Skip to content

The Most Diabolical Credit Card Scams of the Past Decade

April 13, 2018
6 min read
Hacker Targeting Online Shoppers for Identity Theft
This post contains references to products from one or more of our advertisers. We may receive compensation when you click on links to those products. Terms apply to the offers listed on this page. For an explanation of our Advertising Policy, visit this page.

Update: Some offers mentioned below are no longer available. View the current offers here.

While you're looking for strategies to maximize the rewards potential from your credit cards, hackers and thieves in the underworld are busy crafting plans to steal your financial information and rack up massive bills in your name. According to Javelin Strategy's 2018 Identity Fraud Study, 16.7 million Americans were victims of identity fraud last year — the highest number since the company started tracking the data in 2003.

Last October, I became a member of this unfortunate group when I discovered that someone had tried to charge more than $500 of purchases at New York & Company to my Chase Sapphire Preferred Card. This wasn't exactly the smartest execution of financial fraud: A large purchase at a women's clothing store quickly caught my attention. However, there are plenty of thieves who are much smarter than the nameless criminal who used my card.

“2017 was a runaway year for fraudsters, and with the amount of valid information they have on consumers, their attacks are just getting more complex,” Al Pascaul, senior vice president, research director and head of fraud & security at Javelin Strategy & Research, said when the results were released. “Fraudsters are growing more sophisticated in response to industry’s efforts to implement better security."

As these criminals continue to refine their efforts to steal your credit cards, let's take a look back at three of the biggest scams from the past decade.

The Credit Card Hacker on the Secret Service's Payroll

ARLINGTON, VA - MAY 28: A Secret Service agent scans the crowd at the amphitheater of the Arlington National Cemetery on Memorial Day May 28, 2007 in Arlington, Virginia. U.S. President George W. Bush paid tribute to fallen American soldiers at the cemetery, telling family members that Americans "will never forget the terrible loss you have suffered." More than 300,000 veterans and their dependants are buried at the cemetery, which also has a special section for those killed in Iraq and Afghanistan. (Photo by John Moore/Getty Images)
(Photo by John Moore/Getty Images)

It shouldn't have taken long for law enforcement to find the most unforgettable name in the history of credit card theft. That's because Albert Gonzalez, who is currently serving 20 years in prison for leading credit card theft scams against a list of retailers that included TJ Maxx, Boston Market and Barnes & Noble, was actually being paid by the US Secret Service while he was stealing more than 40 million credit and debit card numbers.

Gonzalez' $75,000 per year salary covered his work as a confidential informant after he was arrested for his role in a hacking ring called Shadowcrew. But while Gonzalez was helping the government with a wiretap to target other hackers, he was secretly running a massive scam that involved wardriving.

If you're like me, you have never used the term "wardriving." According to the US Department of Justice, the activity "involves driving around in a car with a laptop computer looking for unsecure wireless computer networks of retailers." Unsecured computer networks may sound insane in the did-you-hear-about-the-latest-data-breach era, but Gonzalez and his other wardrivers — six other people pleaded guilty to involvement — worked this scam between 2007 and 2009.

After Gonzalez pleaded guilty, officials involved in the case trumpeted the conviction as a shining example that justice always prevails. "Today’s sentence should serve as a warning to would-be hackers everywhere," Benton J. Campbell, then the US Attorney for the Eastern District of New York, said in 2010, "including those who commit their crimes from abroad — you will be found, prosecuted and convicted."

Sign up for our daily newsletter

160 Million Stolen Credit Card Numbers

JetBlue was just one of a number of companies targeted by hackers in the largest data breach scheme in history. (Photo by Darren McCollester / Getty Images)

Three years later, it was clear that Campbell's message hadn't resonated with those looking to charge massive numbers of purchases to someone else. In 2013, five hackers — two of whom had actually worked with Gonzalez in his previous scams — were indicted in what the Department of Justice at the time called the largest data breach scheme in history.

The approach was much more sophisticated than spending time in gas station parking lots, though. Instead, they used SQL injection attacks, which involve advanced knowledge of programming languages to infiltrate a company's network. The hackers navigated their way into the data of 7-Eleven, JetBlue, Dow Jones, and a number of other corporations.

The scam caused hundreds of millions of dollars worth of losses, but each card number is surprisingly cheap. Investigators claimed that one of the men in the ring would sell the numbers and associated personal information to identity theft wholesalers, and each US card number cost only $10. European card numbers appeared more valuable, going for $50 each. However, those profits certainly added up: The ring stole 160 million credit card numbers.

The $200 Million, 19-Person Identity Theft Ring

credit cards keyboard
(Photo by DAMIEN MEYER/AFP/Getty Images)

Despite efforts to increase security with chip-enabled cards, identity theft is not going away. Consider Habib Chaudhry, one of 19 people who helped fabricate more than 7,000 identities and open tens of thousands of credit cards. Chaudhry managed to elude authorities for more than four years until he was arrested in early 2017 and pled guilty to conspiracy to commit bank fraud in a court in New Jersey.

But Chaudhry and his cohorts did damage well outside the Garden State. According to the US Attorney's Office in New Jersey, the scam relied on a system of more than 1,800 drop addresses across the country. Chaudhry and others used homes, apartments and post office boxes as the physical addresses to pick up the stolen cards and rack up more than $200 million in fraudulent charges.

Staying Away from Scams

Falling victim to some credit card scams is unavoidable — we can't prevent rings of criminals from installing skimmers at gas stations, and we aren't responsible for outlining the data security standards at our favorite retailers. However, there are important steps that can increase your security and mitigate the potential damages if your card falls into the wrong hands. Check out "6 Tips for Keeping Your Credit Card Safe Online" and make sure to keep an eye on your cards, your statements and who you give out your number to when you're shopping online.