Ally Bank has reported an increase in stolen debit card numbers that are draining funds from customer bank accounts. A source that is close to the fraud department reported that there has been an increase in scripting attacks. The attackers are using smaller online marketplaces to run scripts and brute-force card numbers. By using the known BINs (Bank Identification Numbers) on these cards, which are the first four to six digits, the attacker is able to brute-force the final digits on the cards until it becomes possible to make a small purchase on the e-commerce site. Once a valid card number is identified, the threat actor can begin to use it to make larger purchases.
Analyst Notes
Smaller e-commerce websites typically do not have the security controls in place that recognize when illegitimate card numbers are being entered at a fast rate. Thus, it makes them a perfect testing ground for these threat actors, who can run random numbers until one works. These threat actors have gotten smart and learned how to run these scripts on multiple websites at one time, making it harder to identify the brute-force attack. scripts like thee have been see for-sale on the Darknet in the past for as little as $100. Attacks such as these outline the importance of doing a manual review of all accounts for fraudulent charges. If one is identified, the banking institution that holds the account should be contacted immediately.
https://www.bankinfosecurity.com/scripting-attacks-on-e-commerce-sites-hit-ally-bank-accounts-a-19913?&web_view=true
