Cybercriminals offer new sales tactics for stolen data

Cybercriminals are resorting to new sales tactics to remain viable in an increasingly competitive environment, according to a new report.

The global financial crisis has ramped up the competition among cybercriminals, forcing them to offer a wide array of products and services to stay competitive.

You can find all kinds of services. These were things I didn't see in the last two years and we are seeing them now

Luis Corrons,
technical directorPanda Security SL

A new report, conducted by Panda Security, shows that cybercriminals endeavored to diversify their business activities in 2010. What was once a secretive market dealing primarily in illegally obtained data, now advertises on popular social networking sites and offers a myriad of services.

"More people are doing this … so there is more competition and they have to offer new stuff to be attractive," said Luis Corrons, technical director of Panda Security's PandaLabs research team.

Credit card and banking details were once the primary fixture of this criminal industry, but today cybercriminals are getting more specific, offering a menu of options, including specific credit card brands or for cards issued in a certain country. The most expensive card details come from European and Asian countries, according to the report, "The Cyber Crime Black Market," issued by Panda Security's PandaLabs research team.

Cybercriminals who sell the information offer it a la carte with elaborate pricing structures, Corrons said. Credit card details can be purchased for as little as $2 a card. Credit card details with a guaranteed line of credit can cost as much as $80 per card. These markets operate like true economies under the rules of supply and demand, Corrons said. They have pricing wars, deals, bulk discounts and special offers. They even offer money back guarantees.

Among the services made available for consumption are bank transfers and check cashing. Commissions run from 10% to 40% depending on the amount received. If stolen bank details are used, cybercriminals charge a delivery fee between $30 and $300. According to the Panda Security report, these prices are standard and the competition comes largely from the speed of the service.

PandaLabs researchers also discovered cybercriminals starting to market their services, expanding to social networks like Twitter and Facebook. While this was surprising to the research team, the trend is unlikely to continue.

"I don't think [the use of social networks] is going to be a trend because it's very easy -- if anyone reports that kind of usage of their account in Twitter or Facebook – for any of the two companies to close it," Corrons said.

Another new service is the development and indexing of fake online stores for the purpose of stealing credit card information. With this service, a buyer pays for the Web design and implementation of a fake online store. It's a practice used by cybercriminals peddling rogueware or fake antivirus software. The store seemingly sells software or some other product that is popular to buy online and prompts the victim to enter credit card data, just like a real online store. However, the victims will never receive their purchase and someone is stealing their data. The price depends on the project.

Also available is a purchasing and forwarding service, which a customer who is apprehensive of using a stolen credit card or committing mail fraud may find useful. With this service, the provider offers to buy products for the purchaser using the purchaser's illegally obtained credit card data and then forward those products to the purchasers address. This service costs a flat fee depending on the type of product being purchased and forwarded. This is essentially an immediate form of money laundering with an intermediary.

"You can find all kinds of services. … These were things I didn't see in the last two years and we are seeing them now," Corrons said.

Corrons said more law enforcement resources and cooperation between countries is needed to address the issue. Multiple jurisdictions make cracking down on cybercriminal operations a complicated problem, he said.

"It's not just everything about resources and putting money on the table," Corrons said. "One of the main problems law enforcements finds is that when these crimes happen, usually they happen in different countries and the main problem law enforcement has is that they can't act in other countries."

Dig deeper on Security Industry Market Trends, Predictions and Forecasts

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close