Black Friday is quickly approaching. To celebrate, we decided to give you an inside look at some of the hottest deals in the fraud world. The social networking era, with its increased availability of information, has made the criminals’ job simpler and provided new sources of revenue. Marketplaces that used to sell stolen credit card numbers have expanded to include personal profiles, login credentials for email and social networking accounts.
Hot Item: Accounts
Spotlight Vendor: Shopaccs.com
The market for accounts is quite
liquid. From the shopaccs.com screenshot, you can see that email accounts and social networking accounts are sold side-by-side. The price list below (from another site) also shows that social networking accounts sell at a premium ($5/1000 for Hotmail, $50/1000 for Facebook). In most cases, these accounts are auto-registered and are used to send out messages containing links to malware-infected sites. The malware will then be used to extort money from the victim (so-called “scareware”), turn the victim’s computer into a “bot” (used for more spam or DDoS attacks), or steal the victims’ personal and banking information.
$/1000 Accounts (with bulk discounts)
Hot Item: SOCKS Proxies
Spotlight Vendor: Soks.biz
So how do the bad guys manage to get away with sending out spam, stealing/creating thousands of accounts? They hide their tracks, of course. The most popular way to hide your origin on the net is a proxy. That’s a comfortable niche for vendors like soks.biz. The subscription options can be as sophisticated as a legitimate cloud services vendor. For example, prices will differ for dedicated vs. shared servers.
“Big Ticket” ($2) Item: Credit Cards
Of course, the fraud world’s big ticket item continues to be the credit card. The cost varies dramatically, ranging anywhere from $2 to $90 per card depending on quantity of information that comes with it. In addition to the number, a basic CC package will include name, billing address, email, CVV2, expiration date and phone number. What’s interesting about social networking accounts is how they can be used to acquire some of this information if needed. For instance, if the fraudster can add mother’s maiden name and DOB to the package, the price goes up.
Several years ago it took a considerable amount of expertise to setup a fraud organization. Today, the start-up capital needed is trivial. Understanding the fraud supply chain is part of what we do at Signifyd, uniquely marrying analyst insights with advanced technology to defend against this new breed of fraud startups.