Last week, we told you how our banking sources had linked the recent rash of fraudulent debit and credit card charges from a mysterious company listed as WEBLEARN to the scammers behind a similar scheme that had dinged victims’ accounts for bogus $9.84 transactions during the holidays. Some further investigation by those better equipped to do so has turned up more on this link.
Cybersecurity journalist Brian Krebs writes today about the connections between WEBLEARN and the folks behind the so-called $9.84 scam.
Krebs confirmed what we’d heard from the bank folks — that this scam, like the earlier one, was using a third-party card-payment processor, in this case a company called BlueSnap, to push through its fraudulent transactions.
The processor in the $9.84 scam was company named Credorax, which lists offices in Malta, Israel, London, and Massachusetts. In January, it claimed to have been just an innocent dupe of the scammers. Interestingly enough, BlueSnap also has offices in Malta, Israel, London, and Massachusetts.
BlueSnap also used to go by the name of Plimus. In 2011, Krebs wrote about Plimus because it was processing payments for a scam artist who was selling computers that were pre-loaded with botnets. It was also sued for its part in allegedly creating fake online reviews and marketing campaigns for various affiliated websites.
Writes Krebs of the similarities between WEBLEARN and the $9.84 scam:
As with the $9.84 scheme, this latest round of phony charges appears tied to an affiliate marketing scheme for “online learning” (hence, the “Weblearn” notation on victims’ credit card statements). One site that’s connected to the Weblearn scheme is onlinelearningaccess.com, which actually includes commented-out code hidden in its HTML content stating that “the charge will appear on your credit card as WebLearn8884612032.”
That same site is closely tied to a network of other flimsy affiliate learning systems, including greatweblearning.com, jnselearning.com, and learnonlinemembers.com. As we can see from the checkout page at onlinelearningaccess.com, the base price of the “system” is $8.83, but different checkout totals can be achieved ($11.08 and $10.78, e.g.) simply by selecting different items to add to your shopping cart.
Regardless of who is behind the scams, or whether they are caught or stopped, these sort of nickel-and-dime schemes will continue so long as their are bad, clever jerks with access to computers.
So it’s worth reposting the following advice:
1. Be vigilant about checking your debit and credit card statements
Yes, it’s annoying and time-consuming (and depending on how little you have in your bank account and/or how much you owe to a credit card company, it might be depressing), but checking your statements a couple of times a week is the best way to catch these things before it’s too late. The longer these transactions go unnoticed, the harder it is for investigators to do their job, and the harder it is to make your case that it’s fraud.
2. Be mindful of all transactions, not just WEBLEARN
When looking at your statements, don’t just look at the company names for obvious scams. Look at the names and the dollar amounts and make sure each transaction on your card makes sense to you. The $9.84 scam used multiple names but the same amount, while the WEBLEARN scam is using different dollar amounts but the same company name. Previous scams have used company names that look a lot like businesses you might spend money at in order to fly under the radar.
3. Call your bank or credit card company immediately
Even if you get through to someone who promises to refund your money, you need to contact your bank and/or credit card issuer so they can investigate. Likewise, if you’re unsure of a transaction on one of your cards, the bank can usually provide more information that will help you determine whether or not some strange-looking purchase is legitimate or not. After all, something that looks like it’s coming from a company you’ve never heard of might be a legit purchase in the unfamiliar name of a holding company or franchisee.