Expired: Fresh Card Fraud Scheme

Credit card fraud is always a hot topic in the world of banking. Data breaches are commonplace and consumers are almost desensitized to them. Up until late 2015/early 2016, counterfeit Card Present (CP) fraud drove losses. But in a post-EMV world Card Not Present (CNP) fraud reigns supreme.

HOWEVER – This article isn’t about CP or CNP fraud. Last week one of my subscribers made me aware of an interesting fraud scheme. And it was actually the first time I had ever heard of it. As I started to dissect the problem I was honestly impressed at the ingenuity of the fraudsters. As a self-proclaimed “fraud fighter” I can still appreciate the thought put into some of these schemes because it causes me to have to learn, adapt, and overcome.


“Ding. You’ve got mail”…is probably what it sounded like back in the 90’s. But nevertheless, this subscriber had received an email, supposedly from Netflix, regarding her recent expired credit card. Her card had in fact just expired the month prior, and this email was requesting her to sign in and update her account with the new card information.

BUT! This was not a legitimate email from Netflix, and rather a well thought out spear phishing scheme being perpetrated by fraudsters who had recently purchased her card data. Through partnership with Gemini Advisory I confirmed that this card had been purchased at a discount through a prominent carding shop just days prior.

Expired cards have normally been scrapped or sold at major discounts because they are considered essentially useless. In this scheme however, fraudsters found a way to still capitalize on this information. If the fraudsters purchased the CNP data coupled with the email address, there is a fairly high likelihood that person also has a Netflix account.

Your everyday consumer wouldn’t think twice about an email like this because they are well aware that their card recently expired. Of course Netflix is going to want that information updated! Well, you know what they say about assumptions….


This subscriber luckily had anti-virus on her phone that flagged the email and redirected her after clicking the link. She mentioned reviewing the email and not seeing any red flags which would have led to her giving out her brand-new card information. These fraudsters would have turned worthless data into fresh card info at a discount.

Card networks like Visa and MasterCard now have services that will automatically update your subscriptions with new card data in order to not inconvenience customers. If you’re still getting emails about your cards expiring it is more than likely not legitimate.

Like most cases of phishing, if you’re ever suspicious of an email please don’t click on any links provided or give out information. Always verify directly with the provider or merchant that the email is legitimate. For more information on phishing, I go more in depth on how to spot irregularities in Weaponizing Vulnerability.

No matter how many obstacles we place in their way, fraudsters are always going to find a way around it. Through proper education and exposing new schemes we can continue to limit the impacts to consumers and the downstream effects of fraud.

Never stop chasing checkmate.

2 thoughts on “Expired: Fresh Card Fraud Scheme”

    1. With the plethora of subscription based merchants in the market right now this seems like a pretty easy scam to pull off. I hope you and your wife were able to catch onto it. Thank you for sharing Joseph!

Leave a Reply

%d bloggers like this: