A few pennies for your thoughts -- and credit card

Apr 14, 2009 By JORDAN ROBERTSON , AP Technology Writer

(AP) -- One economy apparently isn't hurting these days - the one run by identity thieves in the dark corners of the Internet.

Demand and prices remain stable for stolen credit cards, Social Security numbers and other private information, according to a new study by maker Symantec Corp.

Meanwhile, the supply of such data is steady too, thanks to the way the recession has inspired new scams targeting people who are worried about work and their finances, according to the Symantec report and another study from Gartner Inc. that was due to be released Tuesday.

"There's no pricing pressure at all - it's not dropping, they're not negotiating down," said Alfred Huger, vice president of Symantec Security Response. "That tells us that there are still the same number of buyers. The underground economy has not been affected by the recession."

One reason is that the prices for some records have been falling for years and can't go much lower. Stolen credit now go for as little as 6 cents each, if they're bought 10,000 at a time. The price can be $30 per card for smaller orders.

Access to hijacked e-mail accounts: 10 cents to $100.

Bank account credentials: $10 to $1,000.

Scammers can hire people to "cash out" compromised bank accounts for between 8 percent and 50 percent of the amount they're stealing. Hosting for scam Web sites ranges from $3 to $40 per week.

Symantec says sellers appear loath to undercut each other. Many cyber gangs are believed to be affiliated with organized crime, and crooks who don't play by the rules risk being locked out of future business, or being targeted with Internet attacks or possibly even physical violence.

"It makes you wonder if there's some collusion among the sellers," Huger said. "And it's a very heavily self-policing industry. I think people there would take a very dim view of significant undercutting of prices that would affect the whole industry."

Security experts not involved in Symantec's study say prices for booty like stolen credit card numbers might not be falling anymore because they have hit a bottom. The usefulness of stolen credit card numbers is waning because of anti-fraud measures - crooks now need additional details, like PIN numbers or the security codes on the back of the cards, to sell as a package deal.

"The value of just the front side of your has gone to almost zero - the bad guys need to get more and more data," said Peter Tippett, vice president of research and intelligence for Verizon Communications Inc.'s business security solutions division. That division investigates many large data breaches.

The pipeline for stolen data is being replenished by phony "phishing" e-mails that are becoming more common as the economy worsens. Three-quarters of the phishing e-mails Symantec examined were banking-related, for things like low-interest loans and mortgage refinancing. When people pay for those services, their money vanishes.

Symantec found a startling 66 percent increase in the number of phishing Web sites from the previous year.

studied data from more than 200 million personal computers running its antivirus software, 200 million e-mail accounts that do nothing but collect spam, and information from large corporations that use Symantec's products.

Gartner's study reinforced the finding that phishing scams are proliferating. It estimates that more than 5 million U.S. consumers lost money to phishing attacks from September 2007 to September 2008 - a 40 percent increase over the estimated number of victims a year earlier.

Each victim is losing less money, though. Criminals have changed their tactics and are now pursuing a higher volume of lower-value attacks to evade banks' fraud detection systems, said Avivah Litan, a Gartner vice president.

©2009 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Explore further: Google offers peek into Bhutan with Street View launch

add to favorites email to friend print save as pdf

Related Stories

Anti-phishing 'posses' hunt criminals

Oct 05, 2005

California Gov. Arnold Schwarzenegger last Friday signed into law the first state legislation that penalizes fraudsters who steal online identities through "phishing" scams, but Internet companies and banks are not waiting ...

Networking: Is that bank's URL legitimate?

May 01, 2006

Computer-security professionals at the weekend were working on what is being described as a just-emerging IT problem -- the kind which, if the pros are correct, potentially could imperil all e-commerce across ...

Phishing Attacks in May Jumped More Than 200 Percent

Jun 30, 2005

The phishing season is officially open. Phishing – using fraudulent emails to try to dupe recipients into revealing personal or financial information -- reached its highest level in May, according to IBM. The month Global ...

Networking: Virus writing for profit

Sep 26, 2005

Unscrupulous e-mail marketers are collaborating with criminal virus writers to combine selling questionable goods and services online with attempting to steal information from consumers, experts told United Press International's ...

ID theft a concern for new year

Jan 04, 2006

Forget about losing excess pounds -- what consumers really should resolve for the New Year is protecting their identity, security experts warn. The rise in identity theft has brought the issue to the forefront for both businesses ...

Recommended for you

Google offers peek into Bhutan with Street View launch

1 hour ago

Google provided a sneak peek into Bhutan Thursday by unveiling a Street View project for the remote Himalayan kingdom, featuring panoramic views of its majestic mountains, monasteries and crystal-clear rivers.

Twitter looks to weave into more mobile apps

15 hours ago

Twitter on Wednesday set out to weave itself into mobile applications with a free "Fabric" platform to help developers build better programs and make more money.

Google unveils app for managing Gmail inboxes

16 hours ago

Google is introducing an application designed to make it easier for its Gmail users to find and manage important information that can often become buried in their inboxes.

Fighting cyber-crime one app at a time

22 hours ago

This summer Victoria University of Wellington will be home to four Singaporean students researching cyber threats. The students have been working with Dr Ian Welch, a lecturer in Victoria's School of Engineering and Computer ...

User comments : 0