Online reviews of ‘The Mayor’s’ worldwide money transfer service couldn’t be more glowing.
‘I tried the transfer service and I’m happy to say that my first-ever payment went through for me today,’ says one elated customer.
‘This is going to be a good business relationship! I can feel it! Thank you Mayor.’
Another customer writes effusively: ‘Left Western Union with $4,725, I’m surprised at how easy it was.’
Accompanying the testimonials are photographs showing wads of cash strewn across car seats, sofas and customers’ laps.
Ill gotten gains: A ‘customer’ of the credit card fraudster known as The Mayor posted this picture of wads cash said to be the proceeds of a successful credit card scam
Clearly, users of the service find it a reliable way to move cash between countries. But something sinister is going on behind the gleeful reviews and triumphant pictures.
‘The Mayor’ is an internet user part of an underground network of fraudsters who hack bank accounts and steal bank card details to flog to other crooks. And his customers posting on this online forum know full well what is going on.
On Monday, the Mail revealed that internet giants are struggling to stop the likes of The Mayor from operating.
Today, Money Mail exposes the terrifying criminal underworld that is right under our noses. Using Google, Facebook, YouTube and webpages that anyone can find, crooks trade all the information they need to raid your bank account and spend on your credit card.
Your cash could be up for sale
For anyone unsure of what The Mayor is actually offering, he spells it out on his forum post, which is really just an advertisement: ‘I specialise in carding and transferring funds from hacked bank accounts and credit card data to you by Western Union, Money Gram or bank transfers worldwide.’
To put it in even simpler terms, The Mayor steals money from the online bank accounts of innocent victims and then ‘sells’ the money to unscrupulous buyers.
The buyer pays a small sum and The Mayor transfers them far more in stolen funds via Western Union, the legitimate international payments service.
The customer is given a ‘secret’ code to take to Western Union to collect the money in cash in their local currency.
They don’t even need to show their ID, The Mayor says. In one post, a U.S. buyer says they paid $600 to receive $3,500.
The Mayor’s reference to ‘carding’ is a sign that he runs a sophisticated operation. This is the slang fraudsters use to describe the trading of credit card, bank account and other stolen personal information.
The Mayor claims to have ‘endless suppliers of hacked bank accounts and PayPal accounts in most countries’ for those willing to contact him privately.
This type of data is used to commit identity fraud, where criminals go on a spending spree using their victim’s money, or apply for a mobile phone or loan in their name.
Identity fraud has hit an all-time high. In 2017, almost 175,000 cases of identity theft were recorded by Cifas, the body that tracks this type of crime — that’s more than double the figure recorded a decade ago.
Such fraud now costs the UK £5.4 billion a year, according to Action Fraud, which works with the police to stop cybercrime.
On top of this, there were 1.9 million unauthorised transactions on cards and bank accounts in 2017, worth a total of £731.8 million.
This number, from banking trade body UK Finance, includes fraudsters using stolen card details online and opportunistic thieves spending on lost contactless cards they have picked up in the street.
The legitimate-looking KiCarding Premium app claims to offer more than 20 tools, including tutorial guides and a temporary email inbox – which are used for credit card fraud
Banks are obliged to refund unauthorised transactions and ID theft where the customer was not at fault. So, in theory, it’s the banks — and not innocent customers — who suffer from the criminal activity being carried out by The Mayor and his buyers.
But every pound a bank has to pay to cover fraud losses eats into its profits. And to keep profits high, they cut costs elsewhere. That can mean lower savings rates, higher fees and interest charges for borrowers, or even closing branches.
Phone apps to make fraud easy
The Google Play store is an online marketplace where smartphone users can download applications, from messaging service WhatsApp to music streaming service Spotify.
But Money Mail found that alongside legitimate apps were programs designed to make fraud easy.
Google itself is not responsible for creating the apps, it merely allows programmers to upload their software so other users may download it. One such app, called KiCarding Premium, was removed from the Play store by Google during Money Mail’s investigation.
The app was free to download and, before it was taken down, had been reviewed by 180 users, garnering an average score of 4.3 out of five.
It is still available to download on unofficial Android app stores and on its own website.
When we sent the details of the app to fraud experts, they confirmed that it contained all the tools a crook would need to spend money on someone else’s card.
This included software enabling the user to find stolen card details online and then check if the cards were still active in order to use them to purchase products from internet retailers.
Consultants from cyber security firm Secarma say the app also featured a global chat room that connected users with other hackers and ‘carders’ who steal, trade and use card details.
It also offered links to websites where the user could find stolen credit card information.
In total, the KiCarding Premium app claimed to offer more than 20 tools, including tutorial guides and a temporary email inbox.
Similar apps are still available on the Google Play store if you search for ‘carding’, including Pro Hacking Tutorials, Daz Bins Generator and Bin Credit Card Checker. All have four-star ratings.
Fraud experts at Secarma say most carding tools hide the user’s real location and computer details (known as their IP address).
Many tools also offer a Bank Identification Number (Bin) checker. This allows the hacker to find out information about a credit card, such as the balance.
Another app, Social Bins, says it is designed for ‘bineros’ — the slang for Latin American cybercriminals. The app allows users to share information and includes tutorials which promise to teach you about ‘the world of carding’.
Daz Bins Generator says in its description: ‘Our application will show you the bank name, card type, country code and brand.’
It says this information can be ‘used for educational purpose and also commercial purpose [sic].’
Epidemic: Identity fraud now costs the UK £5.4 billion a year, according to Action Fraud, which works with the police to stop cybercrime
So brazen they hijack forums
Until recently, the illegal trade in personal data was mostly confined to the dark web.
This is a specific corner of the internet that is difficult for ordinary users to access. You can’t stumble upon it by accident without the right program and web address.
But now, hackers and traders such as The Mayor are using public forums and message boards listed on the Google search engine. This increases their exposure to a larger number of potential customers.
In some cases, the websites are set up specifically for the hacking community to trade the information they’ve harvested, share tips and sell tools.
Others are forums designed for legal purposes that have been hijacked.
For example, on the Poker News forum, one person posting under the username Henry777188 has advertised the sale of personal data, including contact details, dates of birth and financial information.
Another user on the same message board, going by the name of Minh Tuan, has posted a list of information that is up for sale, including credit card details, account numbers, sort codes and other personal data.
Minh Tuan sells the full details for one British person for $35.
Another user explains how to use credit card details to obtain the owner’s phone number, date of birth and their mother’s maiden name.
Other websites advertise lists of ‘trusted’ online shops where stolen information can be bought.
One example, trickscity.com, claims to do this for ‘educational purposes’ so people know ‘what the shops look like’.
While another website listed on Google describes how to build your own card skimmer — a device that criminals attach to cash machines to record the information on cards that are inserted. It then creates a copy of the card, which can be used to commit fraud.
The instructional page includes links to stores where the parts for card skimming devices can be purchased.
It also offers a video tutorial for $320, with payment to be made in the cryptocurrency Bitcoin.
Facebook pages to swap secrets
Fraudsters have become so bold that they now communicate openly on social media about their activities.
Money Mail found Facebook pages — including World Hackers Page and Hacking Tricks — where cybercriminals are selling bank logins, card PINs and information from PayPal accounts.
The World Hackers Page appeared to operate as if it were a legitimate business. A Facebook Messenger window pops up as soon as the page loads, giving customers the chance to ask the seller any questions directly.
It offers suggestions such as: ‘What’s your return policy?’, ‘Where is your shop located?’, ‘Can I give feedback?’ and ‘Could you give me a call, I’d like to speak to someone?’
There were 1.9 million unauthorised transactions on cards and bank accounts in 2017, worth a total of £731.8 million
Both this page and the Hacking Tricks page have been taken down since the Mail reported them to Facebook.
But security experts say this will not deter criminals, who will simply set up more.
Neil Hare-Brown of Storm Guidance, which advises on cyber security risks, says it would be easy to prevent these pages from appearing, but it would be costly to recruit staff to monitor them.
‘There’s a ton of stuff out there that shouldn’t be, but tech giants take a pragmatic view,’ he says.
‘They will only take down sites when they are asked or forced to with a court order.’
Youtube tutorials with 16,000 views
Video site YouTube has strict policies on inappropriate content; nudity and graphic violence, for example, are banned. But it struggles to police more than a billion users, who upload 300 hours of video every minute, so it relies on users to flag illegal content.
Money Mail found hacking tutorial videos on the site. These provided tips on how, for example, internet users could change their computer IP addresses, which give away their locations, to the same one that would have been used by the bank customer whose card details they have stolen. In theory, this trick could enable a cybercriminal to use a stolen card without triggering a fraud alert at the customer’s bank.
One video gives a demonstration of someone using stolen credit card details to buy a Canon camera online for $874.09. It has been viewed more than 16,400 times and has 190 likes.
Users can post comments on these videos, and some share information on where to source credit card numbers or promote their supplies of stolen information.
Chris Underhill, from Equiniti Cyber Security, says stolen financial information and personal data is just ‘lying around online waiting to be found’.
He adds: ‘If you know the right search terms, you’ll be able to find hacking programmes and tutorials within seconds.’
But Mr Hare-Brown says it’s difficult to tell what information posted by cybercriminals is genuine and what is fake. He adds, in some cases, the fraudsters are selling data that isn’t real in order to scam amateur carders.
Glyn Whittick, of the Dedicated Card and Payment Crime Unit (DCPCU), admits the trading of financial information online is a real issue.
‘The selling of card details online is a major problem and the DCPCU continues to target criminal gangs involved in this kind of fraud,’ he says. ‘Working closely with the banking industry and our law enforcement partners across the world, we are cracking down on online fraud and bringing those responsible to justice.’
Google has removed the videos on YouTube reported by Money Mail.
A spokesman says: ‘Our policies are designed to provide a great experience for users and developers. That’s why we remove apps from Google Play that violate those policies.’
Facebook says: ‘We do not allow people to promote fraudulent activity on Facebook.
‘We have removed the content brought to our attention by the Daily Mail for violating our Community Standards. We are conducting a wider investigation into the matter and are removing similar groups and accounts.
‘We urge people to use our reporting tools to flag content they suspect may be illegal or violate our standards so we can take swift action.’
Western Union was approached for comment and had not responded by the time we went to press.
a.murray@dailymail.co.uk