An analysis of their web traffic reveals that virtually all of it comes from visitors with US IP addresses who directly navigate to the sites by entering their domain names in the address bar, rather than visitors directed there by search results or other referrals. The websites also have low bounce rates and fairly high average visit duration times. These web traffic statistics form an irregular profile for websites that are publicly available on the open web. Even US-based websites with dedicated user-bases get a significant portion of their traffic from search results, referrals, and non-US users, and many of these visitors often don’t stay for long. It’s likely the case that these fake dating websites are visited solely by the threat actors operating this fraud campaign.
The threat actors behind this campaign go about charging victims’ credit cards by signing them up for subscriptions to the fake dating websites. These subscriptions are all processed by a payment processing service called RocketGate that seems to have been set up by the crime syndicate behind this fraud scheme. This means all funds collected from the subscription fees are directed to the crime syndicate.
In the case that card holders notice the charges, the threat actors have set up a litany of support websites that correspond in name to the billing information. Like the fake dating websites, many of these support websites re-use the same design and structure. Nonetheless, they all offer unique email addresses and toll-free numbers that victims can contact to reach an actual support service. If the victims decide to cancel their fraudulent subscriptions, the support service will actually cancel their subscriptions and issue refunds.
This level of customer support may seem surprising for a fraud scheme, but it helps keep the payment processor in the good graces of credit card companies, so the scheme can continue to charge other victims. This fraud campaign serves as a good reminder to watch your credit card history for unexpected or suspicious transactions, so as to not become a recurring victim of fraud.