A few pennies for your thoughts -- and credit card

Apr 14, 2009 By JORDAN ROBERTSON , AP Technology Writer

(AP) -- One economy apparently isn't hurting these days - the one run by identity thieves in the dark corners of the Internet.

Demand and prices remain stable for stolen credit cards, Social Security numbers and other private information, according to a new study by maker Symantec Corp.

Meanwhile, the supply of such data is steady too, thanks to the way the recession has inspired new scams targeting people who are worried about work and their finances, according to the Symantec report and another study from Gartner Inc. that was due to be released Tuesday.

"There's no pricing pressure at all - it's not dropping, they're not negotiating down," said Alfred Huger, vice president of Symantec Security Response. "That tells us that there are still the same number of buyers. The underground economy has not been affected by the recession."

One reason is that the prices for some records have been falling for years and can't go much lower. Stolen credit now go for as little as 6 cents each, if they're bought 10,000 at a time. The price can be $30 per card for smaller orders.

Access to hijacked e-mail accounts: 10 cents to $100.

Bank account credentials: $10 to $1,000.

Scammers can hire people to "cash out" compromised bank accounts for between 8 percent and 50 percent of the amount they're stealing. Hosting for scam Web sites ranges from $3 to $40 per week.

Symantec says sellers appear loath to undercut each other. Many cyber gangs are believed to be affiliated with organized crime, and crooks who don't play by the rules risk being locked out of future business, or being targeted with Internet attacks or possibly even physical violence.

"It makes you wonder if there's some collusion among the sellers," Huger said. "And it's a very heavily self-policing industry. I think people there would take a very dim view of significant undercutting of prices that would affect the whole industry."

Security experts not involved in Symantec's study say prices for booty like stolen credit card numbers might not be falling anymore because they have hit a bottom. The usefulness of stolen credit card numbers is waning because of anti-fraud measures - crooks now need additional details, like PIN numbers or the security codes on the back of the cards, to sell as a package deal.

"The value of just the front side of your has gone to almost zero - the bad guys need to get more and more data," said Peter Tippett, vice president of research and intelligence for Verizon Communications Inc.'s business security solutions division. That division investigates many large data breaches.

The pipeline for stolen data is being replenished by phony "phishing" e-mails that are becoming more common as the economy worsens. Three-quarters of the phishing e-mails Symantec examined were banking-related, for things like low-interest loans and mortgage refinancing. When people pay for those services, their money vanishes.

Symantec found a startling 66 percent increase in the number of phishing Web sites from the previous year.

studied data from more than 200 million personal computers running its antivirus software, 200 million e-mail accounts that do nothing but collect spam, and information from large corporations that use Symantec's products.

Gartner's study reinforced the finding that phishing scams are proliferating. It estimates that more than 5 million U.S. consumers lost money to phishing attacks from September 2007 to September 2008 - a 40 percent increase over the estimated number of victims a year earlier.

Each victim is losing less money, though. Criminals have changed their tactics and are now pursuing a higher volume of lower-value attacks to evade banks' fraud detection systems, said Avivah Litan, a Gartner vice president.

©2009 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Explore further: Fitbit to Schumer: We don't sell personal data

add to favorites email to friend print save as pdf

Related Stories

Anti-phishing 'posses' hunt criminals

Oct 05, 2005

California Gov. Arnold Schwarzenegger last Friday signed into law the first state legislation that penalizes fraudsters who steal online identities through "phishing" scams, but Internet companies and banks are not waiting ...

Networking: Is that bank's URL legitimate?

May 01, 2006

Computer-security professionals at the weekend were working on what is being described as a just-emerging IT problem -- the kind which, if the pros are correct, potentially could imperil all e-commerce across ...

Phishing Attacks in May Jumped More Than 200 Percent

Jun 30, 2005

The phishing season is officially open. Phishing – using fraudulent emails to try to dupe recipients into revealing personal or financial information -- reached its highest level in May, according to IBM. The month Global ...

Networking: Virus writing for profit

Sep 26, 2005

Unscrupulous e-mail marketers are collaborating with criminal virus writers to combine selling questionable goods and services online with attempting to steal information from consumers, experts told United Press International's ...

ID theft a concern for new year

Jan 04, 2006

Forget about losing excess pounds -- what consumers really should resolve for the New Year is protecting their identity, security experts warn. The rise in identity theft has brought the issue to the forefront for both businesses ...

Recommended for you

Fitbit to Schumer: We don't sell personal data

42 minutes ago

The maker of a popular line of wearable fitness-tracking devices says it has never sold personal data to advertisers, contrary to concerns raised by U.S. Sen. Charles Schumer.

Should you be worried about paid editors on Wikipedia?

5 hours ago

Whether you trust it or ignore it, Wikipedia is one of the most popular websites in the world and accessed by millions of people every day. So would you trust it any more (or even less) if you knew people ...

How much do we really know about privacy on Facebook?

6 hours ago

The recent furore about the Facebook Messenger app has unearthed an interesting question: how far are we willing to allow our privacy to be pushed for our social connections? In the case of the Facebook ...

Philippines makes arrests in online extortion ring

6 hours ago

Philippine police have arrested eight suspected members of an online syndicate accused of blackmailing more than 1,000 Hong Kong and Singapore residents after luring them into exposing themselves in front of webcam, an official ...

Google to help boost Greece's tourism industry

18 hours ago

Internet giant Google will offer management courses to 3,000 tourism businesses on the island of Crete as part of an initiative to promote the sector in Greece, industry union Sete said on Thursday.

Music site SoundCloud to start paying artists

Aug 21, 2014

SoundCloud said Thursday that it will start paying artists and record companies whose music is played on the popular streaming site, a move that will bring it in line with competitors such as YouTube and Spotify.

User comments : 0