It’s Not Hard to Find Scammers Selling Credit Card Information on Major Social Media Sites

Platforms say that violates their rules, but some of the posts have lingered online for years.

Getty Images

Major technology companies have let their platforms become home to one of the earliest scourges of the internet—credit card based cybercrime.

In the wake of a recent Wired story which found over 70 Facebook groups created to sell stolen credit card information, Zach Allen, director of threat operations at ZeroFOX, a cybersecurity company, ran his own analysis targeting a variety of platforms, including YouTube, Reddit, Medium, and Github.

Allen told Mother Jones that he’d found dozens of instances of internet criminals appearing to be openly selling stolen credit card information on those platforms in just about 15 minutes, and was confident that with more time, he could have found many others. It wasn’t hard: Scammers frequently included common terms indicating fraudulent or stolen card information—like “credit card insider” and “carder”—in their usernames.

While credit card scammers often operate on harder to access parts of the internet, using mainstream platforms can help lower the barriers to entry to capture new business by providing a wider audience of people seeking to buy the numbers. It can even help scammers scam would be credit card scammers by taking money from customers and never actually coming through with credit card information.

Many of the posts Allen found were as recent as the last several months, however, some were posted within the last several years—some on Github appeared to have on the site since 2016 without being noticed.

“This is a large and persistent issue and much broader than just Facebook. Carders are marketing across the full range of ‘social’ platforms,” Allen wrote in a document accompanying his findings.

After being alerted to Allen’s findings by Mother Jones, the tech companies quickly responded, pointing to their existing rules barring the content.

Google immediately deleted most of the flagged examples, saying they violated terms of service. A spokesperson said in a statement that “YouTube has strict policies that prohibit the sale of many illegal or regulated goods, including stolen credit card information. We quickly remove videos violating our policies when flagged by our users.”

Reddit said in a statement that its “site-wide policies prohibit content that shares personal and confidential information, and this is inclusive of credit card information. Communities focused on this content and users who post such content will be banned from the site.”

Allen says the massive size of technology platforms and the vast amounts of information shared on them can make it difficult to address such cybercrime. “It’s easy to criticize, but when you see the swaths of data and scale of the problem they’re dealing with, you can see how difficult it is,” he said.

Still, If Allen was able to find such content with a search tool, ostensibly multibillion-dollar companies would be able to as well.

Cybercrime isn’t a new issue for the platforms, and while they’ve taken steps to curb it, egregious examples have still slipped through the cracks, suggesting that some companies might not have prioritized the issue enough. In August, for example, Motherboard found that Facebook had hosted stolen Social Security numbers and other sensitive, identifying information for years.

FACT:

Mother Jones was founded as a nonprofit in 1976 because we knew corporations and the wealthy wouldn't fund the type of hard-hitting journalism we set out to do.

Today, reader support makes up about two-thirds of our budget, allows us to dig deep on stories that matter, and lets us keep our reporting free for everyone. If you value what you get from Mother Jones, please join us with a tax-deductible donation today so we can keep on doing the type of journalism 2019 demands.

We Recommend

Latest

Sign up for our newsletters

Subscribe and we'll send Mother Jones straight to your inbox.

Get our award-winning magazine

Save big on a full year of investigations, ideas, and insights.

Subscribe

Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.

Donate

We have a new comment system! We are now using Coral, from Vox Media, for comments on all new articles. We'd love your feedback.