The increasingly sophisticated credit card black market has grown to resemble a legitimate one, with specialty niches for workers, cheap prices and even money-back guarantees on their ill-gotten merchandise, says a new report
Online payment card fraud is on the rise, according to a January 2011 report issued by Panda Security called “The Cyber Crime Black Market: Uncovered.” The cyberworld has sophisticated marketing, sales and distribution systems churning out newer and better ways for their clients — hackers and thieves — to obtain your credit card and banking data and profit from it.
The most common way they get credit card data is by embedding spyware programs on computers. These programs log and track keystrokes and capture usernames, passwords and PIN numbers and send the information back to hackers who sell it on the black market for surprisingly little money. A working credit card number, for instance, fetches as little as $2.
Credit card details:
We’ll get you all the good stuff: Cardholders’ full names, addresses, phone numbers, Social Security numbers, dates of birth, card numbers, expiration dates, security numbers and more! With this, you go to town! Make online purchases. Clone fake cards for use in ATM machines! Buy all you like — we’ve got plenty.
Physical credit cards:
Sweet deals here, with an unlimited supply of top quality merchandise. No one can tell they’re counterfeit. Available in white plastic or color printing at additional cost. Bank hologram replicas and magnetic strips are also available. Offer does not include credit card details (sold separately). Minimum order is five cards.
Get ’em while they last. With these babies, you can print or clone phony credit cards to sell to your customers. Several models to choose from. Make multiple copies of the same card. They look like the real thing, with a magnetic strip (LINK: https://www.creditcards.com/glossary/term-magnetic-stripe/) and raised card numbers. Use the cloners after you’ve gotten card details from skimmers or fake ATM machines.
These miracle workers come in two different sizes and can be yours today! Get a full-size replica of an ATM, or opt for a skimmer that fits over the card intake slot on regular bank ATMs. When a rube inserts his credit or debit card into our fake machines, you get all his data. The sap won’t even know it. Sweet!
Straight from the Internet and ready to use: User names and passwords for bank accounts, plus any other credentials (such as answers to security questions) you may need to log in to the accounts. We get these goodies from deliciously malicious software that captures keystrokes. When a mark accesses an online account, the programs copy the data and send it back to us, clickety-split.
Let our team of specialists take your dirty money and make it clean. We offer bank transfer and check-cashing services. Once your team of hackers gets online banking credentials and uses them to, er, acquire funds, we take over. Our highly trained “money mules” transfer the cash to different accounts so it comes out untraceable and clean as a whistle.
Online stores and pay platforms:
Need quick cash? Let us help you capture customer data from online stores and payment services (such as PayPal). Our team of crack programmers will develop malicious software such as Trojans and spyware. When consumers log in to online merchants, you get their usernames and passwords and payment service logins. You can go shopping yourself after that.
Design and publishing of fake online stores:
This is a guaranteed winner for nabbing credit card numbers, expiration dates and security codes. Let our top-notch programmers set up fake e-commerce websites for you. When the yokels go shopping for your fake merchandise, you collect both their payments and their credit card details. Ka-ching!
Purchase and forwarding of products:
Need a way to safely and anonymously receive merchandise you’ve ordered online with stolen credit card data? Seventy big-screen TVs dropped at your real address might raise questions. Leave it to us. We’ll set up safe address drops the police can never trace back to you. Just let us know where you want us to send it. No worries. No hassles. Satisfaction guaranteed.
This week’s special : 1 million spam e-mails for only $15. If you need to send out spam advertising phony products, this service is for you. We’ll also help you send out data-stealing Trojan spyware programs as attachments. When recipients open and click on the attachment thinking they’ve won a free cell phone or discount coupon — BAM! — you’ve got ’em.
Spammer’s special! Send out millions of spam e-mails under cloak of anonymity with our SMTP rental service. SMTPs (or simple mail transfer protocols) allow you to send and receive e-mails that can’t be traced by customers or your fellow spammers and hackers. You don’t want to send this stuff out with Google or Yahoo e-mails. Too easy to find you on those.
Don’t let this deal slip away! You can have the power of the Internet at your fingertips with our VPNs (virtual private networks). Our service allows you to use the Internet while remaining cloaked from the prying eyes of law enforcement. They won’t be able to trace you with our anonymous Web or IP (Internet protocol) addresses.
Banks and financial institutions do what they can to keep hackers at bay, but have limits. Many cybercriminals take advantage of lack of coordination between international law enforcement organizations and never operate in the countries where they reside. The cybercriminals hire talented computer programmers and develop programs to thwart bank security measures as quickly as they are installed.
The criminal operations have grown to resemble their legitimate counterparts, with specialized niches for workers and increasingly sophisticated markets. “These types of markets operate in line with the normal laws of supply and demand,” the Panda report states. “There are competing prices, additional services are offered, free trials, money-back guarantees if the data doesn’t work (or if the account doesn’t have a guaranteed minimum balance) \u2026 even anonymous shopping by third parties.”
“If there are vulnerabilities, fraudsters will find them and modify their behavior and exploit them. This has the effect of keeping the payment industry on its toes,” says David Fish, a senior analyst at Mercator Advisory Group, a payment card industry research company, which issued a report on the changing dynamics of credit card fraud prevention. Fish says the use of chip-and-pin technology embedded in credit cards in Europe has thwarted many criminals who try to use stolen or cloned credit cards at brick-and-mortar stores. That leaves the United States a more attractive target, because that technology is not available in the U.S., and may not be for years.
Cybercrime experts say consumers often can’t even tell their credit card information has been copied.
“If your computer is compromised, that means that even if you change your password, they will have the real one as soon as you type it in, ” says Luis Corrons, technical director at Panda.
Consumers worried about losses from cybercrime can be reassured that federal laws and the major card networks, such as Visa and MasterCard, have rules in place to protect credit and debit card users. Federal law limits credit card and debit losses from fraud to $50 if consumers report losses in a timely manner. The card networks have zero liability policies, but also require timely notification.
Banks and merchants are logging major losses from cybercrime. According to the CyberSource 2011 Fraud Report, online revenue losses due to fraud in North America was $2.7 billion in 2010 — down from 2009’s $3.3 billion level.
Experts advise consumers to monitor closely their account activities for suspicious or unauthorized activity. Other security precautions include:
- Keep anti-virus and firewall protection and Web browser programs up to date on your home and work computers.
- Avoid accessing banking or personal e-mail accounts when using free Wi-Fi services because it is easy for criminals to capture your personal data over wireless connections.
- Don’t use ATMs that have devices over the card insert slot. Be suspicious of machines that look like ATMs, but don’t distribute cash. Notify your bank if you think your card’s data has been stolen.
See related: Free, public Wi-Fi can be dangerous to your credit card, Card thieves ‘skimming’ pay-at-the-pump customers, How to find your credit card security code, U.S. magnetic stripe credit cards on brink of extinction, Sinowal trojan compromises 500,000 bank accounts, Nearly 100 charged worldwide in massive phishing scam bust