Do you feel that airline tickets are too pricey? Do you comb the internet for a great deal on a hotel room only to save a few bucks? Do you find yourself spending too much time looking for deals on car rentals? You’re not alone. But what if you could book the holiday of your dreams while only spending 30 percent of the ticket price, sometimes even a measly 20 percent? This magical travel agency does exist – and there isn’t only one, but several. The only catch – these travel agencies are catering to fraudsters, and are run by fraudsters themselves. Those place tickets, hotel rooms and car rentals are all cheap because they are bought with stolen credit cards.

Yes, the underground economy is filled with travel agencies that purchase plane tickets, hotel rooms and car rentals using stolen credit cards, the same cards that end up in the automated stores. These agencies are nothing but “carders”, fraudsters who focus on buying items using credit cards, that are familiar with the world of travel booking – which websites are easy to use compromised cards on, which won’t report issues, and so on. The buyers pay the “carders” using Bitcoin, a sum much higher than what the “carders” purchased the compromised cards for, yet still it’s a fraction of the cost of the actual items. In other words, it’s a win-win for the fraudsters, and a lose-lose for the identity theft victims and the merchants.

It may sound odd to some that fraudsters are willing to do something as risky as purchasing flight tickets using compromised credit cards and actually flying on the planes. After all, if someone at the travel agency, airline or the bank realized that the transaction was made fraudulently before the plane takes off, the fraudster would technically be a sitting duck on the airplane, with nowhere to run if law enforcement officials were awaiting the criminal at their destination. Hotel rooms seem risky as well for the same set of reasons. However, some fraudsters do take that risk, suggesting it’s much lower than it initially sounds. The plane tickets can serve other purposes as well, like flying out mules to other countries.

Mules are either accomplices or unwitting individuals who help facilitate fraud. They open bank accounts (or, in case they are unwitting, may use their personal accounts) to receive funds from compromised accounts. Other mules receive items bought with stolen credentials and re-ship them to foreign (usually eastern European) countries. “Vacation Mules” are accomplices who are willing to travel to other countries on the expense of the fraudster in order to open bank accounts or pick up items. In return, they get a free all-paid-for vacation. Using compromised cards to pay up for these holidays improves the Return On Investment (ROIs) fraudsters receive from fraud campaigns, and help facilitate additional fraudulent activities. If the mules, unaware they are flying on basically stolen tickets, get stopped or arrested, well – the fraudster can simply write it off as a business loss, which comes with the territory.

The existence of multiple travel agencies proves that there’s a real demand for these services. Cheap travel is all part of the fraudster lifestyle on one hand, but more importantly – it’s good for business.

About the Author:

Uri Brison is CEO of LogDog. The LogDog anti-hacking solution protects the most popular online account types (including Gmail, Facebook, Dropbox and more) by detecting unusual access activity and alerting users so they can take control of their accounts before hackers do.

LogDog app or company claims are not endorsed by freedomhacker.

[Photo via islandjoe/Wikimedia [CC BY 2.0]]