How Much Your Passwords Are Worth to Cyber Criminals
By: Cole McMeen
Your account information can cost cybercriminals less than a latte — and they’re after more than banking credentials.
The Tokyo-based cybersecurity firm Trend Micro released two reports in December, outlining underground markets where cybercriminals sell illegal products and services. It found that criminal markets hosted in North American countries sell diverse offerings, from music and media account credentials to fake documents, weapons and drugs, and that their German counterparts focus on credit cards and identification documents, and sometimes give away Amazon and Netflix accounts for free.
Underground markets where people can buy and sell stolen information and hacking tools have become so advanced in recent years that even an “entry-level” cybercriminal is “only limited by their imagination and resources,” says Ed Cabrera, vice president of cybersecurity strategy at Trend Micro. A sampling of what’s up for grabs: Malware (complete with technical support services), hosting services, the tools to spam people and services that jam websites with fake traffic to force them offline. “Even the low-levels are able to scale and conduct much more sophisticated attacks than in years past.”
What’s on sale in the North American Underground Price:
Classic U.S.-issued credit card account information $19 to $22 (100 sets)
Gold, platinum or business U.S.-issued credit card account information $36 to $42 (50 sets)
Classic Canada-issued credit card account information $47 to $50 (40 sets)
Gold, platinum or business Canada-issued credit card account information $50 to $65 (35 sets)
Fake U.S.-issued physical credit cards $210 to $874
Netflix account access $5
Hulu Plus account access $4
Spotify account access $2
Beats Music account access $2
Dish Network Anywhere account access $7
Verified PayPal account access $9
Sirius Satellite Radio account access $15
Counterfeit U.S. passport $780
Counterfeit U.K. passport $730
U.S. driver’s license scan$145
Counterfeit U.S. driver’s license $727
Counterfeit CVS, Walgreens or Roland prescription labels $100 per three labels
Why would criminals want victims’ media and entertainment accounts? Cabrera says the crooks may intend to log into those accounts and then access the individual’s payment card information — or they could just be looking for free entertainment. In many cases, these sets of credentials create a complete profile of the user to further scam them or are tied to a financial instrument they can exploit. And people may not notice as quickly that they’ve been exploited, compared with when customers find fraudulent charges on credit card statements.
Criminals purchasing from markets hosted in Germany can buy stolen bank account credentials based on the balances available, and usually also receive associated personal identification numbers or other verification information, according to the report. The report cites an account Trend Micro researchers found on sale for $2,932.33, given that it held a balance of about $8,000.
What’s on sale in the German Underground Price:
Scanned I.D. (male) $10.66
Scanned I.D. (female) $8.53
Online bank account informationAt least $10.66, ranging higher depending on balances
“These sites are competing with each other for these criminal users,” Cabrera says, adding that many goods and services come with “satisfaction-guaranteed” offers.