Instagram "Likes" Worth More Than Stolen Credit Cards 106
Barence writes "In the world of online fraud, a fake fan on Instagram can be worth five times more than a stolen credit card number. In a sign of the growing value of social network 'likes', the Zeus virus has been modified to create bogus Instagram 'likes' that can be used to generate buzz for a company or individual, according to cyber experts at RSA, the security division of EMC. These fake 'likes' are sold in batches of 1,000 on hacker forums, where cybercriminals also flog credit card numbers and other information stolen from PCs. According to RSA, 1,000 Instagram 'followers' can be bought for $15 and 1,000 Instagram 'likes' go for $30, whereas 1,000 credit card numbers cost as little as $6."
Do the CCs work? (Score:5, Insightful)
If they're up for sale on a hacker forum how long are those CC's really going to be valid for? Seems more like you're paying $5 for the chance to race against everyone else to exploit them before they get closed down, which will take somewhere between minutes and hours, certainly not days. Social network followers and likes are much, much more likely to be valid. Still surprising that they go for more than $.01 a piece though, I would have thought less than 1/10th that.
Re:Do the CCs work? (Score:4, Informative)
A friend's debit card number was stolen. We narrowed down the time when it could have happened to one of two places. Both places were some time during the day Friday. The charges happened Saturday (they bought liquor, $80 of McDonalds, gas, some more drinks at a bar, probably 4-7 people packed into a car spent $600 in one night.)
She found the charges Sunday, cancelled the card within 1 hour.
Worth $5 to someone? Definitely.
Re: (Score:3, Insightful)
How do you buy from an actual store without the physical credit card? I can understand online purchases, but don't you need the piece of plastic to buy at McDonalds? Or do you mean her actual card was stolen (in which case hackers wouldn't be selling it for $5)?
Re: (Score:3)
Re: (Score:1)
Most cashiers don't scrutinize it heavily even if it isn't signed.
Re: (Score:2)
Re:Do the CCs work? (Score:4, Informative)
I used to do that. However, there are some cashiers (even rarer than the ones who ask for ID), who know and care that credit cards aren't valid unless signed and will not accept a card with "Ask for ID" on it.
Re: (Score:2)
Re:Do the CCs work? (Score:4, Informative)
A merchant can ask for your ID, but they cannot require it for acceptance of the card (maybe it will scare someone off, but a smart criminal would just refuse). In the case where the card is not signed (or has See ID or some other housewife-myth written on it), the protocol is for the cashier to ask you to sign the card in front of them and compare the signature to a government ID. In this case, it is not quite clear, but it sounds like they *can* deny you for not presenting ID. So basically, the unsigned/See ID trick only works once--the first time someone actually follows the rules and calls you out on it, they will make you sign the card.
Check out pages 33 and 34 (the written numbers, not the PDF numbers) of this PDF for more info: http://usa.visa.com/download/merchants/card-acceptance-guidelines-for-visa-merchants.pdf [visa.com]. If you recall back to maybe the early 90s, there was a big ad campaign where celebrities (I think I remember a seinfeld one) would try to pay with a check and the cashier wouldn't take it since they forgot their ID...and then some random guy would walk in and pay with a CC without a question.
Re: (Score:3)
And I'm sure the machine you swiped the card through yourself checked the signature very carefully.
Re: (Score:3)
Sadly no cashiers seem to scrutinize a credit card regardless if it's signed or not. Often times when I hand my credit card over, I will not be asked for ID, they won't check the signature, or any form of verification, unless I'm purchasing alcohol. Even then it's maybe a 20% chance I'll get carded and they're doing it purely for alcohol reasons.
Hell, my friend doesn't even sign the back of his cards for whatever reason, and he's never been questioned about it, despite a notice on the cards that say "CARD N
Re: (Score:2)
Retailers are prohibited from asking for ID as part of their merchant agreement.
Re: (Score:2)
Re: (Score:1)
Wait, what part is the cashier looking at the signature on the back of the CC and what part is the cashier looking at identification? You statement is not clear.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
So I can take a credit card with an obvious woman's name such as "Susan Kay Johnson," hand it to a cashier, and they're required to accept it (even if I might have to imply that's my name), and they aren't allowed to card me to verify as part of their merchant agreement?
That is bonkers. I don't care if you're not liable for the transactions; there should at least be some attempt to prevent fraud in the first place at the point of sale.
Re: (Score:2)
So if you have Susan's signature down perfectly, they can still phone it in. I don't know what the credit card company does in this situation. If it is a small charge, maybe they just let it go through, but will try to call the card owner for a large charge? I would assume that once the merchant calls it in, they can't be liable for fraud if Visa says "no, that's ok, let them us
Re: (Score:2)
Why do you need to buy new blank cards? Just reprogram an old one...
Re: (Score:2)
I haven't signed a credit/debit card in years. Never once had it checked by a cashier.
Re: (Score:2)
Thanks to US for not pushing chip n pin, It's fairly easy to clone a card, including, sniffing the pin.
Re: (Score:3, Insightful)
Thanks to US for not pushing chip n pin, It's fairly easy to clone a card, including, sniffing the pin.
But then there'd be things we'd have to updaaaaaaate! And that'd be chaaaaaaange! That's haaaaaaaaaard! Change means we can't maintain our razor-thin margins! And we wouldn't have to hire nearly as many outsourced fraud response operators from India! That's job destroying! We don't wannaaaaaa!
Re: (Score:3)
Chip & PIN has been designed to offload risk to the card owner.
Besides, it's broken, and has been for a while. Now they're using contactless cards for sub £20 purchases - sigh.
Oh linky: http://hackaday.com/2010/02/12/chip-and-pin-broken-and-other-security-threats/ [hackaday.com]
Re: (Score:2)
Re: (Score:2)
Why would the US government have anything to do with it. They already limit your liability to $50, the rest falling on the credit card companies and merchants. If fraud were such a big, expensive problem, then they would have fixed it. Or not - I could care less, since it is their problem.
Anyway, chips, magnetic strips, what is the difference when ordering stuff via internet?
Re: (Score:2)
Anyway, chips, magnetic strips, what is the difference when ordering stuff via internet?
You could cryptographically sign the transaction, although at present this isn't done (as far as I know).
It's used for online banking (e.g. http://www.lloydstsbbusiness.com/internetbanking/cardreader.asp [lloydstsbbusiness.com] ).
(The vulnerability in this proprietary encryption system isn't so much mathematical, but social. The readers validate the PIN, which means criminals can demand someone's PIN -- and then verify it! Two students from my university were killed, possibly because they first a false PIN http://www.theguardian [theguardian.com]
Re:Do the CCs work? (Score:5, Informative)
You can erase and re-encode a different account number on an old mag stripe card. You may have noticed some stores have the cashier manually enter the last four digits of the credit card to prevent against this kind of fraud.
For a swipe-it-yourself terminal where the cashier doesn't see or handle the card, the bad guys can use any old card with a mag stripe. Some thieves have been known to reuse old gift cards. At least one scammer glued old VCR tape to cardboard squares and hand-wrote the PIN on the face of the cardboard as he encoded them. He then stood in front of an ATM with a stack of disposable cards, feeding them in one after another to rapidly tap as many accounts as he could.
Oh, and the entire article is wrong by three orders of magnitude. ONE credit card account number can go for between $2.00 - $40.00, based on the type of account and quality of numbers (the percent that will work.) ONE THOUSAND Instagram followers goes for $15.00. That's $0.015 for each fake follower. That's comparable to the going rate for bogus Twitter accounts ($0.02 - $0.10 each), Yahoo email accounts ($0.01 each), or Hotmail accounts ($0.012 each.) Gmail accounts are harder to dynamically create, perceived as spam-resistant, and therefore more valuable to bad guys, and go for $0.20 each.
Re: (Score:3)
For a credit card, they actually enter in the CVV code - that code is NOT encoded on the stripe and only the issuing bank knows it.
Re: (Score:2)
I wouldn't be so sure......check out the wikipedia article on the format. In my testing (was working on a cash register app for a client), I found that many of my own cards included the number.
http://en.wikipedia.org/wiki/Magnetic_stripe_card#Financial_cards [wikipedia.org]
Re: (Score:2)
There are two CVV codes. The CVV2 code is only printed on the card; the CVV1 code is only encoded on the mag stripe. If you get the wrong code of the type of input, the transaction processor can identify a fraudulent transaction.
The cases where the cashier is manually entering the CVV2 code are on terminals where the mag reader is not talking directly to the transaction network but is filling out a form field. Some places just have a web app as their POS terminal.
Re: (Score:2)
If the card data was captured from a skimmer (and is not simply an account number and expiration date), then the data the criminal encodes on the track is identical to the real mag stripe, including the card's CVV1 found in the discretionary data field of the mag stripe. Having the cashier re-enter the last four digits is one way that some stores use to catch people attempting this fraud. But it all depends on the Point of Sale software in use, and how the store authorizes their credit transactions. Ther
Re: (Score:3)
We are guessing that someone took a picture of the front of the card with an Iphone.
Nobody has been arrested. We really don't know the answer... the card left her possession only for a minute when the cashier took it to the register. No idea how it was swiped but I would assume someone can print a card if the issuing bank and the numbers are all known.
Re: (Score:2)
Re: (Score:2)
Because we saw suspicious girl playing with iPhone, talking to cashier all friendly and she got up 3 times, once while our cards were away, but never went to the bathroom. Realistically it's not enough to get anyone arrested (or even identify the person we saw at the time who looked suspicious)
Girlfriend believes it was a photo taken with iPhone, personally I know that Square readers are given away for free (I have one) and more likely the way it would be done, but I've never tried duplicating a card so th
Re: (Score:2)
Mag stripe readers are common for this purpose. Someone swipes the card through the register, and also through their own magstripe reader. You can get these readers as little attachments to smart phones, these days, but this attack is quite old. Maybe they also took a picture, but that's actually more of a hassle.
Re: (Score:3)
That particular CC? Sure. But like others have stated, when the cards are being sold in lots of 1k, odds are most of them are either already invalid or going to be so very quickly. So you might end up trolling through several hundred of them to find a good one, even if there is one.
Your friend's card was likely stolen by other means and not distributed precisely to give it the long longevity. On, and you're probably looking at 2-3 people for that $600.
Then balance the risk vs reward - the reward might b
Re: (Score:2)
$80 of McDonalds...
Well, they weren't health nuts. Your friend might take solace in the fact that they'll die of heart disease.
Re: (Score:2)
CC purchases are false positive declined so often that I doubt that any cashier would ever "stall until the cops come".
Re: (Score:2)
I had my CC number stolen about four months ago. By the time I received the fraud alert email the thieves already spent $1200. Eight hundred something at an Apple store, two hundred something at a walgreens and another one hundred something from a CVS. The fraud alert was for a buck fifty parking garage charge which was their test to see if the card was valid. Bank thankfully took care of everything and issued me a new card.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Stealing CC numbers is easy, getting out the money without getting caught is the hard part.
Re: (Score:2)
The uncertainty is the important factor, I think. In the case of the credit card numbers, there is high uncertainty over whether the numbers you are buying have any real value, so the price is low. For Instagram Likes, there is absolute certainty that they have no real value, so the price is higher.
Who is getting ripped off here? (Score:5, Insightful)
Re:Who is getting ripped off here? (Score:5, Funny)
Who's the more foolish? The fool, or the fool who fake-follows him a 1000 times for $15?
Re: (Score:1)
Dammit I can't undo the comment I already posted to mod you up anymore. A dad day indeed.
Re:Who is getting ripped off here? (Score:4, Insightful)
Re:Who is getting ripped off here? (Score:4, Insightful)
Re:Who is getting ripped off here? (Score:4, Insightful)
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
It could have a considerable value for a new business that wants to give customers and potential investors the impression of being more established than it is. A lot of people will not see through it.
Our new software as a service has accumulated 10008 likes in one week after opening, and 102 five-star reviews!! Give us your money!!!
Re: (Score:3)
Re: (Score:2)
It's kinda of like the reddit fake it till you make it. If you have a business or product with 50k likes vs. 1000 likes people start to look at things differently. No one says how you got the 50k likes, but it leaves the impression to people that there is a rabid fan base.
I spent the last year working with emerging fashion designers. It's an industry that thrives on appearances even if there is nothing underneath. My clients were attempting to build likes and interest organically a few at a time. One o
Re: (Score:2)
I wonder the same sorts of things myself. I sense that a good portion of this 'likes' business is actually a very subtle but sophisticated game of influence deployed by marketers. I suspect a few things are at play when a network encourages 'likes' for a TV show that hasn't aired:
1. It's a form of early market research. 'Likes' are probably as good a metric as any for predicting the size of the initial audience, which in turn helps the network fine tune what they can charge advertisers at the outset.
2. It d
Re: (Score:2)
The person getting ripped off is the then genuine customer which might buy something from a company based on who well 'liked' they are.
If you use a stolen credit card, you can only use it very carefully - as you need to make sure that noone can trace the use of the stolen card back to you.
If you buy fake likes, who can prove how many of your likes are genuine? If you use them to lure customers to your site and your products to sell them, the customer will have to pay for those goods and can't claim them b
Re: (Score:2)
The "Like" button is actually just a marketing term for "Subscribe and recommend". The counter is just a tiny side aspect.
"Liking" something subscribes you to the news feed of whatever you "like", so that you will see show's promotions later. It actually allows you to advertise directly to people who have explicitly expressed an interest in your product. This is incredibly valuabl
Re: (Score:2)
There is no such things as SEO. All SEO schemes are scams from the start.
The only SEO in existence that is legitimate is making a useful site, which you can't do by being forced on SEO crap.
Supply and Demand (Score:3)
I'd have thought that lots of people can offer credit card numbers since they have been around for a while.
Instagram likes are a new "product" and presumably available from fewer places hence more expensive.
What's a CC number worth, on average? (Score:2)
Re: (Score:1)
Really worth more? (Score:2)
Credit Card Numbers are almost worthless (Score:2)
Our credit card system is set up so that getting money from the credit card account without being quickly caught is the hard part.
Usually you need some kind of idiot mule to get the money, sent it to you, without knowing who you are. Then when the cops arrest him, he is stuck holding the 'bag'.
Re: (Score:2)
But if you steal someone's identity and open a card account in their name, the cops will claim it's not in their jurisdiction, the feds won't care because your loss wasn't big enough, the credit card company won't care because they just declare it fraud and close the account (but won't give you information because "if you go and shoot the person, we're liable"* ), and the credit agencies don't care because it doesn't matter to them if your credit file is messed up.
Not that I'm bitter or anything.
* Yes, I wa
Re: (Score:2)
... AND I pressed Submit before re-reading my post. (When will I learn?!!!)
Should have been: "But if someone steals your identity..." to keep the pronouns straight the whole way through.
Re: (Score:2)
You can easily have that removed from your credit history simply by talking to the right people - aka the credit agencies and the card issuing people if you are persistent.
The credit card company itself must have reasonable reason to think it was you. The credit agencies are not legally allowed to not care if your credit file is messed up. They have to resolve it in a reasonable amount of time.
The real problem is when this happens repeatedly - as in they repeatedly do this to y
Re: (Score:2)
The credit agency did remove it and my credit file is now frozen so nobody can access it (without me thawing it first). Credit agencies don't like freezes, though, because it means they can't sell access to your file to credit card agencies for those "you're pre-approved" letters. After this happened to me I did some research and found that there was going to be a law allowing anyone to freeze their credit file whenever they wanted to for no charge and the credit agencies fought (and defeated) it. Instea
Re: (Score:2)
Bwahahahahaha
Yea, and its against the law for politicians to lie too (seriously, it is!).
You're an idiot. TUnion, Equidix and experiscam have absolutely no incentive to fix your report and the requirement to prove them wrong is on you. It is practically impossible for them to every get in any sort of trouble for their behavior, and its that way because they lobbied it that way and we keep voting in the same politicians.
Re: (Score:2)
They can be gotten by almost anyone. Waitresses, cashiers, etc. can easily collect hundreds a day.
Our credit card system is set up so that getting money from the credit card account without being quickly caught is the hard part.
Actually, it's not.
You only get caught if your dumb (I.E. order a big screen TV delivered to your home).
The majority of credit card fraud occurs through high volumes of low value transactions. For US credit cards it's normally US$20-15 per transaction and for UK/European cards it's more like US$30-50 as European banks believe a bit more in their own security. This is actually very hard to catch if done properly, most people wont notice the money gone and by the time the bank pieces it together (as you
the real reason (Score:2)
So a like is worth 3 cents? (Score:2)
I'll totally like whatever crap you want, if you'll pay me. No criminal activity required - cut out the middleman!
p.s. I'm sad this page doesn't yet have any references to whuffie in it. Now it does. (This reminds me of it greatly.)
Re: (Score:2)
I have looked through those a few times, its always makes me marvel at people. Not the ones who accidentally grab a shot of their card, leaving it in what is obviously a photo of something else...that is dumb but, its not stupid. Thats kinda on the level of "hey you know theres a dildo in the background?"
However, most of them however, most of them are people showing off their new card like some sort of status symbol; Kind of like "Look, my name is in the phonebook! I am a somebody now!"
Lady GAGA (Score:2)
Thats how she got 25 million fans on twitter!. ;)
I knew that was a bit much for fans that actually liked her music,
Real likes always is better (Score:1)
Re: (Score:1)
Because the people that shop at forever 21 definitely care about these things.