Black credit card #bad #credit #credit #cards

#black credit card
#

The Underground Credit Card Blackmarket

Credit card data has been traded on the cyber black-market for a number of years. The relatively recent breaches of TJX Companies (owner of T.J. Maxx) and Heartland Payment Systems show the extent to which criminals will go in order to harvest credit card numbers, social security numbers, names, addresses and more. All this legitimate (but stolen) information fuels a world of cyber crime.

In this article we show that, unlike what you might think, the credit card black-market operates very much in the open. Below we point out websites, which can be used to tap into the cyber black-market and find stolen credit card numbers and the associated credentials to purchase for any purpose they desire. We also show instant messenger handles, emails and details of what cyber criminals are selling on the Internet.

We analyzed 429 unique domains and 615 unique URLs. Each of these URLs contained information about buying stolen credit card information. Each URL lead to a web page where cyber-criminals have posted details about how to interact with them and buy stolen financial credentials. In the majority of cases, cyber criminals who are selling this information can provide one of the following types of data.

The data for this article was collected between February 27th and March 2nd, 2010.

Basic Credit Card Information Offers:

Usually consists of credit card number, type, expiration date and CVV.

Premium Credit Card Information Offers:

Usually consists of credit card number, type, expiration date, CVV, SSN, Home Address, Full Name, Date of Birth and much more.

PayPal Information Offers:

Some domains host multiple instances of stolen Credit Card Ads, (CC-Ads). We present the frequency distribution of CC-Ads on each unique domain below.

Frequency of CC-Ads on each unique domain.

Interesting Highlights:

  • None of the websites advertising stolen credit card data were blacklisted by Google s Safe Browsing List. This could potentially indicate that cyber criminals are conscientious of not discouraging visitors to these sites.
  • Cyber criminals prefer to get paid via Liberty Reserve and Western Union money transfer services.
  • Some cyber criminals have used images to provide quotations [img] .
  • Yahoo.com seems to be the email and instant messaging service preferred by cyber criminals.
  • Nearly 75% of sites with CC-Ads are located in the US (see graph below).

IP Geo-location for websites with CC-Ads.

It is clear from the current state of the credit card black-market that cyber criminals can operate much too easily on the Internet. They are not afraid to put out their email addresses, in some cases phone numbers and other credentials in their advertisements. It seems that the black market for cyber criminals is not underground at all. In fact, it s very in your face. Clearly a more concerted effort is required to clamp down on this problem. Simply tying up loose ends on the enterprise side is not enough to combat this problem when there is virtually nothing to stop criminals from touting their stolen wares freely in the Internet.

Editor s Note: We are providing a limited list of sites as an example of the brash lawbreaking behavior of these cyber criminals. We believe it is important for the purpose of this article that the reader be able to verify our statements. Additionally, we believe that consumer awareness of the problem can only serve to reduce the ease with which these criminals operate.

Forums used to buy and sell stolen credit card information:

Various instant messenger credentials [1] [2] [3] used by cyber criminals:

People who interacted with ubuntu_kana (Yahoo messenger):

People who interacted with peeseller (Yahoo messenger):

People who interacted with bagiabancc (Yahoo messenger):

Posted by anirban on March 3rd

Are people paying stolen credit cards with stolen credit cards? 😉

Posted by Shungaeslagente on March 3rd

All those links are now dead.

Posted by asv on March 4th

Couple of quick suggestions.

1. Make the company logo at the top of the page a clickable link that takes you to the homepage (I know there is a home button but the former is really a standard practice these days).

2. This is very general but have you thought about expanding to the mobile browsing market. An iphone app could be a good start.

A friend

Posted by Anon on March 6th

Thank you very much for the comment, we will definitely pay attention to this.

Posted by anirban on March 7th

We appreciate your suggestion and have updated our website with a click-able logo area in the upper-left. The link will take you right to our homepage!

We take our visitor s comments seriously. I wish you d left an email so we could reach you with questions in regard to your second comment.

I am interested in your thoughts: what features would you be looking for in an iphone app?

Posted by admin on March 14th

i recently got scammed when someone used my creditcard!

and i dont know how they succeeded to change my Verified by visa password!!

when i where buying a domain name i got my ordinary window up but my personal message where changed to NaqZoCorporation and when i googled it seem to be a scam site one of those. But these guys are pro because they succeeded to change my verified by visa and my billing adress!!

Posted by Phil on March 20th

[ ] Credit Card Data Traded on the Black Market I am a firm believer in checking my data every few days, because I have seen it all. No matter what the situation, you never know when or where your information could have been leaked. A hacker could tap into the SQL database of some website where you made a purchase 6 months ago or a year ago And then there is skimming. It is hardly possible to keep your eye on your card 24/7 without looking like a nut, especially if you are in a high priced restaurant where it is customary to hand over your card to the waiter who walks away with it in order to process the charges. They also say that some skimming devices can be placed at gas pumps and ATM s so that users don t even noticed they have been installed over(on top of) the actual processing device you use everyday. I haven t seen these things, possibly its just a small metallic strip that is placed inside there and then retrieved later. I pay at the pump all the time so I can t imagine a device that could fool me. It would have to be quite small. Anyay. My point is, rather than trying to combat the situation, my best advice is to just use one bank, say B of A or HSBC and have your checking savings and credit cards with that one bank .so you only have to log in to or call one bank. and every 3 days check your acconts. Or every 2 days. Here is a link everyone should read [ ]

Posted by Credit Card Data Traded on the Black Market Credit Forums Loans, Debt, and Credit Discussion on April 17th

Sadly, fraud and crime are fairly rampant on the internet. Some of the biggest threats come from scammers, who will just try to rip you off, and other groups, who trade in stolen credit card and bank information. StopTheHacker.com did a study in early

Posted by Varnes Computers Blog on July 9th

Wow. Good article. Makes me want to never buy anything else on the internet ever again. Makes you wonder how long until we all go back to strictly paper money where you actually know if someone is taking it from you.

Posted by dcrockett on October 11th

[ ] called stopthehacker.com recently analyzed the black market and was able to find examples of how this information is present online. Through simple online web portals, you can find credit card data on anything from basic accounts [ ]

Posted by Credit Card Numbers for Sale on the Black Market | MyBankTracker.com on December 9th

i recently got scammed when someone used my creditcard!

and i dont know how they succeeded to change my Verified by visa password!!

Thats as easy as finding your DOB and resetting it?:/

Posted by clarck on June 2nd





Leave a Reply

Your email address will not be published. Required fields are marked *