Your personal cyber security and anti-hacking news

Are You On This Paypal Accounts Hacked List From 2015?

by: Omri Toppol
Why credit fraud is so easy and why credit protection services are so important

Your hacked PayPal account costs as low as $2! Check out other prices on the black market.

Quite a lot has been written about the underground economy, which is made up of hundreds of forums, chat rooms and custom-made websites designed to facilitate, streamline and industrialize cybercrime. Within these communities, cybercriminals get together to trade tools, services, and victims’ credentials, enabling less sophisticated and even non-technical individuals to become cybercriminals. One no longer needs to know how to hack, skim or steal credit cards in order to get his hands on them—he or she can simply log into one of the forums and buy them from a vendor. It is therefore interesting to see what kind of credentials are being traded in these circles, as it indicates what cyber criminals are after. Without demand, there would be no supply, after all.

The motivation for buying stolen credentials is a fairly straightforward one: making money. Every identity theft “operation,” from beginning to end, includes two major parts: obtaining credentials and a “cashout,” or turning those credentials into money. Credentials can be obtained by various means, such as Phishing attacks, Trojan Horses or hacking into online merchants’ databases, as well as real-world activities such as credit card skimming, infecting point-of-sale devices with malware and more.

paypal accounts hacked list 2015

How the cashout is done is determined by the type of credential, which in turn is dictated by the way it was collected. If the credential is what fraudsters call a “dump” (the raw information on the magnetic strip), which was collected through real-world skimming, the cashout is done by encoding the “dump” data onto a fake credit card and physically going to a store to make purchases, which is also known as carding. If the credential is for an online banking service, either obtained by Phishing or a Trojan horse, the cashout would involve setting up a “mule account” that accepts a fraudulent money transfer from the compromised account.

Credit Cards

The most commonly traded commodities are, unsurprisingly, credit cards. Credit card records come in several flavors, with the two main flavors being “dumps” and “CVVs.” Not to be confused with the three digits on the back of the card, “CVV” in fraudster terminology refers to a credit card record which includes the cardholder name, address, card number, expiration date and the CVV2. These cards can only be used with online merchants, while “dumps” can only be used with brick-and-mortar merchants. The price for both varies dramatically based on the type of card, the expiration date (cards that are about to expire go on sale), the country (countries of which cards are in less supply cost more), the seller and more. Generally, “dumps” are worth more than “CVVs” simply because the payoff is bigger—a carder can buy goods of higher value with a “dump” than with a “CVV.” Therefore, “CVVs” usually cost below $10, while “dumps” can go as high as several dozens of dollars. Generally speaking, the supply of credit card records in the underground is in the many millions.

Financial Credentials

Other financial credentials are also quite popular in the underground, including bank logins, referring in fraudster terminology to compromised online banking accounts. The price for such accounts depends on their balance (where in many instances the price is a percentage of the balance) and the associated bank. Certain bank accounts are harder to cash out than others, which may be reflected in the price.

“Fullz” is also a type of financial credential traded in the underground, which refers to the full information on the victim: name, address, credit card information, social security number, date of birth, mother’s maiden name, driver’s license number and more. As a rule of thumb, the more information you have on your victim, the more money you can make out of the credential. “Fullz” are usually pricier than the standard credit card credential but still cost under $100 per record. “Fullz” can be cashed out in a multitude of ways, including using a bank’s telephone service, doing a “change of billing” and ordering credit cards, applying for loans and more. “Dead Fullz,” which are “Fullz” credentials that are no longer valid, can also be used for different things such as opening a mule account on behalf of the victim and without his or her knowledge.

Merchant Accounts

When it comes to credentials for online services accounts, PayPal and eBay are popular for obvious reasons. While PayPal is difficult to cash out, the fact that so many people use PayPal and the fact that the cashout methods are “universal” (i.e., a PayPal account is a PayPal account, unlike different banks with their own differences) motivates fraudsters to target them. eBay accounts facilitate auction fraud, which has been a popular scam method for many years now. In terms of cost, PayPal and eBay prices substantially differ from seller to seller, and can go for as low as $2 for a PayPal account (most likely due to the investment needed to cash out such accounts). Amazon accounts are also a popular credential traded in these circles, with a myriad of sellers offering such accounts for sale.

Find out more:

Learn how to protect your PayPal account  – What Should I Do If My PayPal Account Was Hacked

Make sure your eBbay account is protected – What Should I Do If My eBay Account Was Hacked?


In certain circles within the underground, other types of accounts are also traded. As fraudsters found a way to cash out online games, by selling the virtual gold and unique virtual goods obtained by the victim’s character for real-world money, these accounts are also traded in the underground. Steam accounts are also being offered for sale (Steam being the most popular store for PC games), though it’s unclear whether the buyer intends to somehow cash out the account or simply attempt to gain access to games bought by the victim. Other accounts traded are of ISPs, or Internet Service Providers. These type of accounts provide access to the ISP’s mail relay, which can be used to send spam.

Identity thieves operate with one thing in mind, and that is to make money. Any account type that can be cashed out in order to rake in a profit for the fraudster is a legitimate target. As fraudsters are always on the lookout to generate new means of income, demand may rise in the underground for new accounts and new credentials over time, which puts users at a constant risk of being targeted.

Did you enjoy this post? If so, subscribe to get a weekly roundup from BlogDOG.

Written by  Omri Toppol

Omri is LogDog's marketing guy. He is passionate about technology, digital marketing and helping online users to stay safe and secure

« | »

Other Posts

Get Protected

Enter your email and receive security updates * 100% privacy guaranteed, we will never spam you.