March 31, 2014

A new rash of credit and debit card scams involving bogus sub-$15 charges and attributed to a company called “BLS Weblearn” is part of a prolific international scheme designed to fleece unwary consumers. This post delves deeper into the history and identity of the credit card processing network that has been enabling this type of activity for years., one of the fraudulent affiliate marketing schemes that powers these bogus micropayments., one of the fraudulent affiliate marketing schemes that powers these bogus micropayments.

At issue are a rash of phony charges levied against countless consumers for odd amounts — such as $10.37, or $12.96. When they appear on your statement, the charges generally reference a company in St. Julians, Malta such as BLS*Weblearn or PLI*Weblearn, and include a 1-888 number that may or may not work (the most common being 888-461-2032 and 888-210-6574).

I began hearing from readers about this early this month, in part because of my previous sleuthing on an eerily similar scheme that also leveraged payment systems in Malta to put through unauthorized junk charges ($9.84) for “online learning” software systems. Unfortunately, while the names of the companies and payment systems have changed, this latest scam appears to be remarkably similar in every way.

Reading up on this latest scam, it appears that the payments are being processed by a company called BlueSnap, which variously lists its offices in Massachusetts, California, Israel, Malta and London. Oddly enough, the payment network used by the $9.84 scams that surfaced last year — Credorax — also lists offices in Massachusetts, Israel, London and Malta.

And, just like with the $9.84 scam, this latest micropayment fraud scheme involves an extremely flimsy-looking affiliate income model that seems merely designed for abuse. According to information from several banks contacted for this story, early versions of this scam (in which fraudulent transactions were listed on statements as PLI*WEBLEARN) leveraged, formerly associated with a company called Plimus, a processor that also lists offices in California and Israel (in addition to Ukraine).

The very first time I encountered Plimus was in Sept. 2011, when I profiled an individual responsible for selling access to tens of thousands of desktop computers that were hacked and seeded with the TDSS botnet. That miscreant — a fellow who used the nickname “Fizot” — had been using Plimus to accept credit card payments for, an anonymization service that was sold primarily to individuals engaged in computer fraud.

Apparently, the Internet has been unkind to Plimus’s online reputation, because not long ago the company changed its name to BlueSnap. This blog has a few ideas about what motivated the name change, noting that it might have been prompted in part by a class action lawsuit (PDF) against Plimus which alleges that the company’s marketing campaigns include the “mass production of fabricated consumer reviews, testimonials and fake blogs that are all intended to deceive consumers seeking a legitimate product and induce them to pay. Yet, after consumers pay for access to any of these digital goods websites, they quickly realize that the promotional materials and representations were blatantly false.”

Damon McCoy, an associate professor of computer science at George Mason University, allowed that the bogus charges coming from BlueSnap’s payment network could be little more than abuse generated by a handful of bad guys who just happen to be using the company’s network. Then again, McCoy said, Plimus has long been associated with these schemes.

“Plimus has been doing processing for criminals for a while,” McCoy said. “Most of it seems to have been on the criminal-to-criminal side of payments.”

BlueSnap did not immediately respond to requests for comment. I will update this story in the event that they do.

As with the $9.84 scheme, this latest round of phony charges appears tied to an affiliate marketing scheme for “online learning” (hence, the “Weblearn” notation on victims’ credit card statements). One site that’s connected to the Weblearn scheme is, which actually includes commented-out code hidden in its HTML content stating that “the charge will appear on your credit card as WebLearn8884612032.”

That same site is closely tied to a network of other flimsy affiliate learning systems, including,, and As we can see from the checkout page at, the base price of the “system” is $8.83, but different checkout totals can be achieved ($11.08 and $10.78, e.g.) simply by selecting different items to add to your shopping cart.

Unfortunately, these types of schemes are as old as the Internet, and will be with us as long as there are companies willing to engage in so-called “high-risk” credit card processing — handling transactions for things like online gaming, rogue Internet pharmacies, fake antivirus software, and counterfeit/knockoff handbags and jewelry.

There is an entire series on the sidebar of this blog called “Pharma Wars,” which chronicles the exploits of perhaps the most infamous high-risk processor of all time — a Russian company called ChronoPay and its now-imprisoned CEO. While ChronoPay was most known for processing payments for spam-advertised pill shops and fake antivirus affiliate programs, it also was caught up in a micropayment scheme that for years put through bogus, sub-$10 transactions on consumers credit cards (usually for some kind of software or ebooks program).

If you see charges like these or any other activity on your credit or debit card that you did not authorize, contact your bank and report the fraud immediately. I think it’s also a good idea in cases like this to request a new card in the odd chance your bank doesn’t offer it: After all, it’s a good bet that your card is in the hands of crooks, and is likely to be abused like this again.

For more  on this scam, check out these posts from DailyKos and Consumerist.

Update: I heard back from BlueSnap CEO Ralph Dangelmaier, who said BlueSnap terminated the merchant 10 days before my story ran. Dangelmaier said he believes the merchant in question was a legitimate affiliate program that got hacked. BlueSnap vetted the merchant before allowing it onto its payment network, and even purchased the affiliate learning program. He acknowledged, however, that it was indeed unusual that the affiliate program doesn’t appear to have been marketed on the Internet to attract real-life affiliates. 

“We think one happened is one of their affiliates got hacked into and might have done something wrong,” Dangelmaier said. “As soon as we saw suspicious transactions, we refunded any customer payments we thought were tied to those. We went out and bought the product ahead of time as part of our due diligence and we actually used it. It was an online training tool. We’re working very closely with the acquiring banks, Visa and the authorities to try to help.”



70 thoughts on “Who’s Behind the ‘BLS Weblearn’ Credit Card Scam?

  1. Tom Seaview

    Other sites: “It’s a scam!”
    Your site: “These companies are behind the scam…”

  2. Aaron

    Noticed this on my card a couple weeks ago and thought it was from the Target breach. Should have reported it to Krebs!

  3. Harry S

    What is the pattern of card usage here then – one small charge per card, done with many cards, or do they keep trying small charges repeatedly per card over time?

    Is the idea to make $1000 by one hundred low risk $10 fraudulent transactions with one hundred cards versus one high risk $1000 transaction with a single card?

    I just wonder about the risk/reward of this type of action.

    1. BrianKrebs Post author

      Typically the way these things work is they put through lots of little transactions from a whole bunch of cards. Most of them go unnoticed, and few people will report chargebacks. That’s the whole point of listing the phone number in the credit card charge: They want people to dispute the charges directly with the merchant, not call Visa and MasterCard and issue a chargeback.

      Also, many of these schemes will employ a huge number of merchant accounts that they can cycle through in case they get burned on the chargebacks.

      1. phillip garrett

        I was hit with the blsweblearn charge yesterday 3/30/14 I called my cc company they reversed my charge issued me a new card but told me this a shown as a monthly charge so the merchant may very well charge me again next month they told me to contact the merchant to stop this. Problem is the phone# is no good! What can I do other than close my account. How can they allow this merchant to do this again when they know it is a fraud???? Please advice if you can. Thank You Phil

      2. mr roboto

        This is not an affiliate marketer. This made to resemble one. They are slamming compromised cards with the charges. These cards are not part of any widely known breach.

    2. ts

      Having dealt with credit card charge-backs… A lot of the time the credit card doesn’t even charge-back the vendor, but eats the charge. I guess it is a pain threshold issue, it likely costs the credit card issuer more than $10 to process a charge-back… Thus the crooks may get their money even if you call your card company. But for $1000 the credit card company would push through the charge-back.

  4. Russian Citizen

    What you talking about? If someone authorize the charge, it’s not a scam, even if they don’t receive anything. It’s something like a baptism to have credit card, you need to fall once in something like this to learn how the world is. That’s the jungle of the new age. And you Krebs are earning your bread from this news, if this doesn’t exists at all you would be just another broken ass journalist. And Plimus was a good payment processor which I used many times to buy softwares on internet. You are always blaming the wrong people, showing pictures and all without having sure if they are the real thefts you are talking about. Maybe you are cause damages in another persons life, just like the miscreants you earn your money from. Bye, and try to get a better life instead of blame the ones who gives you all the prestige you have.

    1. BrianKrebs Post author

      Voksalna, is that you? 🙂

      Seriously, you think that anyone who got these charges on their cards actually asked for them? Or are you suggesting that just because they have a card they should be willing to put up with nonsense like this so that scammers can earn a living?


        I think it’s more like “is that you Armand Ayakimyan.”

      2. Jeff

        You referred to both a site’s checkout page, and getting different totals depending on what is in the shopping cart. So presumably at least some of the people are asking for charges for something. I had assumed most of the other affiliates were using stolen numbers rather than just non-delivered goods; but it is somewhat confusing as written.

        1. BrianKrebs Post author

          Sorry, Jeff, if I was unclear. In my estimation, this in all likelihood is not a real affiliate program, but only made (very weakly) to look like one. It is essentially a cover story for taking huge lists of stolen card data and dinging each with a small charge. It goes without saying that people hit with these charges never receive(d) anything for their “purchase”.

      3. voksalna

        No, sorry, not a Russian Citizen (yet). My home is still being run by the Nazis your government helped to overthrow my government with. Thank you though. So nice you ‘called out’ to me like you used to do with Pasha; I will need to get cigars and a VK page next, and start posting under more pseudonyms.

        Why do you do this whenever somebody has a different opinion than you or your average commenter? And how does he sound like me?

        Again you see only black and white. Maybe you need to read some Russian literature to help you see more gradations. I would be glad to suggest some books with reasonably good English translations. You may even want to try some Czech literature; it sees gradations also.

        1. Lee Church

          Voksalna (or whatever crappy name you are giving yourself.)


          Your reply shows you have serious mental illness.

          1) you have blamed Brian Krebs for the Nazi invasion? You are freaking nuts, dude. Sure it’s “your government”.. really? One might as well blame the sun and the moon, because they were also around at the time of your great made up complaint, and certainly they helped (I doubt much would have happened on the planet without the sun’s present, so it’s clearly logical for you to blame the sun).

          2) you create silly comparison to magic? really?.. as if Brian’s reporting isn’t true, it’s all made up and fake. Nice going there, delusional clown. Fact is, your complaint is that evil was stopped… that’s what you are complaining about. Give it a break already.

          3) You then suggest that after the police officer catches you going through a red light, that the police should not give YOU a ticket, because you heard that someone else, somewhere else previously went through that red light (and got a ticket, which you also skip over). “Officer, you can’t ticket me, because somewhere someone else also did something wrong”. That’s your argument! That’s how you justify doing what you know is wrong?! geez.. I am well aware that miscreants like yourself need to justify and rationalize your evil behavior, but I expect you to do a better job of it because even a moron won’t buy your delusional drivel.

          Get some help Voksalna, or whatever your delusional mind thinks your name is.. (what’s next Lord Voldermort??? geez!). Stand up so your family and friends can properly give the great accolades to your ‘fine work’ of evil! (i’m being sarcastic here, in case your delusional mind can’t discern that).

          Voksalna, you are NOT the person you think you are. You are of whom I speak when I say that there are blackhats that think of themselves as whitehats. The world would be a better place without you, and that’s a very very sad thing to have to say. And since you brought up Nazi’s, your justifying your evil based on the ends justifying the means is exactly the same as the Nazis.. who also thought two wrongs make a right.. and let’s be clear that IS what you are asserting.. that your evil is ok because someone else did evil at some time in the past.. it’s nonsense and you are nuts.

          It’s a shame, instead of being an asset to the world, you are a blight. Too bad.

          1. voksalna

            You may want to have your doctor check your medications. ‘Russian Citizen’ is not me, and to call me a miscreant or blackhat when I’ve spent my life in fraud prevention is an assault on my character.

            And I didn’t say Brian Krebs invaded my country. I said what is well-reported fact, if you would google. But since you’re being a troll I won’t justify the rest of your delusional ramblings with a further response.

            You should get help. And FYI read Zimbardo for good source material on evil. Your paper was fine, but ‘The Lucifer Effect’ was far more scientific and in-depth.

            All I ever advocated for was less bias. Glass houses and motes.

            1. Lee Church

              Oh geez.. you relate the nazis to calling out a scam and claim it’s some sort of fact? That’s nuts dude. And you follow it by suggesting that you were just mentioning a ‘fact’ that wasn’t related to anything in particular, sort of like “and it’s sunny outside”. You suggest someone is “like the nazi’s that invaded my country”.. geez.. and now you are saying that “like” isn’t a comparison? You made the assertion and then you run from it. Good show of character, dude!

              And it’s hardly appropriate to suggest that Brian is wrong for calling out a scam because he could have called out another scam instead. It’s incredibly morally offensive to suggest that is has anything to do with nazi’s, or imply (as you statement did) that john or brian is somehow responsible (the “thank you”, of your statement clearly implies you are thanking them for that action, though sarcastically, it clearly says that you hold them responsible).

              I don’t think you are the person you think you are.

              I’ll say it again, some of these people that think of themselves as ‘good’ and folks like this Voksalsafargen (or whatever the silly lord voldermort calls himself these days) may think of themselves as being on the side of good, but yet they sure do encourage a heck of lot of evil, even defend the folks doing it. With ‘fraud preventers’ like that, no wonder fraud is such a problem.

              Comparing nazi’s to someone calling out scammers is incredibly offensive. And yes, please, don’t ‘dignify yourself’ again with spouting further nonsense. I would appreciate it very much.

              Yeah, and I get that not all the bad guys wear the same shirt.. We get that part. Some of the bad guys even pretend to wear the shirt of good guys, and encourage and enable the bad guys. Heck many of the bad guys even think of themselves as good people.. I’m sure you do, even while you try to stop folks who are doing good in the world and encourage the scammers and hackers. I don’t care what you call yourself, lord voldermort, or the grand emperor of the high whatever.. I don’t care one way or the other. I mention this because you seem to make a big deal that you want to be different than some other clown. You also make a big deal about not using your real identity.. as if that is sooooo important. If you want folks to know you are different than someone else, perhaps you should consider actually using your real name, instead of bozzo the clown. Geez.. you use fake names and then complain that you get lumped together.. that’s really silly dude.

              So, fine, you claim you are not a criminal, you want recognition as an individual, but somehow you say you can’t use your real name.. sounds mysterious to me.. I’m impressed.. really! (laughing at you).

              1. voksalna

                I am not sure if you are mentally ill, incredibly drunk, seriously confused, or highly traumatised by something that occurred in your life (babushka na dvoye skazala?) — or perhaps it is a troll — but I am concerned about your well-being, and question if you may be on the manic swing of a bipolar disorder.

                This is not meant to insult, Lee, but your thoughts jump from one thing to another in nonsensical ways and you are not following narrative trains of thought from anybody’s postings (not just my own). I’ve only ever used this name on this blog, so that right there is a thing I start to be concerned about. Hypersensitivity and massive jumps to conclusions that seem logical but have only tiny tendrils in common (this person and I both speak Russian; is this what set this chain of thinking off? Or Brian’s joke?) would be the other indicator of something going on that you might want to see somebody about.

                So when I said get your medications checked, I did not mean this as an insult, but rather an extension of concern as a humanitarian gesture. I have seen you post with more sense in the past and it concerns me to see you pushing yourself over an edge. Especially when you seem to be equating people with Harry Potter characters and confusing statements about actual Neo-Nazis that really WERE behind Maidan with the Nazis of WW2 (who I will not hesitate to mention figured prominently in the paper you yourself was quoting about ‘evil’ — why no mention of Abu Ghraib in your diatribe, by the way?).

                I think you are having a hard time differentiating fact from fiction and this concerns me most of all.

                Wanting accurate journalism is certainly not an indicator of ‘evil’. If it is then by all means call me evil, though — I would be proud to wear that label if it equated to ‘truth-teller’. He who has the power writes the dictionary; he who has the power defines the narrative. Xenophobia and xenophilia, however, have historically proven to do nobody any good, and that is one reason I keep coming back here, although the past year has seen this escalating through no fault of my own through world events all around.

                You seem to want to make things about big pictures… Can you really not see why other factors matter in every story without assuming that saying such equates to condoning crime? Or do you still believe I am Satan? Either way the people I used to have intelligent discourses with here seem to have also gone away, so it really does not behoove me to arguing with people who have decided guilt is in some way intertwined with intelligence.

                But I am sincere in hoping you seek help, even if that ‘help’ involves keeping a journal or finding a good friend to talk with who would be a better judge of your mental state than I or the other couple of people who have commented to you can possibly be.

                PS: Privacy is not a crime.

                1. Lee Church

                  Drop the nonsense of the comparison of calling out scammers/hackers to Nazis, or why that it’s somehow wrong to call out scamming and hackers.

                  Drop the nonsense about meth-addiction identity theft rings being a reason to not call out scamming and hacking.

                  There isn’t anything wrong about what Brian is doing. Sure there is always more to be done.. so what? Your solution is to stop chasing the bad folks where he finds them because there is another bad person somewhere else. That’s your fallacy of two wrongs make a right again.

                  Worse, you cast the US government as some horrible beast to be battled because of Germany in WWII? That’s just nonsense and I’m not going to work through your outrageous statements nor will I spend any further time on that nonsense.

                  I hear your false concern for my mental welfare, but I have to say if you care about my mental health like you do about fraud, then I think I might be better off without your help 🙂

                  The point I’ve been making is the same. I say it different ways because that reaches different folks. Your underlying premise is that Brian is wrong to write the stories he writes. I argue that it is like complaining to a policeman because someone else went through a traffic light in the past. You suggest that it’s here and there, and I disagree with your characterization. I suggest that it is fallacy of “two wrongs making a right” . You certainly disagree.

                  I will now say (and yes, this is moving the point forward) that you seem unhappy with the realization that you do indeed support the idea that two wrongs make a right. I will go further and suggest that is indication of cognitive dissonance. You want to think of yourself as doing ‘good’, but you actually justify allowing evil B to go on because Evil A went on. You have said that a number of times. That is a fallacy of ‘the ends justify the means’.

                  The cognitive dissonance is partly why I suggest you are not the person you think you are. In other words, you may, like the blackhats, think you are doing good, but support ideas such as two wrongs making a right, and the ends justify the means. You have suggested several times folks calling out and shinning a light on these miscreants are bad for doing so, because something else bad happened (two examples: WWII, meth-addicts). You have a fundamental contradiction; you think of yourself as ‘good’, but you support ‘evil’.

                  And yes, privacy isn’t a crime. It’s an interesting statement to make which suggests that you think it may be in the future (if that wasn’t your intention, then your writing didn’t convey what you wanted it to convey). If you abide by the law, by all means, remain as private as you wish. Drop the “i’m not so and so.. i’m so and so instead” routine though. If you are ‘private’ then you are just part of the anonymous lump. Your expectation for individual recognition is at odds with your desire for privacy. Until you identify yourself, you have no legitimate complaint about not being recognized. And what a complaint you have! You are anonymous for goodness sake.. what the heck did you expect a “hi bob so and so”! You want to be you, and not be you at the same time. Frankly, as I said before, I don’t care what you call yourself; if you don’t identify yourself you are in the anonymous bucket. And yes, that means you might as well call yourself lord voldermort or “he who shall not be named”.. which is who you are when you don’t identify yourself. If you want individual recognition, you should identify yourself, otherwise please stop complaining about it. You could very well be a hacker, or miscreant (you certainly seemed to reply to that moniker for some reason).

                  And I have no patience to debate this further. You have argued that the scammers and the companies behind them should not be reported on, but rather a meth addict that does identify theft.

                  Personally I’m glad Brian does what he does and hope he keeps doing what he does best.

                  1. voksalna

                    That’s funny because aside from attempting to defend my ‘name’ I didn’t comment on this story at all. I don’t even know how you are coming to almost anything you’re saying. You don’t even know what Svoboda party is or history but you are calling me ignorant, for instance. This is not my responsibility to teach you. You have google but you choose to believe what you want and I’m bored of you.

                    Everything you said has fallen completely in the realm of false logic and accusations, not to mention ad hominem attacks (based on what?), and feeding you is doing no good. Desiring a fair depiction of what is really going on is not ‘evil’. The fact that you do not know it is going on does not mean it isn’t. And I have always been against *DOXING PEOPLE, WHO HAVE NOT BEEN CONVICTED OF CRIMES, IN PUBLIC*, especialy when they have no recourse in YOUR legal system because he only seems to mostly do it to people who are not American who have no real chance to argue against it. If, as you say, Brian just wants to “get these bad guys” to paraphrase (well, no, you said ‘evil’ — you have loose definitions of evil if you equate what happened in Abu Ghraib and droning innocent people as ‘not evil’ though) then why would he post that sort of thing here? Do you really believe he does not have police contacts he could give it to? Are you truly so blind in awe of his blogging that you do not CARE what is ‘right’ or ‘wrong’?

                    Privacy is a basic human right. Law enforcement and blogging are NOT the same thing. Taking apart a scam is not the same as doxing people. I mostly do not comment on those stories so accusing me to fit YOUR narrative is for what purpose? Usually I come on (no, make that past tense, came on) to try to offer advice to people who were scammed, but I won’t anymore because clearly my attempts to bridge a gap are met only with these kinds of rejoinders and Brian never responding to the issues I bring up — just making backhand accusations by associating other peoples’ comments with me — which his ‘acolytes’ will no doubt follow suit in doing (as you are).

                    Brian should rescind what he said about me and remove your rambling assaultive blather if he doesn’t ‘allow insults’. Might want to check those algorithms, Brian.

                    And I still think you do not see you need help yet, but I have no responsibilty for you self-destructing.

                    1. Lee Church

                      April 2, 2014 at 12:44 am
                      Because they are the ones Brian chooses to write about to satisfy his narrative and world-view, and few people seek information from other sources, including, in most cases, journalists.

                      You get what they want you to see. Sort of like magic.

                      Brian why DON’T you write more about the meth-addicted identity thief, carding, skimming and cashing rings that are so rampant in the US? I see news releases about them all of the time on the DOJ and AUSA sub-sites.”

                      The above IS a comment about this story (it is not ‘defending your name’ – whatever that means given you don’t give your name). But sure, whatever you say valwhateveryournameis.. that must have been a different “he who shall not be named” that posted that other stuff. You complained about NOT being lumped into the anonymous bucket, and yet you deny what is written under your own fake name! You seem to apply your privacy to however is convenient at the moment (another cognitive dissonance issue).

                      In addition, you repeat your justification of not going after the miscreants because WWII, nazis, meth addicts, and now drones. You are trying to justify one evil by citing other evils, in other words, you keep saying “two wrongs make a right”.

                      You tried defending the hackers and scammers.. and you lost. end of story.

                      This discussion is now closed.

                  2. voksalna

                    That’s alright, Lee Church, I have no more interest in pursuing something when you are clearly doing this to provoke me. As I am taught to love even my enemies, and you seem like you need a hug, I hope you know that there are people out there who care. I forgive you.

    2. Old School

      “It’s something like a baptism to have credit card, you need to fall once in something like this to learn how the world is. That’s the jungle of the new age. ” You and Vladimir Putin should get together and write a book entitled “How to Screw as Many People as Possible”. Subtitled “The Jungle of the New Age”.

    3. Lee Church

      TO: Miscreant

      I must point out that you have gotten the argument of some of the ‘whitehats’ unknowingly being or aiding ‘blackhats’ wrong.

      The argument that sometimes good intentions can enable bad motives is true. One does ‘good’ by addressing those shortcomings, not, as you suggest, by justifying additional ‘evil’. Thus it’s is morally sound to cite the ‘miscreants’ (you?).

      So the issue of whether there are unintentional ‘blackhats’ is important, but your assertion that ‘two wrongs make a right’ is completely incorrect. I recognize that as a human being you want to feel good about yourself, and you must rationalize your behavior. That is part of being human, but it doesn’t make you right.

      No matter how you look at it, your business of tricking people doesn’t make you a good human being, regardless of how you try to rationalize your actions. Contrary to your comment, regardless of whether anyone else has ever done anything wrong in the history of the world doesn’t justify you doing evil.

      In short, you have done evil, and you are attempting to diminish others from stopping evil.

      It’s unfortunate that you have chosen to attempt to make the world a worse place by your existence. It’s tragic, because all that ‘evil’ that you and others like you do could have been put to something useful, or even enjoyable to the world. Had you done nothing at all, the world would be be a better place.

      Your assertion that ‘two wrongs make a right’ and ‘the ends justify the means’ are strong indicators that you are not a positive addition to our planet. While I still hope you will become a better person, I doubt it.

      I will note you don’t use your real name, you don’t post your contact information. If you really think you are one of the ‘good people’, then stop being such a coward and stand behind what you say. Your failure to identify yourself properly also indicates that you know what you are doing is wrong.

      I get it. I do. You read that ‘whitehats’ may be unintentionally aiding ‘blackhats’ and think that makes what you do ok, while what they do is not ok. My view is that your thinking is ‘criminally insane’; you actually think that making the world a worse place is a good thing. Your delusional thinking takes evidence against you and turns it to your ‘supporting evidence’. You likely take Brian’s work as an indicator you are one of the ‘good people’. News flash.. you are not a good person.

      Why not identify yourself? why not proudly tell your grandmother, mother, father, family, friends and the world that you steal money by tricking people, and be sure tell them you think it’s ok to steal from them.. because, you are indeed stealing from them. Make no mistake here; In making the world a worse place you rob your own family, and ultimately yourself. As one example, your brother, or perhaps you will want to sell a car. Potential buyers will say “but I can’t trust anyone because scams are so common”, and you get less for your car, or the transaction takes a lot more effort. You pay, whether you realize it or not. Everyone pays, and that includes you and your family.

      Even if you assert that what you provide isn’t a scam, is the ‘education’ really of value? Have you made the world a better place by your actions? It’s hard to argue that the various junk that Brian’s cites is of value to anyone. So if you are so delusional as to think you are not scamming people, you are not making the world a better place with fake anti-virus software (I suppose in your insanity you will rationalize that somehow fake anti-virus software is of value to someone.. give it a rest, ok?).

      The sad part is your talent is wasted. The world is tragically worse off because you are alive. That is unfortunate given you have free will to make the choice.

      In any event, I don’t agree with your argument that two wrongs make a right, nor do I agree that the ends justify the means. You could have been a better person.

      Lee Church

    4. Lee Church

      TO: miscreant(s), Russian citizen

      In addition to my first reply, I’ll add that to criticize Brian because he makes a living calling out these scams is like criticizing a policeman getting a salary for catching criminals.

      For criminals to use that logic to justify their crimes is really what I view as ‘criminally insane’. Somehow they think their ‘evil’ makes the world a better place.

      As to the two-man operation cited (where one guy steals the money, the other launders it with legitimate transactions), there is no validity to a defending a company because it uses the legit transactions as cover for the laundering. In fact, it’s more insidious and worse than a company that did 100% scam credit card transactions. And that’s why it’s done that way; it hides the crimes better. As a historical example: A dry cleaner that doesn’t actually clean clothes at all doesn’t launder money very well either.

      So the folks suggesting that evil is a good thing, and that stopping evil is a bad thing are either nuts or playing a silly game. That they hid their identities indicates they know they are wrong.

      1. Neej

        Did we really need a wall-o-text to point this out? I’m sure the criminal is well aware of his moral shortcomings …

        1. Lee Church

          Believe it or not, psychology clearly shows us that the people doing this stuff have warped their views so much they don’t think what they are doing is wrong. Many folks may miss this, due to bias error that presumes the hackers/scamers see things the same way regular people do.

          If you read page 47 of the above paper you can see several ideas represented in my posts. (e.g. the responsibility, harm that is being done, and the repercussions to the hackers family and ultimately themselves.).

          If one views the problem of stopping hackers/scammers in fuller context, then we should address psychology and not confine our efforts to technology. I would argue that not addressing the delusional minds of these hackers/scamers reinforces their views that what they are doing is ‘right’.

          Anyway, once you give the topic some further thought (and perhaps read the paper I cited above) I would be interested to hear if you still feel that these hackers/scamers know they are evil.

          Lee Church

    5. E.M.H.

      I love how the justification is that this is a good lesson for cardholders and the clichéd “it’s a jungle out there” as well. Nevermind that it’s theft and therefore *wrong*, it’s just the way the world is.

      That’s the refrain of an apologist, not someone defending the supposedly wrongly accused.

    6. JC

      Whats the matter RC?Getting tired?
      Russians have been ripping us off for years.Did you really think people were just going to continue to let it happen?

      Just because you CAN rob someone online ,doesnt mean you SHOULD.

    7. Mike

      Your comment was as dumb as you are.

  5. John

    Are there reliable statistics on the national origin of all of these scams? Why are so many Russian-related? Or are they just the ones we hear about?

    1. voksalna

      Because they are the ones Brian chooses to write about to satisfy his narrative and world-view, and few people seek information from other sources, including, in most cases, journalists.

      You get what they want you to see. Sort of like magic.

      Brian why DON’T you write more about the meth-addicted identity thief, carding, skimming and cashing rings that are so rampant in the US? I see news releases about them all of the time on the DOJ and AUSA sub-sites.

      1. Lee Church

        The meth addicted identity theft, card stealing, etc. crime epidemic you seem to think is so big isn’t supported by these statistics (and of course you pile up an aggregate of statistics to get your ‘big number’, i’m sure).

        So sure, there are also jaywalking, and parking meters that have expired time on them too, and your complaint is that Brian should write about them instead. That would certainly be a relief to the scamers and hackers.

        Your objective appears to try to undermine someone making the world a better place. What’s worse is you seem to feel that the ends justify the means. (This thinking is also similar to hackers and scammers, so I say again you have more in common with the blackhats than you think). You make the most silly complaints I’ve heard (and i’m just a third party reading your nonsense)… nazis.. meth-addicts.. complete rubbish. Given “the enemy of my enemy is my friend” , it appears you are doing your best to be the hacker’s/scammer’s friend.

        There is other fraud and scam stuff I think Brian could write about which is important (and effects regular folks), but complaining about him not covering meth-addicts? really? geez. Complaining that somehow the scams are ok because there are meth-addicts clearly puts you on the other side of ‘good’. Two wrongs do not make a right, regardless of what you claim.

        And there are dangers which could unintentionally enable bad actors. For example, stopping hackers only to have grandma tricked by the bank fees, or front run by some questionably legal system is a legitimate concern. But that hardly means one doesn’t go after the bad folks where you find them. It means we also go after the bad folks elsewhere. I suggest “two rights” rather than your “two wrongs”. Fortunately we have folks doing exactly that in various agencies.

        I don’t buy your apologist public relations line you have peddled which promotes hacking and scamming . Hacking and scamming people is wrong. Brian happens to write about those topics. end of story.

  6. mr brooks

    @Russian Citizen

    CrimeA River! don’t you have a country to save?

  7. Don Craig

    Just a note that not all Plimus transactions are/were fraudulent (or even dodgy). I’ve had a Plimus transaction in 2005, 2006, 2007, 2008, 2009 (2), and 2011, all from small software companies. All were legit.

  8. David T

    What’s your opinion of using 1-time-use credit-card numbers to avoid this kind of scam? (E.g., Citi has this.) Supposedly, the number is only good for a single merchant-account, so if there’s a breach, the charge won’t be accepted at some other site.

    But there used to be many more credit-card companies offering these. E.g, Discover dropped it’s service this month. I’d think, with all the breaches in the news, there’d be a lot of consumer demand for them. Is there a hitch?

    1. PKH

      I use MaskMe ( for almost all of my online purchases. It creates a one-time use card # for an amount that you specify. It protects your real card information, and also will create email addresses and a phone number that forwards to your real # so that you dont give out your real info).

      1. rb

        Maskme sounds intriguing, but what happens when THEY get hacked? This is a nice attempt at a solution, but ultimately it just shifts the problem from many vendors having your card info to just one. It could lower your risk, but also gives a false sense of security.

        When will the credit card companies switch to true one-time-use account numbers? Or how about a one-time-use pin that must be entered along with the account number? I suspect things will not change until their pain threshold is exceeded, and we are a long way from that.

        1. Neej

          Um, shifting the problem from many vendors means a major decrease in chances of being attacked. I also don’t understand what decreased “awareness” has to do with anything.

    2. Jacob

      While that specific technology seems like a good idea right now, I wouldn’t trust it to Citi to manage it successfully. Beyond the major issues they have had in the past few years, they still use a “password reset” process that does not require you to respond to an email/text/call, but will allow the entire process to take place by providing a card number and a few questions. Oh, and it also provides your username as well!

      Basically, if they have your card and you answered your security questions with truthful responses, it’s very easy to access the account.

      So, how hard would it be to dispute a charge that used one of these one time card numbers?

      Granted, this is much more targeted and time consuming than most credit card attacks, but if they know you have a large amount of available credit – courtesy of credit reporting sites – in the banks eyes, one large breach is still only one breach.

      But, if it makes you feel better, Wells Fargo is worse…

      1. David T

        @Jacob: Thanks for the heads-up about Citi’s carding security regime. My plan is to never use this card-number in transactions. I’m not carrying it in my wallet. I’m only going to be using it for web purchases – and those only behind the Virtual Account Number service.
        Discover had this service. They dropped it in early ’13; but they got so many consumer complaints they re-instated it. But now they’ve dropped it again. Citi had the service, dropped it, reinstated it due to consumer complaints. Wonder how long they’ll have it?

      1. TownTriangle

        Ugh, I SWEAR I read the article and completely failed to see that. Sorry!


    The “commented-out code ” to me is their way of saying that ” we stated on the website that you the buyer would charged ” but in reality it can’t be seen by the viewer which is a highly deceptive practice if you ask me. It’s their legal way of manipulating the system in case someone or some organization starts questioning their shady practices.

  10. Carlos Ray Norris

    I never do web learning, the web learns from me! and, I never call Microsoft for help or assistance. They call me! I always check my monthly statements for such phoney charges as those reflected in your story. when I do see them, the card company gets an ear full of me and phony charges get nixed from my account. not my problem the card companies aren’t as on the ball as I am about these types of scams. I figure if the card companies can’t realize these things, then maybe they shouldn’t be in the business they’re in. Perhaps they need to do some on line web learning on the subject of internet credit fraud themselves! or they need to hire people that know about that stuff. I’ve cancelled more card accounts because of fraudulent charges, and these idiots still send me replacement plastic, thinking I’m the idiot and I’m going to use it again. nyet! I shred em as fast as they show up, and call to remind them they’ve made a mistake. Then they act as if they’re doing me a favour by giving me credit. Ha! Fact is, we’re all doing them a favour by using their broken, loan sharking credit fraud industry system. The bank CEO’s are no better, they just smile and wear three piece suits to cover the scales of their ciganin snake skin.

    Folk’s, There’s a sucker born every .007 minute these days on teh interwebs.

  11. Old School

    “Reading up on this latest scam, it appears that the payments are being processed by a company called BlueSnap, which variously lists its offices in Massachusetts, California, Israel, Malta and London. ”

    From the Department of Irony:
    Mar 28
    BlueSnap Enhances its #Security and #FraudPrevention Capabilities to Defend Merchants against #Cybercrime:
    Mar 27
    Threat of the Week: Is #EMV 20 Years Too Late? #Targetbreach #security

  12. mr kebab LOL

    HAS ANYONE EVER CALLED U MR KRABS ? lolllllllllllllllllllllll oR WHAT BOUT MR KEBAB?


  13. Mark Allyn

    I have been checking my credit card and debit card statements almost every week for the last 3 months since the Target story first came out and I have not seen anything.

    I know I have not shopped at Target, nor Neimon Marcus, nor Sally’s Beauty. I also don’t own a car and thus, I don’t use the gas pumps that Brian has talked about recently.

    This story, though, has me concerned. Where are these guys getting the cards as it seems this has been going on longer than the Target breach haul of 20 million cards has been around?

    Could there be an on-going breach that even Brian is still unaware of where the bad guys have a huge trove of cards, say, from someone really big like Walmart or Krogers or Macys or someone else? But they are only trickling out the cards a few at a time for these scams that we are talking about today?

    Perhaps they plan to do this dribble effect and never sell dumps? Could this be a recipe for a lifelong retirement income from a few compromised cards at a time instead of a big dump like what Brian mentioned before?

    So, they steal 50 million plus cards from Walmart and keep everything tight to the chest and start using them 100 to 200 per month all over the planet and stay under the radar?

    1. Jacob S

      If they haven’t been already, my money goes to the the attack taking place, at least initially, through the scan guns they leave around. They provide an unnecessary amount of unsecured network information to the holder and easy access to the OS beneath the Walmart applications.

    2. Jonathon T

      Target was only one of about half a dozen estimated retailers hit during the December season. You are right to be concerned about your data being stolen from any one of the others. Not everybody reported their breach.

    1. Lee Church

      RE: my thinking on bluesnap response

      I would have thought that bluesnap would know who it’s customers were, particularly with all this CRM and big data floating about.

      It’s a stretch to suggest that a third party (Brian Krebs) knows bluesnap’s customers better than bluesnap does… If so, then it surely questions whether all this customer analytic big data profiling is worth anything at all.

      So which is it, is the big data thing completely worthless, or did they really just turn a blind eye until called out?

      For a hint at the answer, point 6 of the bluesnap response is telling.

      They argue that a third party would not know as much as they do (and therefore should not comment). If this is true, then a fair guess might be two for two; big data is worthless AND they were turning a blind eye to the scamming. But hey, that’s if I just apply regular ol’ logic to the facts as presented.. the facts could be different, but it sure appears as if bluesnap is trying to save face after the fact.

      It’s worth noting that bluesnap was carrying reputational risk before Krebs pointed out the scamming. Whether they knew they were carrying it (I suspect the answer is yes, but that they discounted it) or not, it’s clear they were carrying risk. If they had investors, and failed to disclose that they processed scam transactions it could be a violation of the fiduciary duty to shareholders (that would have to be investigated). given that there appears to be some sort of buyout and ownership change, the due dilligence should have looked at who the customers were, and it’s hard to believe that these fake educational charges would not be known, unless of course they were buried (note: it brings to mind the fiasco with HP’s Autonomy buyout).

      I think the response from bluesnap raises more questions in my mind than it answers, though at least they have stopped processing the scam transactions (that’s a start I suppose).

      One has to wonder how it ever got started, and why it went on for so long. It’s possible we have not heard the end of this story.

      (and in my opinion, perhaps as much as the Target story, Brian’s work on this story has clearly made the world a better place.. so thanks are in order Brian, good work).

  14. mbi

    Why can’t banks not accept charges from known payment processors unlucky to have a number of scammers using them. At least they can have them post a bond which will dissuade this stuff and force them to be more vigilant. Nothing like hitting them in the pocket for being lax and not doing their due diligence. The bond could cover victim restitution and their extra costs.

  15. voksalna

    April 2, 2014 at 12:37 am …awaiting moderation

    By the way, you may want to consider that I do not commit crimes and am not a criminal the next time you wish to slander me. 🙂 ”

    No curses, no insults, and my next post posted. So why the moderation here?

  16. Adam

    What is the actual range of charges for processing or accepting payment for said services. I reviewed my past 2 years of bank statements and realized a $1.12 charged was applied/drawn from my account each month. Such a small amount went unnoticed, because it was less than a cup of coffee. I then called the company or at least the number listed. A very polite woman named Maria explained their said their company “actively” sought out removed my information from general mailing lists, to limit the amount of “junk mail” I might receive at any given month. I said this same service can be received through several different agencies for FREE. She became a little defensive, and explained they were much more thorough than any of those agencies. I asked her how many active members do they have at this time, she responded a little over 6 million. So, if they processing center only charges 9-12 cents per transaction, this “company” could be pocketing 6 million dollars each month? Can it really be that easy? A home/office, a processing center, and an idea? Strange world we live in, what would be the worst case scenerio if these guys/girls get caught? Thanks

  17. mobocracy

    Seems like another version of phone cramming.

    Bill an amount so small it’s not noticed or if it is or it falls below the pain level required to reverse it. And the itemization on the card is ambiguous enough that even if it is noticed, someone with a large volume of small charges may not believe it was something they didn’t actually buy (I find the itemizations for things I do remember often baffling; it’s like a Twitter-length summary of “Naked Lunch”). Actually provide the “service” listed (ie, some boiler-plate directory listing on a web site nobody visits) and you can withstand some actual scrutiny, especially if you bother to reverse charges to people who complain.

    I kind of wonder how many scams like this there are and how many people get away with it, either forever or for long enough to make serious money before moving on to something else. When friends and I talk about this over a bottle of bourbon it doesn’t take too many drinks to rationalize the entire “business opportunity” as kind of attractive — simple to get into and a level of plausible deniability (if you actually go through the motions of providing some service, no matter how poor) that it seems like you really could get away with it even with some scrutiny.

  18. Me

    As much as I detest Bank of America, I use its credit cards because of ShopSafe. I use ShopSafe religiously online so that no retailer has access to my real number, they cannot charge more than the amount I set, and I can shut down that number any time. I use MaskMe for emails and fake phone numbers, keeping those pieces of information hidden from retailers, too.

  19. androo

    I did a bit of sleuthing on a similar scam facilitated by chronopay a couple of years back after my card was charged. it involved scooping up a domain name being used in the fabrication of victims’ email addresses. see for more infos.

  20. gerry

    Checked my CC and on 3/17/14 there was $12.75 BLSWeblearn and $0.10 “international” charges, my CC bank said the charges were done internationally, cancelled CC and now have to fill out paperwork on the fraud charges… ggrrrr!!!

    My only charges on the CC were for a recent work trip to Florida (hotel, and two airport limo rides), it’s not the hotel as a co-worker did not get zinged with a fraud charge, so likely my CC leaked from either of the two limo companies, both of which I will inform.

    1. Guest

      The odds are that your card number was somehow obtained before that trip, most likely online, though perhaps locally.

      That said, it’s never a safe assumption that just because a colleague’s card wasn’t also used for fraud doesn’t mean that a place is not the source of the fraud (generally speaking). When it comes to stuff like chargebacks and the like, it is not out of the realm of possibility that someone might go out of their way to avoid the bin numbers of banks with high chargeback success rates.

      Still, odds are it was online or part of a bigger breach, not the limo company.

  21. Chris

    Just disputed the charge $13.06 I found on my Capital One statement today from BLS*WEBLEARN ST JULIANSMLT as I never even heard of that company before. Also, I have not used my cc since Dec 2013 so there is no reason that charge should even be on my credit card. Capital One canceled my card and is issuing a new one with a different number and refunding that fraud charge back to my acct.

  22. gerard

    I have had this occur on two separate debit cards (both in mid March), one being a local credit union, not like the other, which is US Bank. I do not shop at the major dept stores like Target. So, I am really curious as to how they obtained my number as I did not go looking for them (BLS Weblearn). Fortunately, my Credit Union associated debit card company is proactive and called me as the charged was occurring and it was stopped in its tracks. The big boys, US Bank, had no clue till I call them a month later.

  23. AMLSV

    This is probably the most recognized forms of scams among hundreds that anyone of us currently threatened by. Such scams not only hamper the rate of growth of online marketing activities, but also put at stake the reputation of the client’s in front of their customers.

Comments are closed.