During the first half of 2007, Symantec found more than
8,000 distinct credit cards being advertised for exchange on web
servers used by the underground economy, making up 22% of all goods
advertised there.
The asking price for stolen card data is influenced by the
quality of data offered. The inclusion of the security code
found on the back of a card makes a card's value far higher to a
fraudster.
Bank accounts were offered at prices ranging from $30 to $400.
Email passwords were sold for anything from $1 to $350. Email
addresses were priced by file-size: a one Megabyte (1MB) collection
costs between $2 and $4, Symantec found.
Full identities were priced between $10 and $150 per person; and
Social Security numbers were priced between $5 and $7.
The study also noted a sharp rise in the use of phishing
toolkits. A toolkit includes a series of scripts that allow an
attacker to automatically set up phishing web sites that spoof
legitimate web sites. The top three most widely used phishing
toolkits were responsible for 42% of all phishing attacks detected
during the reporting period, said Symantec.
Arthur Wong, senior vice president of Symantec Security Response
and Managed Services, said that the company has seen a significant
shift in attackers' motivatation, from fame to fortune.
“The internet threats and malicious activity we are currently
tracking demonstrate that hackers are taking this trend to the next
level by making cybercrime their actual profession, and they are
employing business-like practices to successfully accomplish this
goal,” he said.
