Bank Account Details Most Popular Item for Sale by Cybercriminals

By Matthew Harwood

Bank account data is the most commonly advertised item for sale online by cybercriminals during the last half of 2007, according to a report by the popular Internet security firm, Symantec.

Bank account details made up 22 percent of all goods and services for sale by cybercriminals. Prices for such information ranged from as low as $10 to $1000. The most popular types of bank accounts were ones with high balances, such as business accounts and European Union accounts.

Symantec says the popularity of bank account data with cybercriminals owes largely to security, liquidity, and market saturation. Bank accounts are easier to clean out than credit cards, considering credit cards have fraud detection technology and are not accepted by wire transfer companies and currency exchange services.

Conversely, "[c]riminals can quickly cash out bank accounts to secure, untraceable drops using wire transfers or services offered by cashiers, sometimes in less than 15 minutes." Also, the company noticed an 86 percent increase in possible Trojan infections that swipe confidential banking information and would explain why so much of the information is for sale online.

To hawk this information, cybercriminals rely on "underground economy servers," according to the report.

Underground economy servers are black market forums used by criminals and criminal organizations to advertise and trade stolen information and services, typically for use in identity theft. This information can include government-issued identification numbers such as Social Security numbers, credit cards, credit verification values, debit cards, personal identification numbers (PIN s), user accounts, email address lists, and bank accounts.

Credit cards were the second most popular item on sale on underground economy servers. Symantec noticed a 22 percent drop in the popularity of credit card sale offers since the first half of 2007. The company attributed this decline in supply to credit cards' loss of acceptance, fraud detection, and the increase in consumers using Internet-based payment tools, such as Paypal, to make purchases online.

In response, credit card information peddlers seek to make their product more attractive by selling credit card numbers at bulk rates and allowing prospective buyers to sample their product. When the consumer is satisfied that the credit card information is legitimate, the sale proceeds.

Symantec reports that credit card information has decreased in value since the first half of 2007, when 100 credit card numbers sold for $1. Now, 50 credit card numbers sell for $40, or $ .80 each, and 500 credit card numbers sell for $200, or $ .40 each.

Other goods and services cybercriminals sell include full identities, eBay accounts, and scam design and hosting, among other things.

One way Symantec recommends consumers combat cybercrime is by deploying a tracking service, which identifies where the hack came from. This allows consumers experiencing a hack to forward that information to the hacker's Internet service provider or to the local police.


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.