January 11, 2012

Given the heightened security surrounding air travel these days, it may be hard to believe that fraudsters would try to board a plane using stolen tickets. But incredibly, there are a number of criminal travel agencies doing business in the underground, and judging from the positive feedback left by patrons, business appears to be booming.

Ad above says: Maldives Turkey Goa Bora-Bora, Carribes, Any country, any hotels and resorts of the world.

The tickets often are purchased at the last minute and placed under the criminal buyer’s real name. The reservations are made using either stolen credit cards or hijacked accounts belonging to independent contractors in the travel industry.ย  Customers are charged a fraction of the cost of the tickets and/or reservations, typically between 25 and 35 percent of the actual cost.

Criminal travel services are contributing to a recent spike in airline ticket fraud. In December, the Airlines Reporting Corporation, an industry clearinghouse, said it was seeing a marked increase in unauthorized tickets issued. Between August and November of last year, 113 incidents of fraudulently booked tickets were reported to ARC, up from just 18 such incidents reported in all of 2010. The aggregate face value of the unauthorized tickets in 2011 was more than $1 million. The ARC believes the increase in fraud is mainly due to an surge in phishing emails targeting travel agency employees and contractors.

Some of the travel agencies in the criminal underground are full-service, pitching package deals thatย  include airfare, car rentals and even hotel stays. A hacker using the nickname “Yoshimo” on one prominent fraudster forum offers “80-95 percent working flight tickets in most countries (some restrictions apply),” for 25 percent of the original price, and 40 percent of the price for carded hotel stays and car rentals. He has been offering this service for more than two years, and has at least 275 positive reviews from current and former customers.

At first glance, it may seem unlikely that your typical paranoid fraudster would dare take advantage of such a service. But according to the proprietors, few customers are ever stopped, and those that are can simply claim that they were victims of fraud. At least that’s how it’s explained by Jeferi,” a criminal travel agent who has set up shop on the fraudster forum Kurupt.su.

To assuage fears of potential customers, Jeferi allows buyers to verify the status of their e-tickets the day of travel before paying for them. And of course, none of these bogus travel services accept credit cards: They only take payment via virtual currencies, such as WebMoney and Liberty Reserve.

“The story is simple,” Jeferi explained in a discussion thread that spans five pages and includes questions from dozens of skeptical and interested members. “The thing is, you are thinking as a criminal. Think about yourself as a victim of an online scam. You saw an advertisement of a “Travel Agency” in the Internet, and it seemed interesting. So you contacted them through a forum and finally arranged a deal. The travel agency told you that the tickets were last-hour tickets and that they were affiliate with the airlines, so they could offer these kinds of prices, and you thought they were legit. OMG! I never thought it was going to be a scam! Bastards!”

Chalk it up to professional pride or just greed, but it seems that many people who steal for a living have difficulty legitimately purchasing anything online. There is probably also a strong emotional jolt that these guys receive from getting a stranger to pick up the tab for a tropical vacation. As Jeferi says in his ad: “What’s better? Money for one day to buy some chips? Or Big Money each day to do whatever your want?”


28 thoughts on “Flying the Fraudster Skies

  1. qka

    If you’re caught with one of those bogus tickets, you’d better hope the airline doesn’t put you off halfway to your destination.

    1. Daniel

      It comes down to how good of an actor you are. I had a friend who regularly keep a clown nose in his jacket pocket when he flew. The clown nose, a few jokes, and an upgrade to first class was in his pocket every time.

      So long as you can play sweet and innocent (look bewildered) you’re going to be golden. Be a member of the airlines FF program too. They aren’t going to dump you in the middle of nowhere. Too much bad press.

      (not condoning these practices, just saying that the airline has a vested interest in making sure you get to your destination once in transit.)

  2. george

    Interesting story !
    I am wondering why USA, Europe and South America are claimed with high chances of success while the rest of the world seems problematic for those thieves.
    In 2007, a colleague of mine who was travelling frequently for business to Malaysia noticed fraudulent charges on his credit card. It seems his card was used to book flights. He reported it to his bank and was refunded and a new card issued, but as far he was informed, no further attempt was made by the bank to catch the thieves. He (and the the rest of us in the office) were bewildered and a bit angry at this missed opportunity to catch the fraudster at check-in. I believe it was not a case as presented by Brian, but more likely an individual shop employee, waiter or hotel clerk getting hold of my colleague card details and benefiting for himself and/or his family but it strikes me now as it did then that they did not fear passing airport security with stolen tickets.

  3. Ken

    I’ve seen this happening in Venezuela over 10 years ago with stolen credit cards. It’s obviously becoming more sophisticated now though, with account hijackings and whatnot.

  4. bob

    “many people who steal for a living have difficulty legitimately purchasing anything online”

    An interesting point. I wonder if this is an internet thing. I hate paying for software and will spend ages looking for open source equivalents even if they’re substandard and the premium one’s are relatively cheap. It’s not that I’m cheap, I have no problem shelling out for a top of the range Mac laptop every couple of years, it’s just that I resent paying for software after that initial purchase.

  5. Chris

    A little pop culture: Tony Soprano was arrested over fraudulent airfare tickets that he had given to his mother. It’s a great predicate in a RICO case.

    Sorry for the nerd outburst. ๐Ÿ˜‰

  6. omfgwallhax

    If they are booked on the real name that means the seller knows the real name of 200+ carders?
    (And has a rough estimate where they live, based on their source airport)

    1. george

      @omfgwallhax
      Those 200+ you mention are not honest citizens, that’s for sure, since they make use of those plane tickets and hotels while fully aware they were gotten through fraud. But I think it is unlikely to be carders either since those could just as well “buy” the tickets themselves, almost for free, using one of the stolen CC. They are probably other miscreants on various orbits in the fraud “solar system”. Spammers, Skimmer vendors, drops, other scammers, illegal pharmacy and the list go on.

  7. JS

    This is typical of finding low hanging fruit for cons.

    1) Find an industry/business that has many independent contractors with little recourse or willingness to take the matter to law enforcement

    2) Find an industry/business with deep pockets that would rather write off the books loss to fraud than to damage the rep of the business and lose trust with legit clients

    3) hack & phish till it becomes to much effort to work the con.

    4) Until caught Goto 3

    5) If caught goto jail/prison and learn advanced cons, Goto 1

    Despite these travel & resort industry reporting how much business was done through ill gotten gains zero main stream media coverage.

    Nice public service ad campaign. Not so much good for the credit card & banking industry.

    The scene is a Jet going to a tropical local.

    Person to the right of you paid $500 a seat via a travel agent, you paid $400 a seat because you went online.

    The guy to your left also went on line but paid — $50 and some other victim of credit card fraud was charged $450 which is a cost spread across you and many others by the industry….

    The guy to the right paid more because his travel agent was hacked last month and has to make up the money they lost.

    You and the guy to the right could have both flown for $350 if the market was fair and you weren’t subsidizing someone else’s fraud.

    Fight Fraud — Real people lose and criminals gain at everyone’s expense.

    Fade to Black

  8. AlphaCentauri

    When I check in with an e-ticket, they want me to swipe the credit card I used to book the ticket. It would be worth TSA’s and the airlines’ time to pay attention to any traveler whose e-ticket was purchased with a credit card but who doesn’t have the card in his possession at check in.

    1. Ken

      What if your parents bought your ticket, or you were on business travel, paid for by someone else’s credit card?

      1. AlphaCentauri

        Certainly it happens a lot. But if it were routine for those travelers to be scrutinized more closely, it would make fraudsters a little more concerned about using stolen cards to purchase tickets. The would be sitting right there with a TSA agent when they had the credit card company call the phone number for the account to check. If the cardholder denies making the purchase, you’re going to federal prison.

        1. AlphaCentauri

          Thinking about it, I need to be more clear. This is the way it would play out:

          The traveler presents at the airport with a ticket purchased by credit card. The traveler does not possess the credit card. The traveler is asked by the check in agent or kiosk to indicate how he purchased the ticket. The student traveler chooses the option “the ticket was purchased on my behalf by a family member.” The scammer chooses something like, “I purchased this from an online travel agency.” (Remember, the ticket is purchased in his name. He can’t claim he got it second hand and doesn’t know who purchased it.)

          The credit card company is alerted to contact the cardholder to confirm the purchase occurred as indicated. If the cardholder cannot be reached by phone, the traveler gets away with it.

          However, if the purchase is fraudulent, the scammer cannot get on his flight. If he claims his dad purchased the ticket for him, he has just lied to the TSA agent, and he’s going to jail. If he claims he was the victim of a scam, he’s going to be questioned several hours and fingerprinted. If it’s international travel, his laptop may be taken for examination. He’s not going to fly that day, and the excuse will only work once.

          If the risks of doing it are higher, and the chance of succeeding is lower, it would stop the practice pretty effectively. It’s disturbing to know airlines and the TSA are knowingly allowing this to happen so often, while making the rest of us go through body scanners in our stocking feet.

  9. Daryl Zero

    My credit card info was recently stolen. I still had my card so either someone took the info at a restaurant or an online website got hacked, most likely the latter as I pretty much only used that card online.
    They charged $1,400 airline ticket from some company in Virginia (I’m in Chicago).
    My bank alerted me because there was also some charge in Michigan and a $7 orbitz fee.
    I was wondering why they would buy an airline ticket as they would be caught so easily, now I know why.
    I’m still waiting for my bank to give me my money back after a month.

  10. Marcin Kleczynski

    Luckily, some credit card companies and airlines are vigilant when it comes to this type of fraud. A relative’s credit card was once stolen and a United ticket booked. Reaching out to both American Express and United worked and the ticket was refunded almost immediately. Then again, this was some time ago.

  11. h

    Tails (LiveCD) is crap, and I’m being nice here. Bloated, contains HAMRADIO and PACKET RADIO modules which no one in their right mind would use on a distro aimed at Tor use, I don’t even believe 1% of Linux users use them, yet they’re generated right there in the directories. Google about ham radio / packet radio modules and their use over wireless devices, ethernet, and sound cards, there’s some serious shady actions going on I can tell you from my observations with different distributions and these driver modules being rolled into them on many distributions of Linux.

    The first agenda on your boot-to-Linux distribution is to check for these likely SPOOK friendly modules, generated in these two directories on Ubuntu, Debian, and some other distributions. First, DELETE all of your kernel headers and compiling tools so the SPOOKS can’t reload them, install ARPWATCH and watch for ARP and DNS poisoning.

    Now look for these modules and DELETE THEM with sudo or su depending on your distro: (kernelversion below should be replaced by your kernel version, you can just hit TAB once you’re in /lib/modules since there should only be one kernel on your drive)

    /lib/modules/kernelversion/kernel/net
    ^ in that directory if you don’t use bluetooth, delete everything in bluetooth dir
    ^ while you’re there, locate the following directories and delete the contents:
    directory names: can, ax25, x25, rose, netrom, ipx, appletalk
    delete the subdirectories, too

    run the killall command with sudo to stop bluetoothd and the bluetooth applet if you don’t use them (I wouldn’t!), and check lsmod | grep bluetooth, it’s running and you should disable it, so when you type sudo rmmod bluetooth it’ll say two other processes are using it, rmmod both of them, one of them is rfcomm, then remove bluetooth.

    now venture into:

    /lib/modules/kernelversion/kernel/drivers/net
    ^ in this directory, if you don’t use bluetooth, delete everything in bluetooth dir
    ^ locate the following directories and delete the contents:
    directory names: can, ax25, x25, rose, netrom, ipx, appletalk

    ALSO: in one of the above top dirs, you’ll find a HAMRADIO directory, delete everything inside. Some of these modules are blacklisted in a blacklist rare conf file, but this DOES NOT prevent them from being loaded, especially by SPOOKS/hacker slime.

    If you’re on a LiveCD install, don’t bother removing them it’s futile because the CD itself contains the headers and modules which the BACKDOOR BANDITS which control the airwaves can REINSTALL.

    To get information on these modules, type modinfo and the module name, for example, you’re in an ax25 directory, type modinfo ax25 and it will tell you more about the module, but many modules don’t say anything, which leads me to believe there’s more PACKET RADIO/HAMRADIO spyware located within these modules apart from the ones I’ve mentioned. There’s no earthly good reason for these modules to exist, nor kernel headers, on a Linux distro vanilla install, ESPECIALLY NOT ON TAILS which should be geared towards the support of PRIVACY.

    And why does my cd-rom drive light flash like crazy when I’m sitting at the Tails desktop with no programs running aside from the default? Why is it so bloated, why so many applications? LESS IS MORE! I recommend everyone NOT use Tails. I couldn’t believe my eyes when I saw CUPS daemon was loaded, on a security distro LiveCD? Pllllease…

    People, if you want to make a CD geared towards privacy, cut down the apps to only those required, let the users decide if they want to add potentially buggy packages which may affect their privacy and security and for Buddha’s sake, GET RID OF THE HAM RADIO/PACKET RADIO modules! Do you REALLY believe anyone is using any of these modules with Tor? If you do I have a bag of magic beans to tell you. And what the heck is CAN? A protocol for BANKS? You can’t tell me this is something you need on such a CD.

    You folks need to strip your distro down to the bare basics and start over, what you have, in my opinion, is a bloated messy .iso of junk, thrown together without serious thought to privacy and security of end users, with Tor just happening to be included.

    Keep tabs on the activity of your system with snapshots and a simple command:

    sudo find /usr/bin -mtime -60

    (60 equals 60 minutes)

    Turn your system on, boot from Tails or any other LiveCD and wait for a day, maybe two, maybe three, and issue that command to discover files having been modified and secured against virus scanning with various tools. It’s a field day for LiveCDs which include kernel headers, ham/packet radio modules, and applications which are likely to contain bugs.

    When you discuss this on-line, which I see little discussion of, or any serious security matter involving Linux, the SPOOKS, shills, or the unintelligent will label you a conspiracy nut, ask you why are you so paranoid, lock the thread, shuffle the thread (sock puppet users posting quickly to other threads so move yours down to become buried and unnoticed), move the thread (usually to an area of the board which is neglected by the public or where the public has no read/write access to threads), and/or delete your user account and your posts.

    WAKE UP!

  12. None of your business

    Haha Kreby boy you were easy weeded out and banned from kurupt.su.
    Fortezza said “Brian Kreb is easy to spot”
    Undercover researcher you are not.
    Now it is $200usd or 4 vouchers required for entry because of your little intrusion.
    On the other hand you did give Jeferi a little scare but everyone else just had a good laugh, someone even posted a link to your article into the forum.
    Now if you will excuse me I’ve got to get back to carding I’ve got some webshops to hit.
    You have a nice day Kreby boy

    1. BrianKrebs Post author

      ๐Ÿ™‚ Do you think I care? Don’t you think I would have found some other forum to name in my story if I were at all concerned about being removed from the forum? You discount the very real possibility that I am still there ๐Ÿ™‚

      1. None of your business

        ahahahaha
        You sound like one of those angry rippers after getting banned:)
        You are not in kurupt anymore and there is one easy way to prove it.
        email me this post from kurupt:
        Developments, 2 Security Risks Banned!

        Now Kreby boy it is time to backup your emtpy words either with action or excuses, I suspect the later:)

        1. george

          No, you sound like a pathetic, insecure loser. You are afraid Brian still has access to your pitiful forum and hope to trick him into accessing a low traffic post. Then you would ban all users who accessed that post. I seriously doubt Brian would fall for it.
          Moreover, whether he still has access, will regain it in the future or never before your site goes down is beside the point. There are plenty other scumbags with their own forums “awaiting” to be featured in this column.

          1. None of your business

            Hello Brian lol
            Nice excuse, just the kind of excuse I was expecting:)
            Pitiful undercover reporter
            I was just insuring you are no longer @ kurupt and that has now been confirmed:)
            undercover reporter/ self proclaimed computer security expert lol…your NOTHING.
            We could hit your site with a 500K bot if we wanted too but we choose not too, you are just to entertaining:)

            Have a nice day Brian

            1. lol

              You know, you really sound like a stupid kid. Not even making you look stupid writing some kind of nonsence here, but making that forums sophisticated members look stupid, which I doubt they are (and they shouldnt be looked at or treated like stupid ones, but rather as a big threat).

  13. You guys mad

    The government doesn’t care so why should you guys! You guys act like the bank is not going to give you your money back! This government is run by fraud, just don’t be stupid and be secured with ya belongings. Who ever gives there info away by getting phished, you are a fucking idiot and deserve to lose your money!!! Pay cash and non if this fraud would exist anymore, it’s ok for thegovernment to scam people but when other people do it to survive etc it’s th end of the world, especially when majority of the time the bank loses and not. The people! I’m a proud scammer and I graduated with a masters in tellecommunication and I can’t even get a job because white America is so fucked up! I waisted thousands of dollars and if it wasn’t for you stupid people being careless I wouldn’t be living so good. I thank you all while I’m enjoying this first class flight on this wonderful wifi heading to my penthouse in Hollywood hills ๐Ÿ™‚

    1. AlphaCentauri

      “I graduated with a masters in tellecommunication and I canโ€™t even get a job”

      Do you think it might have more to do with the fact that you can’t spell the name of your own field of study than that there is a racist conspiracy against you?

    2. Ken

      I know plenty of Black, White, Asian, Gay, Muslim, Christian, Female, etc people in senior management in many predominantly white countries. They didn’t get to where they are because of they are the way they are, but they got there because they were good in their field, trustworthy and could spell.

      Now do you not think the reason for you not getting a job might be to do with your inability to spell, the fact that you’re a scammer, and possibly because you suck, and nothing to do with the fact that you’re not white?

  14. dogear

    @Daniel, I work for an airline fraud department. If we catch someone on a confirmed fraud, we will and do take passengers off. Regardless of FF membership. They are given the opportunity to pat their fare with own form of payment at the airport though.

Comments are closed.