Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    In passing, I recalled talking to my neighbor where I mentioned working in the area of information security. His next question quickly came out- “Why do these scammers want my information?” The more I’m asked this question, the more apparent it becomes that user information is highly valuable.

    Would it be surprising to know that it would merely cost $5 (USD) to buy all of your personal information on underground forums and sites? Some of you may also be surprised to find out the information for sale isn’t just your name and address-it’s far more than that.

    “Fullz”, as it is referred to in underground forums contain not just credit card numbers, names, and date of births. “Fullz” are typically delivered in one of several methods. First, it could be a text or .CSV file containing all of the information in a comma separated file. All of the details of the compromised individuals would be included in the file for easy perusal. In addition, “fullz” could be delivered via a portable database format, like a .MDF file for easy local database import. You can also find personal questions asked during account registrations as well as driver’s license information, social security number, and other information.


    Just because these scammers are nefarious, it doesn’t mean they’re not entrepreneurial. For instance, one seller offers bulk discounts for orders as seen in figure 2.


    These scammers also offer the sale of “dumps”, which is the raw data off the magstrip of your credit cards. In addition to dumps, they sell “plastics”, which are blank cards that are used for writing dumps too.

    And finally, to make scamming even easier, attackers are selling direct logins for bank accounts as well as the transportation of high-end electronics. Bank accounts are being sold for direct access to the money- no more buying dumps and plastics, just use your bank login information and transfer the money.

    High-end electronics are also peddled on the black market for reasonable prices. These scammers buy devices at retail price using stolen credit card information, and proceed to sell it at discounted rates online for cash.


    What do scammers do with my information?

    While many people may say, “If a criminal were to grab 20,000 fullz, mine’s not one they’ll use.” This isn’t simply true. While the cybercriminals who stole your information may not use all 20,000 dumps of information, they will likely sell off the portions of unused data for a much lower price.

    Attackers will make use of your information in one of several ways. First, they could make clones of your credit cards magstrips, and make large purchases with it. They can then sell those stolen goods for a smaller price online. In addition, they will likely re-sell your information to other crooks to use in the same type of scheme.

    In addition to cloning your data, a scammer may use your information to clone your identity or purchase bulletproof hosting. Bulletproof hosting allows for massive leniency on what is uploaded to the servers, and doesn’t have many constraints on sourcing activities from the hosting server. These servers are often used to bypass laws in many locations. Furthermore, using stolen information, makes the originators behind these bulletproof servers very hard to locate. As such, your information could be sold on the black market 10’s of hundreds of times.

    We are also seeing an increased marketability for all the mentioned items as well as increased ability to sell. These sellers are using sites that don’t require registration for purchasing, thus opening the door for more buyers to enter the market.

    In addition, we are seeing increased usage of “escrowing” these goods. It’s no surprise that scammers even scam each other, and this is a common concept in these forums. To prevent this from happening, escrowing has been coming back in force. The buyer of these scammed products pays the escrow agent, who tests the dump to ensure they work. Once testing has been confirmed, payment is sent to the seller, and likewise, the data sent to the buyer.

    In the 2013 security predictions, we stated that these sellers will become more motivated as 2013 progresses. They will sell with an increased entrepreneurial spirit- introducing new and easier ways for buyers to purchase with anonymity.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    • Kyle Wilhoit

      Hi Matthew, Unfortunately, there’s not much that can be done to stop this type of activity currently. Unfortunately, if a company get’s compromised, and your data is housed on their servers, they could leak your personal information. However, protecting where you shop, how you shop (Utilize SSL/TLS), and using disposable credit card numbers (Where applicable) will help offset some of this. There is a planned blog post upcoming that should cover preventative techniques shortly.

      • Poison

        Since this activity is obviously illegal, what prevents the govt of that country from taking down the server where this site is hosted? Also, what prevents them from identifying the owner of the domain and taking legal action against them?

        • Kyle Wilhoit

          Hi- Both very good questions! Nothing prevents the government of the country that this is occurring from taking down the server at all. And quite often, this does in fact happen. However, more often than not, these types of services are offered from countries that don’t have strong cyber-laws to prosecute this type of activity, nor the manpower/expertise to do so. In addition, many law enforcement sources do go after the registrar of the sites peddling these services, but again, it’s limited to the country hosting the site and if they have strong cyber laws to help take down the sites.

    • Matthew Carter

      So what is being done to try to stop this or make it something that can be stopped?


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice