Stolen credit cards going cheap, says Symantec

Stephen Withers
Tuesday, 20 March 2007 11:26

Your IT - Home IT

Stolen credit cards are being sold on the Internet for as little as $US1, according to Symantec's latest Internet Security Threat Report.

The vast majority - 86 percent - of the banks that had issued the stolen cards were in the US, which may explain why American cards attract the lowest prices. Advertised prices range from $US1 to $US6.

The United Kingdom was a distant second with just seven percent, but British cards sell for $US2 to $US12. Australia was ranked fifth, with one percent of stolen cards.

Other items being sold on 'underground economy servers' include identities comprising a US bank account, credit card, date of birth and a government-issued ID number for $US14-$US18; an online banking account with a $US9900 balance for $US300; verified PayPal accounts for $US50-$US500 (depending on balance); Skype accounts for $US12 and one-month World of Warcraft accounts for $US10.

Access to compromised computers trades for $US6 to $US12 each, while web sites to host phishing attacks go for as little as $US3 to $US5.

Is it any wonder that phishing and other attacks are so widespread? At these rates you'd need thousands of victims to make a worthwhile amount of money. While you could make more by siphoning off the contents of a compromised bank account for yourself, that significantly increases the risk of detection.