Number 3 of the Scams of Christmas: Season’s Breachings

Nobody's merry about this year's data breaches… nobody.

If you have a credit card—and who doesn’t?—you’ve probably been affected by at least one of the infamous data breaches at Home Depot, Michaels, Neiman Marcus, or Target—need I go on? What many people might not realize is that the stolen credit card information is eventually sold online at “card shops”—no, we’re not talking Hallmark.

In fact, just as we have the “internet,” the bad guys have the “darknet.” That’s where those who believe in honor among thieves other can hang out and do business. In the spirit of the holidays, these card shops are also having sales. The one at “goodshop” has thousands of credit cards up for sale in what it calls a “Happy Winter Update.” (By the way, note that its domain name ends in “[dot]bz,” which stands for Belize, and is definitely not the same as “[dot]biz.”) Brian Krebs, a journalist who blogs at Krebs on Security, goes into great depth about those online activities.

Also typical of most card shops, this store’s home page features the latest news about new batches of stolen cards that have just been added, as well as price reductions on older batches of cards that are less reliable as instruments of fraud…

…buyers were offered the ability to search for cards by the city, state and ZIP of the Target and Sally Beauty stores from which those cards were stolen. Experienced carders (as buyers are called) know that banks will often flag transactions as suspicious if they take place outside of the legitimate cardholder’s regular geographic purchasing patterns, and so carders tend to favor cards stolen from consumers who live nearby.

Read all of his Peek Inside a Professional Carding Shop for more info and a helpful glossary, too.

Anytime there’s a data breach, fingers will point and accusations will fly. That’s definitely the case with the fact that the personal information for 800,000 postal workers was recently stolen (hat tip: Engadget).  The FBI is saying they’re not sure who’s behind the attack. The press has already decided it was China. The postal workers union has filed a complaint with the National Labor Relations Board. Politicians are claiming this case proves that the government needs to reform their data security standards. And the Postal Service itself says there's no sign that the data was used maliciously. The postal workers would probably be better off having their credit card numbers stolen, at least that way they’d be offered a free year of credit monitoring.

Down to No. 3 on this 12 Scams of Christmas list, Holiday Heartbreakers, online dating at its worst.


Terry Ambrose writes the McKenna mystery series set in Hawaii. They're filled with snark, scams, and trouble in paradise.