Ring of bogus web shops steals 850K credit card numbers
Let me tell you a quick story. I like Johnston & Murphy shoes. I’ve been trying to get this pair for weeks, but since it seems a lot of other people like it too, it’s been out of stock in my very common shoe size. So I did a Google search to see if I could find other stores that had it in stock.
And wouldn’t you know it, there was another Johnston & Murphy site, almost the same one with “USA” added to the URL. It looks similar to the other site, but it had every single size of that shoe in stock, ready to buy. And it was half off the original price, what a deal! It must be an overstock outlet for the brand. So I put the shoe in my cart, and prepared to check out.
But for some reason, PayPal was the only payment option. No big deal, I often use PayPal and it has a purchase security program. So I went through the PayPal interface…and the very last step in the process, the one that would confirm the order, said “Agree and Subscribe” instead of “Purchase.” It also asked me to pay someone who isn’t Johnston & Murphy, but “Association Islamique Fulado.” That name didn’t return any useful Google results — Its address is somewhere in Luxembourg, assuming it’s the same person or organization.