The fraudulent charges are for odd amounts, like $10.37, or $12.96, presumably randomly selected to avoid triggering suspicion.
“When they appear on your statement, the charges generally reference a company in St. Julians, Malta such as BLS*Weblearn or PLI*Weblearn,” Krebs explained in an analysis. “The payments are being processed by a company called BlueSnap, which variously lists its offices in Massachusetts, California, Israel, Malta and London.”
The phony charges appear to be tied to an affiliate marketing scheme for “online learning.”
“One site that’s connected to the Weblearn scheme is onlinelearningaccess.com, which actually includes commented-out code hidden in its HTML content stating that ‘the charge will appear on your credit card as WebLearn8884612032,’” Krebs noted.
Other implicated affiliates include greatweblearning.com, jnselearning.com and learnonlinemembers.com.
“As we can see from the checkout page at onlinelearningaccess.com, the base price of the ‘system’ is $8.83, but different checkout totals can be achieved ($11.08 and $10.78, e.g.) simply by selecting different items to add to your shopping cart,” Krebs said.
He added, “Unfortunately, these types of schemes are as old as the Internet, and will be with us as long as there are companies willing to engage in so-called high-risk credit card processing — handling transactions for things like online gaming, rogue Internet pharmacies, fake antivirus software, and counterfeit/knockoff handbags and jewelry.”