Internet Black Market – More than just Credit Cards and it’s automated!
Automated Underground Stores: Not Just for Credit Cards
In one of our recent posts, we discussed the industrialization of the underground economy and the rise of automated credit card stores, a type of underground store fraudsters use to automate the selling of stolen credit card credentials. Indeed, automated selling in underground stores started with credit card credentials. But as this type of automated store grew in popularity, criminals started using the same approach for selling other types of goods, from hacked accounts to various cybercrime tools.
Accounts Sold in Automated Underground Stores
Without a doubt, one of the most targeted account types out there is PayPal. Even though PayPal has rigorous security procedures in place, hackers still target PayPal accounts because they’re so lucrative. With this, it’s no wonder some automated stores are completely dedicated to selling PayPal accounts.
Similar to automated credit card stores, stores dedicated to selling PayPal accounts provide “previews” for each account on sale. These previews include information such as the account’s balance, the state and city of the account holder, and whether credit card or bank accounts are associated with the account. In some instances, even the domain (Gmail, Hotmail, etc.) of the account holder’s email account is provided.
While PayPal accounts are popular, there are many other account types available for purchase in automated underground stores. From shopping sites such as eBay and Apple, to mobile service provider accounts such as Verizon, and even matchmaking sites like eHarmony and Match.com (believe it or not, some hackers partake in “Romance Scams”), the variety of accounts on sale is staggering.
Instead of using Phishing attacks in order to obtain these types of credentials, hackers can simply visit an automated underground store and purchase compromised account credentials to their heart’s content.
Tools Sold in Automated Underground Stores
Tools are also popularly sold in automated underground stores. Stores selling tools basically sell the “infrastructure” that’s used by various cybercriminals (including fraudsters, spammers, content pirates, etc.) to commit their crimes.
Here are the types of tools these stores may carry:
- SMTPs. This stands for “Simple Mail Transfer Protocols,” and it’s an Internet standard for email transmission. Read more about SMTPs on Wikipedia. With SMTPs, hackers can use email servers to send out spam.
- Shells. Sometimes known as “backdoor shells,” these are malicious pieces of code that hackers can use to alter the files on a website. For example, using a shell to access a site’s server, the hacker can then download all of the site’s files, edit or delete them, or replace them with their own files.
- Leads. This is another word for the email lists hackers can use for sending spam.
- FTPs. FTPs facilitate access to a website’s file servers, enabling hackers to upload and share pirated content.
The screenshot below shows the great variety of tools available in some automated underground stores:
Automated underground stores display the power of the underground economy, and make cybercrime that much easier to commit. Fraudsters who are clueless on how to obtain data don’t need to learn or even find the “right partners.” All they need to do is register at one of these stores and make a purchase, and they can do so any day, at any time.
Did you enjoy this post? If so, subscribe to get a weekly roundup from BlogDOG.
Take Control of Your Online Security
Perhaps now more than ever, it’s crucial to take a hands-on approach regarding your privacy and the security of your personal data and online accounts (Gmail, Facebook, Dropbox, etc.). Fortunately, you can use a number of freely available tools to help better protect your personal information. Here are a few suggestions:
- Get an antivirus solution for both your PC and phone. Check out these recommendations for the Best Free PC Antivirus Software and Top 5 Android Security Apps.
- Never reuse the same password across multiple online accounts, and always make sure you use strong passwords that include letters, numbers, and at least one symbol. To keep track of your passwords and keep them safe and secure, use a password manager like LastPass or PasswordBox.
- Use two-factor authentication on all of your accounts to enhance security.
- Get LogDog, a free anti-hacking app. It protects your personal data and valuable accounts (Gmail, Facebook, Yahoo and more) and alerts you to any suspicious activity so you can take control of your account before a hacker does.The service can be used across all devices and OS’s, so you’re always being protected. Here’s the Android and iOS links for you to check out.