Symantec’s bi-annual report into online threats found that details of bank accounts in the UK are now on offer for as little as GB pound 5 on underground websites, with full credit card numbers being sold for just pennies.
It claims account details are the most popular commodity on the black market forums, and that criminals are basing their asking prices on the amount of cash in each account.
Bulk buying
Meanwhile full credit card details (including expiry dates and security codes) can be cheaper if bought in bulk, costing criminals around 20p each. Symantec claims it saw bundles of 500 card numbers being sold in one go last year.
After credit cards, full identities are thought to be the third easiest product to pick up in the ‘cyber crime supermarket’. And, Symantec said, fraudsters are prepared to pay up to 50 per cent more for the identity of a European than that of an American because EU laws make it easier to commit crime across borders.
The security firm claims the online trade in identities is increasing, and that personal details now make up nine per cent of all ‘goods’ advertised on the crooked websites.
Aggressive trading arrangements
“Our latest report has clearly identified that the underground economy market for stolen online consumer data is continuing to grow and become more aggressively driven by market forces,” a Symantec spokesperson said.
“We are not only seeing new types of data displayed readily for sale, but also seeing more aggressive trading arrangements taking place between cyber buyer and seller. There is also an obvious shift in focus from attacks targeted at instant financial gain versus those aimed at obtaining identity information from consumers in pursuit of longer term rewards.
“Users can take protective measures such as installing the latest internet security and phishing protection software, ensuring passwords are strong, only ever enter credentials onto an official site and do not click through email links, and keep personal information safe.”
The threat report is based on information from Symantec’s ‘Global Information Network’, which has more than 40,000 sensors set up in over 180 countries worldwide. The company has created millions of email accounts to monitor the latest phishing threats as they emerge.
EBOOK: Lessons from IFSEC 2023 – Big Tech, Martyn’s Law and Drone Threats
Read IFSEC Insider’s exclusive IFSEC eBook and explore the key takeaways from the 2023 show!
Navigate the impact of Big Tech on access control, gain insights from Omdia’s analysts on video surveillance trends, and explore sessions covering topics like futureproofing CCTV networks, addressing the rising drone threat, and the crucial role of user proficiency in security technology.
There's also an exclusive interview with Figen Murray, the driver behind Martyn's Law legislation.