$00.000025: The Going Rate On The Black Market For Your Email Address

By Carlton Purvis

The going rate for a batch of one million United States email addresses: $25. One-and-a-half million addresses from England sell for $100. And email addresses from Russia, Ukraine, Germany, and Australia are available for the right price. That’s according to McAfee’s second quarter Threats Report published this week.

McAfee says 2011 has been a year of “chaos and change.” LulzSec and Anonymous continually showed their skill at compromising networks and showed companies both big and small that their networks are vulnerable. Android operating systems are now the most targeted platform for mobile malware; threats increased 76 percent over the last quarter. And botnets, networks of computers that have been hijacked and are being used for cyberattacks, whose numbers had been at an all time low, are slowly making a comeback.

One of the more interesting parts of McAfee’s quarterly report includes cybercrime “pricebooks” that show the going rates for email addresses that spammers can buy to distribute spam. The price varies by country, with the most expensive being email addresses from Portugal, which sell for $166.66 for one million. One million addresses in Ukraine sell for $20.

Where’d they get the numbers? Adam Wosotowsky, senior research analyst at McAfee Labs explains:

“Mcafee has researchers who, in cooperation with law enforcement, work to monitor newsgroups and chat rooms that would be associated with underground cybersecurity activities. Values and prices for activities can be posted in such venues and at times can even appear in spam or directly advertised on illicit Web sites that sell such services. In many cases the sellers will seem to operate in a country which doesn’t have strict laws concerning selling such private data,” he told Security Management.

“Though spam is still at historic low levels, due in part to the Rustock takedown, McAfee Labs still expects to see a sharp rise in activity over the coming months,” a McAfee release says. A common way cybercriminals can quickly re-up their volume of spam activity is buying email addresses in bulk.

Spammers who are buying and selling email addresses get them from a variety of sources. According to a fact sheet from Verizon, many Web sites ask visitors to provide email address that they sell later.

Companies don’t always make their plans for customer email addresses obvious so one blogger is fighting back.

“Buried in the fine print was something only a lawyer could understand that gave them permission to sell your email address (and other information about you) to outside companies, earning them a tidy profit and you a full spam folder,” Dan Schointuch at Money Talk News wrote on Wednesday.

For this reason, he’s embarking on an experiment to find out who is or isn’t selling information by signing up for rewards programs from companies like Publix, Office Depot, and Facebook, with individual unique email addresses. When the spam starts coming in, he'll get to see who’s selling what to who.

He’ll be posting what he finds on Money Talks News. Either way, the spam will come; there's no way to avoid it, according to one researcher.


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.