Researchers have found that 1.5 million dark web payment card data belong to US citizens. Visa cards were the most frequent, with 913,955 found on the darknet, followed by Mastercard with 406,851 cards and American Express with over 143,836. And, Australia and Hong Kong were the next most affected places, with details on 419,806 and 399,537 cards found, respectively. According to research, a card's vulnerability depends on the proportion of non-refundable cards, the country's population, and the number of cards in circulation. "For example, taking into account a large number of cards with refunds available, US cards may be more reliable. But there was still a big number of them found hacked on the internet because of the greater number of credit card users in this country in general," explains the CTO at NordVPN.
A payment/pay card, or payroll card, is one way of getting your paycheck. Pay cards are a kind of reloadable debit card employers can give them to their employees and deposit paychecks onto the cards instead of printing checks or using direct deposit. If a card is refundable, the victim will get compensated for the hacker-inflicted damage. Non-refundable cards provide no such relief. Another recommendation is to have a separate bank account for different purposes and only keep small amounts of money on the one your payment cards are connected to.
Considering these factors, researchers determined that Hong Kong was most vulnerable, followed by Australia and New Zealand. At the same time, the Netherlands was considered to be the least vulnerable to attacks like these. Most of the payment cards (914,072) cost $20 on the dark web. However, the average price of a payment card in the research stood at $9.70.
More than a half (2,524,142) of all the discovered payment cards were Visa, followed by MasterCard (1,602,248) and American Express (215,971). Comparing the number of credit and debit cards, overall, the difference was not significant, with 52.5% of the discovered cards being debit and 47.5% being credit cards.
According to investigators, the black market for card payment details has been steadily growing since 2014. Even if the cards sell for $10 on average, a stolen database with 4 million card details can sell for a whopping $40 million.
A large portion of the payment card data online comes from brute force, a computer-generated process aimed at getting the right numbers almost randomly. "A computer can make thousands of guesses a second. After all, criminals do not target specific individuals or specific cards. It is all about guessing any viable card details that work to sell," analysts explain. There is no way to remove a threat of brute-forcing completely, but that does not mean users do need to do anything at all. One way is to stay vigilant and respond quickly to any notice from your bank on card use.
How to protect yourself against phishing:
- Use unique and complex passwords for all of your online accounts. Password managers help you generate strong passwords and notify you when you reuse old passwords.
- Use multi-factor authentication (MFA) where possible.
- Beware of any messages sent to you, even from your Facebook contacts. Phishing attacks will usually employ some type of social engineering to lure you into clicking malicious links or downloading infected files.
- Watch out for any suspicious activity on your Facebook or other online accounts.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization and offers pro-active solutions to protect your networks. Cyber intelligence is a needed key for your over-all cyber security. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or firstname.lastname@example.org
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.wapacklabs.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings