Credit card thieves are donating some of their stolen cash to charity.
Symantec says it has noticed an increase in the use of stolen credit cards to make charitable contributions, but only as a way to check whether card numbers are legitimate.
If the donations succeed, the criminals can use the cards without worrying whether they will prove invalid and draw down law enforcement authorities, Symantec said.
The thieves donate just a small amount, to avoid raising suspicion from credit card security teams looking for transactions that fall outside the normal pattern for individual card holders, the company said.
Symantec speculates that behaviour monitors within credit card companies are less likely to contact customers to verify the legitimacy of a small charitable transaction than they would be for an extravagant expense.
Because legitimate charitable transactions are not everyday occurrences for individuals, they likely wouldn't raise any flags, especially if they are for relatively modest amounts.
By sitting in on internet chat rooms where credit card numbers are traded, Symantec tuned into this trend, says Zulfikar Ramzan, a senior principal researcher for the company. US cards sell for $1 to $6 each and UK cards sell for $2 to $12 (£1 to £6), he said.
Before the donations, the criminals would make small transactions, often to web sites where they knew security checks are lax, he said.
Testing that a card is active is so important that thieves have set up a specific internet relay chat command to handle it. A thief types in a card number and the script automatically makes a small transaction, Ramzan said.
He said thieves also have scripts that use the credit card numbers to tap into the user's name, Social Security number and the upper limit on the card. "It's pretty chilling to see someone's Social Security number and credit card number fly by," he says.
Bank investigators will likely become attuned to the charity donations and try to react to it, but that is a tricky game, said Ramzan. The banks don't want to overreact and start blocking or verifying legitimate donations. "If they detect too much stuff that's not fraudulent they may cause more trouble than they can handle," he said.
"I guess one thing to note here is that at least some of the stolen money is going to a good cause," said Symantec blogger Yazan Gable.