Carders Use Fake Dating and Customer Support Sites to Steal Money

Experts from ReasonLabs have uncovered an unusual malicious scheme that has been operating since 2019. According to researchers, hackers have stolen millions of dollars from tens of thousands of victims using this method. The criminals run a large network of more than 200 fake dating and customer support websites, using these resources to withdraw funds from stolen bank cards purchased on the dark web.

How the Scheme Works

This campaign uses two types of domains: dating sites and customer support portals (lists of addresses can be found in the company’s report). If you try to visit the companies that supposedly own these fake resources, you’ll find that they either don’t exist at all or use fake email addresses like [email protected].

Fake Dating Sites

The dating and customer support sites themselves appear to be functional but receive almost no traffic, ranking low in Google search results. That’s because they aren’t designed to attract real users, but rather to serve as channels for laundering money.

ReasonLabs analysts note that all the sites share the same HTML structure and nearly identical content, suggesting they were created using automated tools. The fake customer support portals often use names of non-existent organizations or try to mimic real brands such as McAfee, ReasonLabs, and others.

Efforts to Avoid Detection

The operators of this campaign have gone to great lengths to hide all 75 fake customer support portals from search engine indexing, using instructions in Robots.txt to block scanners. However, the biggest challenge for the criminals is registering these sites with payment processors, who usually classify them as “high-risk” (even if the resource is legitimate) due to a high rate of chargebacks. To avoid being blacklisted, each site applies for payment processing individually, as the operators fear losing all their resources at once if fraud is detected.

To prove legitimacy, all sites feature 24/7 live chat support and a working phone number, outsourced to a real call center. Additionally, every site lists a toll-free number in case users want to cancel a payment—something scammers usually don’t offer.

Monetizing Stolen Cards

Once a payment processor approves a site, hackers use millions of stolen payment cards bought on the dark web to withdraw money through their fake sites. Most cards belong to U.S. residents, but it’s reported that cards from French-speaking countries have also been used.

Funds are withdrawn either via API or manually. The site operators are very cautious and try not to attract attention: they withdraw small amounts, use common names that blend in with other expenses, set up recurring payments for the same amount, and avoid test transactions.

Making Fraud Look Legitimate

In some cases, hackers even refund victims, making their operations appear more authentic and keeping the chargeback rate low.

Response from Experts and Authorities

Although many of the 275 fake sites are still active, ReasonLabs experts have already notified payment system representatives and law enforcement agencies about their findings.

“We have reported this scam to more than a dozen parties affected in some way. These include Visa and Mastercard, as well as many other services, including AWS, GoDaddy, and various registrars. We also notified Fraud.org, a project of the nonprofit National Consumers League, which shares consumer complaints with a network of over 200 law enforcement partners,” the specialists stated.