A few pennies for your thoughts -- and credit card

April 14, 2009 By JORDAN ROBERTSON , AP Technology Writer

(AP) -- One economy apparently isn't hurting these days - the one run by identity thieves in the dark corners of the Internet.

Demand and prices remain stable for stolen credit cards, Social Security numbers and other private information, according to a new study by maker Symantec Corp.

Meanwhile, the supply of such data is steady too, thanks to the way the recession has inspired new scams targeting people who are worried about work and their finances, according to the Symantec report and another study from Gartner Inc. that was due to be released Tuesday.

"There's no pricing pressure at all - it's not dropping, they're not negotiating down," said Alfred Huger, vice president of Symantec Security Response. "That tells us that there are still the same number of buyers. The underground economy has not been affected by the recession."

One reason is that the prices for some records have been falling for years and can't go much lower. Stolen credit now go for as little as 6 cents each, if they're bought 10,000 at a time. The price can be $30 per card for smaller orders.

Access to hijacked e-mail accounts: 10 cents to $100.

Bank account credentials: $10 to $1,000.

Scammers can hire people to "cash out" compromised bank accounts for between 8 percent and 50 percent of the amount they're stealing. Hosting for scam Web sites ranges from $3 to $40 per week.

Symantec says sellers appear loath to undercut each other. Many cyber gangs are believed to be affiliated with organized crime, and crooks who don't play by the rules risk being locked out of future business, or being targeted with Internet attacks or possibly even physical violence.

"It makes you wonder if there's some collusion among the sellers," Huger said. "And it's a very heavily self-policing industry. I think people there would take a very dim view of significant undercutting of prices that would affect the whole industry."

Security experts not involved in Symantec's study say prices for booty like stolen credit card numbers might not be falling anymore because they have hit a bottom. The usefulness of stolen credit card numbers is waning because of anti-fraud measures - crooks now need additional details, like PIN numbers or the security codes on the back of the cards, to sell as a package deal.

"The value of just the front side of your has gone to almost zero - the bad guys need to get more and more data," said Peter Tippett, vice president of research and intelligence for Verizon Communications Inc.'s business security solutions division. That division investigates many large data breaches.

The pipeline for stolen data is being replenished by phony "phishing" e-mails that are becoming more common as the economy worsens. Three-quarters of the phishing e-mails Symantec examined were banking-related, for things like low-interest loans and mortgage refinancing. When people pay for those services, their money vanishes.

Symantec found a startling 66 percent increase in the number of phishing Web sites from the previous year.

studied data from more than 200 million personal computers running its antivirus software, 200 million e-mail accounts that do nothing but collect spam, and information from large corporations that use Symantec's products.

Gartner's study reinforced the finding that phishing scams are proliferating. It estimates that more than 5 million U.S. consumers lost money to phishing attacks from September 2007 to September 2008 - a 40 percent increase over the estimated number of victims a year earlier.

Each victim is losing less money, though. Criminals have changed their tactics and are now pursuing a higher volume of lower-value attacks to evade banks' fraud detection systems, said Avivah Litan, a Gartner vice president.

©2009 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Explore further: Phishing Attacks in May Jumped More Than 200 Percent

Related Stories

Phishing Attacks in May Jumped More Than 200 Percent

June 30, 2005

The phishing season is officially open. Phishing – using fraudulent emails to try to dupe recipients into revealing personal or financial information -- reached its highest level in May, according to IBM. The month Global ...

Networking: Virus writing for profit

September 26, 2005

Unscrupulous e-mail marketers are collaborating with criminal virus writers to combine selling questionable goods and services online with attempting to steal information from consumers, experts told United Press International's ...

Recommended for you


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.