What is the underground economy?
Put simply, the underground economy is a collection of forums, chat rooms and custom-made websites that are all designed to facilitate, streamline and industrialize cybercrime. It’s within these communities that cybercriminals gather to trade tools, services and victims’ credentials.
What’s their motivation? Making money, of course. Let’s take a look at how cybercriminals turn our personal information into cash, and how much that information is worth.
The cashout
Identity theft “operations” are made up of two major parts:
There are various ways to obtain credentials. Some options are Phishing attacks, Trojan Horses and hacking into an online merchants’ databases. Credentials can also be obtained through real-world activities like credit card skimming or infecting point-of-sale devices with malware.
The cashout method is based on the type of credential, which in turn is dictated by the way it was collected. If the credential is what hackers call a “dump” (the raw information on the magnetic strip), which was collected through real-world skimming, the cashout is performed by encoding the “dump” data onto a fake credit card and physically going to a store to make purchases. This is also known as carding. If the credential is associated with an online banking service, obtained either by Phishing or a Trojan horse, the cashout involves setting up a “mule account” that accepts a fraudulent money transfer from the compromised account.
The value of our personal information
Identity thieves operate with one thing in mind, and that is to make money. Any account type that can be cashed out in order to rake in a profit for the fraudster is a legitimate target. As hackers are always on the lookout to generate new means of income, demand may rise in the underground for new accounts and new credentials over time, which puts users at a constant risk of being targeted.
About the Author
Omri Toppol has been working with hi-tech startups for over 15 years. He is an entrepreneur with an extensive technical background and a passion for mobile.
About LogDog
The LogDog anti-hacking and privacy tool protects the most popular online account types including Gmail, Facebook, and Dropbox by detecting unusual access activity and alerting users so they can take control of their accounts before hackers do.
Edited by Pierluigi Paganini
(Security Affairs – Underground market, hackers)
A critical vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and…
As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement…
Healthcare service provider Kaiser Permanente disclosed a security breach that may impact 13.4 million individuals…
Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability. Over…
A ransomware attack on a Swedish logistics company Skanlog severely impacted the country's liquor supply. …
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…
This website uses cookies.