Six million stolen credit card details on the dark web have been analyzed to reveal that more than half belong to US residents or citizens. Worse still, many of these come bundled for sale with other personal data such as names and addresses.
NordVPN found that while the average set of stolen card details was sold for $7 on the dark web, some are even leaked for free. This is not a good development for Americans, whose details constituted 58% of analyzed payment details, equivalent to 3.5 million sets.
What’s more, around six in ten stolen credit cards were offered for sale alongside addresses, names, and Social Security numbers.
“Card fraud often leaves the victim helpless — in large part because it is near impossible to tell how your card details have been stolen,” said NordVPN. “Even security professionals are at risk. More direct methods of hacking and theft can make victims feel even more vulnerable — and grab more than just their card details.”
Methods of stealing credit card data vary widely, from physical means including card theft or “shoulder surfing” — looking over a victim’s shoulder and memorizing their card numbers as they use them in a public place — to more sophisticated digital means such as phishing, email scams designed to trick people into parting with their details voluntarily, and “relaying” or remotely hijacking contactless payment details.
Other known digital means of obtaining credit card details involve infecting point-of-sale devices with malware, inserting skimmers into ATMs to copy inserted cards, and hacking into online bank accounts.
In contrast to the US, Russia was the least prevalent country on the list of stolen credit cards, with China featuring as the third least likely to be included in a stolen data haul. India was a distant second to the US, with some 218,000 cards up for grabs, while the UK came third with around 164,000.
Cards from Denmark fetched the highest asking price, at $11.54 per set of details, closely followed by those from Japan, Portugal, and Ukraine. But US cards sold for just below the median average, at $6.86, suggesting that when it comes to victimizing people in America, cybercriminals favor quantity over quality.
Card details from Argentina and New Zealand were the cheapest where a price was given, at around $2.50 each. NordVPN did not elaborate on where and why cards were leaked for free, but its research suggests that in such cases these might have been bundled as an offer with other forms of stolen data.
Credit card details inspected by NordVPN covered just under 100 countries — about half the world’s total.
For its study, the security analyst says it commissioned independent investigators, who trawled eight illegal websites to identify and observe the six million stolen cards. NordVPN stressed that it received no personally identifying information belonging to victims in the course of the investigation.
“The data NordVPN received from these third-party researchers did not contain any information that relates to an identified or identifiable individual, such as names, contact information, or other personal information,” it said.
Your email address will not be published. Required fields are markedmarked