Your credit card details may be up for sale

KOLKATA: Do not be surprised if your bank account details or credit card numbers are up for sale on the Net at paltry sums. The going rate for stolen credit card numbers currently ranges between 50 cents (Rs 20) to $5 (Rs 200) while bank account details are up for grabs at $30 (Rs 1,200) and can go up to $400 (Rs 16,000) per account. Surprisingly, email passwords can cost as little as $1 (Rs 40) and go up to $350 (Rs 14,000).

These details are sold through illegal e-commerce sites used for selling and buying illegal items and are termed underground economy servers. They are used by criminals and criminal organisations to sell stolen information. This data can include government-issued identification numbers, credit cards, bank cards and personal identification numbers (PINs), user accounts and email address lists.

According to the latest Symantec Internet Security Threat Report released by US-based IT security major Symantec Corporation, credit cards are the most frequently advertised items for sale on underground economy servers, covering 22% of all goods advertised, followed by bank account details at 21%. The highest number of attacks on PCs were also from the US during the first six months of 2007.

During this period, according to Symantec, 8,011 distinct credit cards being advertised for exchange on underground economy servers. “This, however, is only a small proportion of the credit cards sold across the internet as a whole,” the report mentioned.

The chunk of these servers are located in the US which accounts for 64% of the total underground economy servers known to Symantec Corporation. Germany accounted for 12% while Sweden ranked third, accounting for 9% of these servers.
Credit card numbers and bank account details are stolen from unsuspecting online users through a variety of attacks.

These include phising, organised attacks and keyloggers. Interestingly, there were also a number of instances in which attackers compromised trusted sites in order to lie in wait for unsuspecting users.

Phising refers to theft of data through bogus sites that look like an original bank’s or a financial institution’s website. About 79% of all phising attacks were on websites of financial institutions. Organised attacks compromise PCs with malicious programmes that extract sensitive information.