in love with fake card sites can expect their accounts to be taken care of in the real store, which usually means someone is spending your balance on stolen cards. Most importantly, these impostor carding sites ask new members to fund their accounts by making deposits in virtual currency like Bitcoin.
In 2018, KrebsOnSecurity examined a vast network of phishing sites masquerading as the best carding shops, all dating back to a web development group in Pakistan that has apparently been stealing from thieves for years.
As I noted in this article, building a network of fake carding sites is the perfect cybercrime. After all, no one who gets phished or scammed will report the crime to the authorities. Nobody’s going to help the poor dude who gets snooked by one of these fake carding sites either. Emptor Warning!
The most that can be hoped for is that the casual and enterprising phishers will be brought to justice. While it’s hard to believe that authorities are preying on crooks who steal from each other, in 2017, a Connecticut man pleaded guilty to phishing charges in several dark web criminal markets in a scheme that ultimately brought in over $ 365,000 and over 10,000 user IDs stolen.
And what about the origin of the briansclub phishing domain?[.]com? Taking a closer look at the original WHOIS registration records for briansclub[.]com via DomainTools (an advertiser on this site), we can see that it was registered in November 2015 – several months after the real BriansClub went live. It was recorded at a ‘Brian billionaire,” a.k.a Brian O’Connor, a seemingly accomplished Florida DJ, rapper and rap music producer.
Brian billionaire.
For several years after it was put online, BriansClub[.]com and other domains apparently registered by Mr. Billionaire redirected to his main site – newhotmusic.com, which predates the BriansClub carding store and also has a members-only section of the site called Brian’s Club.
Mr Billionaire did not respond to multiple requests for comment, but it appears his only crime is be a somewhat filthy DJ. DomainTools record for briansclub[.]com says the domain was abandoned or dormant for a period of 2019, only to be reclaimed by someone in May 2020 when it became a phishing site spoofing the real BriansClub.
[ad_2]
