Fifty-nine suspected scammers have been arrested as part of a major international crackdown against credit card fraud.
The month-long operation took place in October and saw 19 countries involved in targeting criminal networks that were using stolen credit card information to order high-value goods from online shops.
Law enforcement raided locations where goods bought using stolen credit card details had been delivered, arresting the suspects and confiscating the fraudulently acquired items, according to Europe's law enforcement coordination agency Europol.
The action was coordinated by Europol's European Cybercrime Centre (EC3) and the Merchant Risk Council, the non-profit membership association for eCommerce payments and fraud prevention. They also received assistance from online merchants, logistic companies, banks, and payment card schemes.
The countries involved in the clampdown on cyber-criminal credit card fraud rings were Albania, Austria, Bosnia-Herzegovina, Colombia, Czech Republic, Finland, France, Georgia, Germany, Greece, Hungary, Latvia, Poland, Portugal, Romania, Slovak Republic, Spain, Sweden, and United Kingdom
Investigations are still ongoing and new leads are being followed after the action was taken, but Europol said it expects further arrests in the coming weeks.
Payment card fraud isn't as lucrative for cyber criminals as more high-profile schemes such as ransomware attacks, but the impact is certainly felt by anyone who has their bank details stolen, money drained from their account, as well as their sensitive personal information used by criminals to commit further fraud.
And while the crackdown on credit card fraud will be welcomed, cyber criminals are continuously evolving their attack techniques to steal money, whether that's from individuals or businesses.
According to Europol, there are three key ways in which cyber criminals are stealing credit card details and bank information from people.
Phishing, vishing and smishing
Credit card numbers are often stolen using relatively simple phishing attacks, where scammers will use mass mailouts to send potential victims emails or text messages designed to trick them into handing over their bank details.
Examples of this include cyber criminals impersonating banks and claiming there's something wrong with your account, asking you to enter your bank information to fix it, or scammers claiming there's a delivery waiting for you, but you were out or the postage cost hasn't been paid and you need to pay for it.
More advanced phishing schemes can also employ voice phishing (vishing) – where cyber scammers will ask their victim to call a number, or the scammers could even directly call the victim. Either way, the aim is to steal credit card details from the victim by convincing them with social-engineering tactics from the other end of the phone line.
Account takeover fraud
These are attacks where cyber criminals gain access to a victim's account for an online store. This can be done using several methods, including buying stolen usernames and passwords and other personal information from dark web forums, or successfully using a phishing attack that tricks the victim into entering login details into a fake version of a real online store.
With access to the account, the scammer can commit fraud by accessing the victim's payment details, using their online account to buy things, take out funds and even use that account to gain access to other accounts owned by the victim – particularly if those accounts have the same password and aren't secured by multi-factor authentication.
This is when cyber criminals set up fake or replica websites that are designed to lure buyers in with offers of cheap goods or discounts on luxury items – but the catch is the goods don't actually exist and are never shipped, with the cyber criminals simply taking the money and the victim receiving nothing.
These fake websites can appear in adverts, or users can be directed to them through phishing emails or hacked accounts on social media.
How to avoid becoming a victim of online fraud
Online fraudsters regularly adopt new techniques in their mission to collect credit card details and steal usernames, passwords and other information. But as recommended by Europol, there are several things that online shoppers should keep in mind to avoid falling victim to fraud.
These include never sending your card number, PIN or any other card information to anyone by email, not submitting your credit card information if you're not buying anything, plus checking your online banking service regularly – and notifying your bank immediately if you see payments or withdrawals you didn't make yourself.