Threatpost
In this highly digital age, it is near impossible to erase all information online about yourself, but you can do a lot to remove online information and minimize your risk of identity theft or worse. Your Wi-Fi network is another handy access point that hackers use to infiltrate your computers, steal your identity, and grab your personal details. This week, the cybersecurity environment continued to be rocked by the global MOVEit data breach.
The gift cards can be sold for cash or used to purchase other goods—laptops and TV sets, for example—that can in turn be resold for cash. Carders ply their trade in the obscurity of the dark web—that region of the internet that isn’t indexed by search engines and can’t be reached with normal web browsers. Simply put, carders steal credit card numbers, make sure they work, then assemble them into blocks of lists to be sold to thieves. Millions of customers’ card data have been compromised in the past decade. No matter how vigilant you are, there is nothing you can do to prevent a data breach on a merchant’s website, but using a virtual card can shield your actual card data from being exposed.
Understanding the Dark Web and Stolen Credit Card Numbers
With all our technology and connectedness comes a price, vulnerability. Now more than ever before, our credit and identities are at risk from cybercriminals, thieves, and hackers. This week, cybercriminals targeted health lifestyle members, patients, gamblers, and general consumers. Early on, Welltok returned to the news, this time with over 426k member data stolen by assailants; the organizations impacted by the breach were Premier Health and Graphic Packaging International. This week in cybersecurity saw billions of records fall into the hands of criminals. The week began with a report of 132k records compromised from an Indiana healthcare system.
The dark web is a part of the internet that is not indexed by traditional search engines. It requires special software, such as Tor, to access. This hidden layer of the web is often associated with illegal activities, including the trade of stolen credit card numbers.
To ensure larger reach, the crooks distribute the collection via a clearnet domain and on other hacking and carding forums. In addition, Cybersixgill spotted a discussion of the carding market on another popular cybercrime forum. The thread began when the market launched its October 2022 giveaway and continued to chalk up replies through March 6, 2023, after the carding market’s most recent free leak. While some of the recent responses are positive, there are several negative replies, one of which questions the profitability of carding in general. A fair number of vendors include access to a SOCKS5 internet proxy that can be used by the buyer to match their computer’s IP address location with that of the cardholder in order to avoid being blacklisted.
Any suspicious financial activity should be immediately reported to the relevant entity, bank, or assets manager. The validity of the carding market data remains unknown, and we explore that topic at greater length in the section that follows. With regard to sales, the carding market provides validity ratings, and listings are regularly double-checked and removed. The carding market also filters stolen card searches based on countries of origin, bank, and content (i.e., CVV, email, address, card type, or cardholder name). Comparitech researchers gathered listings for stolen credit cards, PayPal accounts, and other illicit goods and services on 13 dark web marketplaces. For legal reasons, we will not publicly disclose which marketplaces were used.
What are Stolen Credit Card Numbers?
Increasingly, criminals operate as part of larger organizations focused on data and identify theft. Research by VPN provider NordVPN of over four million credit cards for sale on the dark web found that credit cards from US citizens were the most common, with 1.6 million of the 4.5 million analysed being from the US. The credit card details of millions of people are being sold to criminals on the dark web for an average of less than £8 ($10.60) each. In 2016 alone, losses topped $24 billion worldwide, half of which affected cardholders in the US.
Stolen credit card numbers refer to any card information that has been obtained through illegal means, often through data breaches, phishing scams, or hacking. Once acquired, this information can be sold on the dark web to criminals who exploit it for fraudulent purchases.
All of that sensitive information is potentially going up for sale on the dark web. In one raid in 2020, Russian federal agents said they arrested more than two dozen members of a card-selling ring, seizing more than $1 million in U.S. dollars. Analysts from security company Gemini Advisory believe the ring was behind a series of illegal card-selling markets earning up to $70 million in seven years. Not only are credit card numbers for sale, but so are email addresses complete with passwords. The wave of recent departures has potentially been a trigger for UniCC’s retirement, as illicit actors see an opportunity in the turbulence to either run away with users’ funds or retire to avoid increased law enforcement attention. Seizures in the carding market by the authorities are not unheard of, however.
How Stolen Credit Card Numbers are Obtained
Criminals utilize various methods to acquire credit card information:
- Phishing: Sending fake emails or messages to trick individuals into revealing their card details.
- Data Breaches: Hacking into databases of retailers or financial institutions to obtain large volumes of card data.
- Skimming: Using devices attached to ATMs or point-of-sale systems to capture card information as it is swiped.
The Impact of Stolen Credit Card Numbers
The consequences of stolen credit card numbers can be severe for both consumers and businesses:
- Financial Loss: Victims can face significant losses if their cards are used without permission.
- Identity Theft: Stolen credit card information can be used for identity theft, affecting credit ratings.
- Legal Repercussions: Businesses may suffer reputation damage and face legal action if their data is compromised.
The Dark Web Marketplace
On the dark web, stolen credit card information is often sold in various marketplaces. These transactions are typically conducted using cryptocurrencies to obscure the identities of both parties:
- Carding Forums: Dedicated spaces where individuals buy and sell stolen card details.
- Individual Sellers: Some criminals sell information directly through offers in chat rooms or forums.
- Bundles: Stolen card numbers can be sold in bulk with associated personal data for higher prices.
How to Protect Yourself
Protecting yourself from becoming a victim of stolen credit card numbers involves several proactive measures:
- Use Strong Passwords: Create complex passwords for online accounts and change them regularly.
- Monitor Statements: Regularly check bank and credit card statements for unauthorized transactions.
- Enable Alerts: Set up alerts for transactions to get immediate notifications of any suspicious activity.
- Utilize Security Software: Run updated antivirus and anti-malware software on all devices.
FAQs
Can I recover money lost due to fraudulent charges?
Most credit card issuers have policies that protect consumers from liability for unauthorized transactions, making it possible to recover lost funds.
What should I do if I find my credit card details on the dark web?
- Judging from the activity on the shop, BidenCash appears to be thriving in 2023, providing an active data and money exchange platform in a market that has experienced a decline in recent years.
- We don’t think about it much, but moving data from our devices to various online locations is a complex process.
- With a Master’s degree in Magazine Journalism from The University of Sheffield, along with short stints at Kerrang!
- Some estimates range from $5 per card to $150 per card depending on the quality and amount of supplemental data that goes with it.
If you find your credit card information compromised, contact your bank immediately, report the fraud, and monitor your accounts closely.
Is it illegal to browse the dark web?
Simply browsing the dark web is not illegal; however, engaging in illegal activities, such as buying stolen credit card numbers, is prosecutable.
Conclusion
Understanding the risks associated with the dark web and stolen credit card numbers is crucial in today’s digital landscape. Awareness and proactive security measures can significantly mitigate the risks of identity theft and financial fraud.
