Credit CardThe interest rate on your credit card may be high but the price paid for your credit card details is very low. The market for credit card information is large, the profits are huge and the clientele are hungry.  And just because you can’t see it, doesn’t mean it doesn’t exist.  If you’re not engaging in identity theft protection you might be in for a nasty shock.

 

How real-life pickpocketing equals identity theft in the online world

There are parts of the internet that are like the Wild West. Guns, drugs and a rake of stolen stuff for sale including credit card details in their thousands. This dark side of the internet isn’t accessible with a normal browser, to use it you need to use anonymising services that disguise your computer’s physical location.

Law enforcement tries to nail down hackers by tracing their IP address, that is a computer’s location on a network. The IP address can then be traced to a physical location. Hidden web sites mask the IP address so it’s almost impossible to identify the physical location.

This is good news for hackers, crackers, villains and a range of people who want to sell or promote their services but don’t want to be found.  It’s also the first port of call for hackers who steal credit card details.

These people are like the virtual equivalent of a professional shoplifter. Shoplifters spend their days roaming shops and scooping up goods. When they’ve finished they’ll head off to sell their gains, but clearly not in public.  Hackers use the hidden web to do exactly the same, except they hunt for credit card details and banking information.

There’s quite a bit of competition among the web sites that sell these details, it’s a competitive endeavour.  Web sites vie with each other for custom and promote themselves as original or offering ‘fresh’ card details every week, and some also provide cloning services where the stolen credit card details are grafted onto new bits of plastic that look just like the original credit card.

What can you buy with a few Bitcoins

One site, in a very simple fashion offers credit cards, PayPal, accounts and dumps for sale. For example, for 11.5 Bitcoins you can buy bank account details that hold $10,000 and upwards.  In the dumps section for 3.4 Bitcoins you can buy a batch of EU pin numbers, with a daily limit of €500 that work across the entire EU.

Like any currency the value of Bitcoins fluctuates but it currently sits at around $100 for one Bitcoin. If a hacker can lift 50,000 credit card details they can potentially make a lot of money selling this information on. So in the bank account example above, if you pay around $1100 you get access to an account that holds over $10,000.  The owner of the account has no idea that their account is up for sale, until one day he or she discovers it has been emptied.

Sale on stolen credit card information

Credit card information is extremely popular. One web site offers card details based on the region, the US, Europe, UK, Brazil and Australia. You get all the details you need to carry out fraudulent transactions such as name, address, birthday, CVV number and it costs 0.45 Bitcoins.

Another site offers the ‘lowest prices’ and warns ‘beware of scammers who copy our site.’ To hook people in it offers ‘fresh new accounts every month’ different balances and prices and ‘cash out guides.’  The guides are quite a common service. They provide buyers with information on how to get the most money out of the account without being caught.

Reading through this perhaps you’re getting a sense of the scale of the stolen credit card and bank information industry?  When you hear or read a news story about hackers stealing individual details from a company’s servers you’re seeing the actors in action. These details are offered for sale on these web sites. But what you’ve got to keep in mind is that the credit card information is often offered for sale before the company that has been hacked makes a public declaration that it has lost customer details. And it’s often the case that the company doesn’t even know it’s been hacked.

How can someone steal your identity without you even noticing it?

You’ve also got to keep in mind that many organisations, particularly financial services organisations shy from making a public declaration if a hacker has penetrated their systems. It undermines their credibility and is clearly bad for business.

But how do hackers crack systems? There are many ways some of them more difficult than others. Some will try to penetrate a network but many large organisations have 24/7 protection, that is, a team of people monitoring all elements of a network and closing of gaps when they see someone trying to penetrate it.

One of the easiest methods for a hacker is to create malware and stealthily plant it on a computer. The malware is designed to extract your personal information such as credit card and banking information.  If they’re successful it can be a lucrative business.

If a piece of malware can infect millions of computers, and it often does, and the hacker extracts details from 30% of these computers, they are clearly going to rake in some cash. A well known Trojan, for example, called Zeus has apparently infected millions of computers many of them in the US.

This is why we all need identity theft protection. These attacks are not just isolated one-off affairs. They are consistent, co-ordinated and large scale. Ironically, defending against them doesn’t require a great deal of effort. But it does require an acknowledgment that the threat exists. Many people don’t want to face this reality and believe it will never happen to them. But it’s a wilfulblindness on our side.  We’re not saying it will happen to you but given the scale of hacking and the ubiquity of computers the chances are relatively high if you’re not protected.

BullGuard Identity Protection is a great tool to guard against credit card and banking details theft. You simply input the details you want to protect. If your information turns up on any of the websites that sell this information, you’re immediately alerted so you can take the necessary action. It’s simple, effective and protects you against financial loss and a whole heap of trouble.

Posted by Steve Bell 

Written by Steve Bell (86 Posts)

Steve has a background in IT and business journalism and in the past has written extensively for both the UK national and trade press including The Guardian, Independent-on-Sunday, The Times, The Register, MicroScope and Computer Weekly. He's also worked for most of the world's largest IT companies in a copy and content producing capacity. He has a particular focus on IT security and has been involved in writing about the industry at various levels ranging from magazine launches to producing newsletters. He also runs a small copy writing business called Art of Words. When not bashing away at a keyboard he can sometimes be found in a boxing gym making futile efforts to keep fit or marveling at the works of Sufi poets such as Jalaluddin Rumi and Hafiz of Shiraz.


One thought on “How real-life pickpocketing equals identity theft in the online world

  1. EducationBandwagon

    Hi, everything is going fine here annd ofcourse every one
    is sharing data, that’s truly excellent, keep up writing.

    Reply

Leave a Reply

Your email address will not be published.


*