SlideShare a Scribd company logo

Online Fraud Report 2010

Vaibhav Agarwal
Vaibhav Agarwal

There is a whole online fraud marketplace operating. Check out this report to find out how your 'secured' email and banking details are literally ON SALE!

Education
1 of 6
RSA Online Fraud Report August, 2010 Prices of Goods and Services offered in the Cybercriminal Underground If you were to take a glimpse into the fraud black market, you would see that not only do cybercriminals trade stolen Online forums serve as platforms for data, but they also offer a multitude of tools and services for cybercriminals to exchange their criminal sale that enable others to harvest this information and/or tools, services, and know how; but even monetize it. Examples of some criminal ‘product’ offerings more so, forums are flourishing markets would include fraudster call center services that “outsource” used by those who profit from the sale of fraudulent phone calls made to banks or merchants; compromised bank accounts and payment information services that provide a rich set of personal and card data. In order to keep feeding the financial data on potential victims; phishing kits that target cybercrime economy, vendors of different banks: Trojan infection kits; and credit card compromised data mainly1 obtain their checking services, just to name a few. “merchandise” by launching phishing and Trojan attacks or hacking into merchants’ For the purposes of our research, the RSA FraudAction databases; they then offer the harvested Intelligence Team has gone out “shopping” in the larger data for sale in a varying number of underground forums where a variety of goods and services are underground forums. offered for sale. Today, we bring you an up-to-date shopping list straight from the underground cybercriminal market, along with the corresponding price tags as advertised in the major online fraudster forums. We’ve also outlined several hypothetical scenarios we’ve developed in order to help illustrate the potential impact of this fraud marketplace. Example Scenario #1 A would-be cybercriminal browses the Internet and reads how lucrative the botnet business can be for individuals with minimal technical computer savvy. After deciding to proceed with the ‘fraud business plan’ – he goes shopping in the underground. Here’s a look at his shopping list: – One powerful banking Trojan (Zeus) with a full builder and extra plugin options: $4,000 to start – One month of bulletproof hosting – up to $400 per month 1 Other sources of compromised data may also include hacked payment – One infection campaign via e-mail (spam blasting) – processing systems and skimmers placed by fraudsters on POS devices and ATM machines. Approximately $70 per campaign with CAPTCHA circumvention option included Total estimated startup cost: $4,470 Credential harvesting potential: Limitless RSA Online Fraud Report
How does this would-be cybercriminal set his wares in help of a fraudulent call to the call center, buying credibility motion? He promptly launches a Trojan infection campaign, to a random item-drop address. He can then purchase big and potential victims begin accessing the infected URL, ticket items online, having them shipped to that same item- inadvertently getting the cybercriminal’s Trojan variant drop mule, then directly into his hands for cash resale in his installed on their computer. own local grey market. The cybercriminal now begins building his new botnet as Shopping the Underground Market2 more and more victims fall for his tricky e-mail messages and A stroll through some leading underground forums provided us continue browsing to the compromised site (often referred to with a complete cybercriminal shopping list. Overall, the list as the “infection point”). below reflects an accurate view of the prices of goods and services as they are currently sold in this black market. While In just a matter of time, victims will access their online prices vary, the list below offers a price range rather than one banking services and all their login credentials will get absolute market price and truly represents what cybercriminals captured and transmitted from their PCs directly into the illicitly buy and sell in order to carry-out their fraud operations cybercriminal’s drop server. Whether he decides to sell these both in the online realm and in the real world. credentials to other cybercriminals or uses them to commit fraud himself is all up to the level of involvement he wants to Looking at this non-exhaustive list one can review basic partake in, the risks of getting caught – and how much profit pricing of credit card data, customer credentials, crimeware, he has his sights set on. Phishing, hosting, private consumer information, etc. It is evident the fraud supply chain proves to work through a vast and vibrant underground market where a fraudster’s key Example Scenario #2 purpose is targeting the best avenue to maximizing his ROI. A seasoned fraudster, well-versed in cybercrime techniques, A cybercriminal can procure credit card data for as little as begins planning his Christmas shopping for the year. He the price of a latté. What may seem marginal enough at first quickly opts for purchasing compromised “Fulls” or sight may carry the potential for heavy losses to consumers, credentials, specifically those belonging to customers of the banks and credit card associations involved. large American financial institutions. This cybercriminal visits Various fraud products and services are sold in the his trusted vendor to fulfill the following shopping list: underground for not more than $50, but can be associated – 50 sets of freshly compromised “Fulls” credentials – with the loss of thousands of dollars in the end. Worse yet, $ 500 on average in the case of consumers, one can never put a price tag on – 30 fraudulent phone calls to online merchants, banks the loss of privacy. and money transfer services: $300 Even when looking at the relatively high price of Trojans, – Item drop mules as needed: Mule-herder is commission which may cost up to thousands of dollars per kit, the initial based cost is not very telling of the massive damage and monetary Potential for big ticket item purchase and cash resale: losses it is capable of perpetrating in a rather short time span. Unlimited Today, there are myriad underground forums operating How does this seasoned cybercriminal make a buck off of the throughout the world. Law enforcement and the security “Fulls” credential sets he has obtained? He is able to use the industry invest efforts in thwarting cybercriminal enterprises genuine cardholder’s information including online banking and turning this black market economy into an unprofitable account (via username and password combination), billing business. A good example to demonstrate was the shutdown address, credit card number, CVV2 code, expiration date, of the Dark Market forum in October 2008 by the Federal mother’s maiden name (MMN), date of birth (DOB), and Bureau of Investigation, which ultimately resulted in 56 Social Security Number (SSN). Using the data, the arrests and the prevention of $70 million in potential losses. cybercriminal can modify the card’s billing address with the 2 All prices quoted in US Dollars RSA Online Fraud Report
Sale Item Underground Price CVV2 Data Sets $1.50 - $3.00 The CVV2 data set consists of a credit card's 16-digit PAN, CVV2 code, expiration date, billing address and embossed name. Fraudsters buy this data set in order to commit e-commerce (card- not-present) fraud, specifically buying merchandise online and then reselling it for cash. SSN / DOB / MMN $1.50 - $3 per query These personal details are very often used by banks to authenticate an individual’s identity in both MMN $5 - $6 the online banking and phone banking channels; also used by some money transfer services. SSN $1 - $3 DOB $1 - $3 Track 2 Data (aka “Dumps”) Classic/ Standard cards: ‘Track-2’ information is found on a payment card's magnetic stripe. By purchasing ‘dumps’, $15 - $20 fraudsters can produce counterfeit payment cards that can be used in stores (aka ‘carding’). *Prices for these may be as low as US$ 9 per card when buying dumps in bulk, with minimum bulk orders normally starting at purchases of $200 This is done by encoding the data onto blank plastic cards or onto an old payment card. Gold/ Platinum cards: $20 - $80 **Prices may vary widely Worldwide/ Business/ Corporate/ Signature: $30 - $40 Online Banking Logins $50 - $1,000 per account, depending on the account type and Logins consist of a consumer's username, password, and in some cases additional information. balance. After obtaining these credentials, fraudsters would normally attempt to cash the account out by completing wire transfers into mule accounts they control. ‘Fulls’ Data Sets $5 - $20 per set ‘Fulls’ information includes the full details of an account holder, such as a consumer’s online banking credentials (e.g., username and password), mailing address, card number, CVV2 code, card's expiration date, MMN, DOB, SSN. Fraudulent Phone Calls $10 - $15 per call Completed by Fraudster Call Centers, fraudulent phone services are offered to cybercriminals Prices vary according to the destination of the call, for example: as a means to overcome language and gender barriers encountered by those who need to a call made to a mule, a bank’s customer service center, or other impersonate the account holder destinations. CC Checking/ Verification $0.40 per check CC (credit card) checkers are used by cybercriminals to verify the validity of the compromised Prices may vary widely. payment cards they obtain/ purchase in advance. $20 for 50 checks SMS or Phone-Flooding Services (aka Telephony DoS/ TDoS) $25 - $40 per 24 hours of phone-flooding Phone-flooding is usually performed in order to render a consumer’s mobile phone unavailable for incoming authentication calls or SMS text messages sent from the bank. DDoS Attack Service $50.00* per 24 hours of DDoS. A ‘Distributed Denial of Service’ attack is an attempt to make a computer resource unavailable *Average price for DDoS’ing a site for 24 hours. The exact price depends on the to its intended users by overloading, or “flooding” its bandwidth with an overwhelming volume DDoS’ed site of web traffic. Bulletproof Hosting $87 - $179 per month depending on the service level and up to Bulletproof hosting is a hired service used by cybercriminals to host malicious content. The main $400 per month for certain infrastructures. idea is suggested by its name: “Bulletproof ” – much harder for law enforcement to take down than any other hosting method out there. BP infrastructures will host any and all criminal content. Zeus Trojan Kit – Zeus Kit: $3K - $4K One of today’s most pervasive banking Trojans. With an infection rate of thousands of computers – Backconnect $1500 per day, highly advanced features, evolving code, new variants and communication resources – Firefox form grabber $2000 being detected and analyzed by RSA on an ongoing basis, it is the Trojan family most frequently – Jabber (IM) chat plugin $500 encountered in the wild. – VNC (Virtual Network Computing) private module $10K – Windows 7/ Vista Support $2000 *Note: Unauthorized Zeus variant copies sold in the underground would go for ~$800 SpyEye Trojan Kit – Basic kit – $1,000 One of the most advanced current-day Trojans, boasting its own IE and Firefox HTML injections, – Firefox Injection tool – $1,000 - $2000 pre-defined bank triggers and a growing list of unique features. Thus far, SpyEye has been – SOCKS plugin – $750 - $1750 2010’s biggest Trojan innovation, being the only commercially available banking Trojan able to challenge Zeus’ market-share. RSA Online Fraud Report
Phishing Attacks per Month 20000 18820 18503 18080 17900 17579 17365 16756 16164 16541 RSA witnessed a 21 percent increase in the 15596 15127 Source: RSA Anti-Fraud Command Center number of phishing attacks launched worldwide 15000 13855 13212 during July 2010. While there was a sharp spike in phishing attacks, our analysis shows this growth can be directly attributed to an increase in the 10000 number of attacks launched against a handful of large entities. Attacks launched against US and UK-based financial institutions accounted for the 5000 majority of the increase witnessed in July. 0 Sept. 09 Dec. 09 Jan. 10 Jul. 09 Aug. 09 Apr. 10 May 10 June 10 Jul. 10 Mar. 10 Oct. 09 Feb. 10 Nov. 09 Number of Brands Attacked 300 282 275 275 281 Last month, phishing attacks were launched 250 239 227 Source: RSA Anti-Fraud Command Center 222 223 216 against 217 brands worldwide, an almost 216 217 195 identical number compared to June. The number 200 188 of brands targeted less than five times last month was also similar to the figures reported in June. 150 100 50 0 Jan. 10 Dec. 09 Jul. 09 Aug. 09 Nov. 09 Feb. 10 Sep. 09 Oct. 09 Apr. 10 May 10 June 10 Jul. 10 Mar. 10 Brands attacked under five times RSA Online Fraud Report
100 4% 4% 6% 6% 6% Segmentation of Financial Institutions 17% 24% 13% 13% 9% 10% 14% 12% Attacked Within the U.S. 80 Source: RSA Anti-Fraud Command Center 58% 45% 52% 57% 60% 71% 61% 60% 39% 35% 29% 28% 30% Despite a four percent decrease in July, nationwide banks remained the most targeted financial 60 segment in the U.S. (in terms of the number of brands attacked). The portion of regional banks 40 attacked increased four percent while the portion of targeted U.S. credit unions remained unchanged 20 for the third consecutive month. 25% 31% 35% 30% 31% 19% 25% 28% 57% 61% 65% 68% 64% 0 Mar. 10 Sep. 09 Oct. 09 Nov. 09 Jan. 10 Feb. 10 Dec. 09 Apr. 10 May 10 June 10 Jul. 10 Aug. 09 JuL. 09 U.S.Credit Unions Regional U.S. Banks Nationwide U.S. Banks Top Ten Countries Hosting Phishing Attacks Brazil 3% France 3% The U.S. remains the country hosting the largest Russia 3% portion of phishing attacks; in July, the U.S. hosted China 3.5% 61 percent of phishing attacks. All other hosting countries reported have remained much the same with Canada 4% the exception of Brazil, who became a top country, South Korea 4.5% hosting three percent of phishing attacks in July. Source: RSA Anti-Fraud Command Center UK 5% U.S. 61% Germany 6% Australia 7% RSA Online Fraud Report
Netherlands 1.5% Canada 1.5% Brazil 1% Top Ten Countries by Attack Volume Australia 2% United Arab Emirates .5% The volume of phishing attacks endured by the U.S. Italy 3% increased by eight percent from last month, China 5.5% representing 47 percent of all phishing attacks in July. The UK and South Africa endured a smaller portion of attacks, both dropping four percent from June. The South Africa 9% United Arab Emirates appeared on the chart this month U.S. 47% as one of the countries suffering a high volume of phishing attacks; it is the first time it has appeared on the chart since November 2009. Source: RSA Anti-Fraud Command Center UK 29% Top Ten Countries by Attacked Brands United Arab Emirates 3% Spain 2.5% Phishers continue to heavily favor targeting U.S. brands; Italy 3.5% nearly half of all brands targeted in July were in the U.S. South Africa 3.5% Together, the U.S. and UK continue to represent about two-thirds of all targeted brands. The United Arab Netherlands 5% Emirates is a newcomer to the list, with their brands suffering about three percent of identified phishing Canada 5% attacks in July. U.S. 47.5% Source: RSA Anti-Fraud Command Center Australia 6.5% India 7% UK 16.5% www.rsa.com The information set forth in this RSA Online Fraud Report is based on sources and analysis that RSA Security Inc. (“ RSA” ) believes are reliable. Statements concerning financial, regulatory or legal matters should be understood to be general observations of the RSA professionals and may not be relied upon as financial, regulatory or legal advice, which RSA is not authorized to provide. All such matters should be reviewed with appropriate qualified advisors in these areas. RSA reserves the right to notify law enforcement authorities and/or other relevant agencies regarding the information RSA uncovers in the course of doing business. Usage Guidelines Individuals and organizations may reference content from any RSA Online Fraud Report by following these guidelines: (1) Reprinting and/or distributing an entire RSA Online Fraud Report requires prior approval from RSA in all cases. This includes an entire Monthly Highlight and/or the full set of Statistics and Analysis from RSA’ s phishing repositories. Any requests to reprint and/or distribute an RSA Online Fraud Report must be directed to Heidi Bleau at heidi.bleau@rsa.com. (2) It is permissible to reference up to three sentences from the Monthly Highlight. They must be cited in their entirety and within quotation marks. Any requests to cite more than three sentences must be directed to RSA. (3) It is permissible to reference up to three sets of Statistics and Analysis from RSA’ s phishing repositories. Any requests to cite more than three sets may be directed to RSA. Charts may not be redrawn. All citations from related data analysis must appear in full sentences and within quotation marks. (4) It is required that all references to the RSA Online Fraud Report are credited in the following manner: “ Source: RSA Anti-Fraud Command Center, RSA Online Fraud Report, [month], [year]” . EMC, RSA , RSA Security, FraudAction™ and the RSA logo are registered trademarks or trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned herein are the properties of their respective owners. ONLINE FRAUD REPORT AUGUST 10

Recommended

Communitech Strategic Marketing Peer Topic
Communitech Strategic Marketing Peer TopicCommunitech Strategic Marketing Peer Topic
Communitech Strategic Marketing Peer TopicMatt Duench
 
Digital Marketing Optimization Survey
Digital Marketing Optimization SurveyDigital Marketing Optimization Survey
Digital Marketing Optimization SurveyVaibhav Agarwal
 
Data management platform_market
Data management platform_marketData management platform_market
Data management platform_marketVaibhav Agarwal
 
Global and regional press freedom rankings
Global and regional press freedom rankingsGlobal and regional press freedom rankings
Global and regional press freedom rankingsVaibhav Agarwal
 
Internet Impact on Global GDP - Worldwide Statistics
Internet Impact on Global GDP - Worldwide StatisticsInternet Impact on Global GDP - Worldwide Statistics
Internet Impact on Global GDP - Worldwide StatisticsVaibhav Agarwal
 
E-Mail Marketing Best Practices for your business
E-Mail Marketing Best Practices for your businessE-Mail Marketing Best Practices for your business
E-Mail Marketing Best Practices for your businessVaibhav Agarwal
 
Internet users statistics & trends: Brazil, Russia, India, China, Indonesia
Internet users statistics & trends: Brazil, Russia, India, China, IndonesiaInternet users statistics & trends: Brazil, Russia, India, China, Indonesia
Internet users statistics & trends: Brazil, Russia, India, China, IndonesiaVaibhav Agarwal
 
Benchmark study of B2B lead management practices
Benchmark study of B2B lead management practicesBenchmark study of B2B lead management practices
Benchmark study of B2B lead management practicesVaibhav Agarwal
 

Recommended

Communitech Strategic Marketing Peer Topic
Communitech Strategic Marketing Peer TopicCommunitech Strategic Marketing Peer Topic
Communitech Strategic Marketing Peer TopicMatt Duench
 
Digital Marketing Optimization Survey
Digital Marketing Optimization SurveyDigital Marketing Optimization Survey
Digital Marketing Optimization SurveyVaibhav Agarwal
 
Data management platform_market
Data management platform_marketData management platform_market
Data management platform_marketVaibhav Agarwal
 
Global and regional press freedom rankings
Global and regional press freedom rankingsGlobal and regional press freedom rankings
Global and regional press freedom rankingsVaibhav Agarwal
 
Internet Impact on Global GDP - Worldwide Statistics
Internet Impact on Global GDP - Worldwide StatisticsInternet Impact on Global GDP - Worldwide Statistics
Internet Impact on Global GDP - Worldwide StatisticsVaibhav Agarwal
 
E-Mail Marketing Best Practices for your business
E-Mail Marketing Best Practices for your businessE-Mail Marketing Best Practices for your business
E-Mail Marketing Best Practices for your businessVaibhav Agarwal
 
Internet users statistics & trends: Brazil, Russia, India, China, Indonesia
Internet users statistics & trends: Brazil, Russia, India, China, IndonesiaInternet users statistics & trends: Brazil, Russia, India, China, Indonesia
Internet users statistics & trends: Brazil, Russia, India, China, IndonesiaVaibhav Agarwal
 
Benchmark study of B2B lead management practices
Benchmark study of B2B lead management practicesBenchmark study of B2B lead management practices
Benchmark study of B2B lead management practicesVaibhav Agarwal
 
Dust Of Snow By Robert Frost Class-X English CBSE
Dust Of Snow By Robert Frost Class-X English CBSEDust Of Snow By Robert Frost Class-X English CBSE
Dust Of Snow By Robert Frost Class-X English CBSEaurabinda banchhor
 
Integumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptIntegumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptshraddhaparab530
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxlancelewisportillo
 
Textual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHSTextual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHSMae Pangan
 
ClimART Action | eTwinning Project
ClimART Action | eTwinning ProjectClimART Action | eTwinning Project
ClimART Action | eTwinning Projectjordimapav
 
Presentation Activity 2. Unit 3 transv.pptx
Presentation Activity 2. Unit 3 transv.pptxPresentation Activity 2. Unit 3 transv.pptx
Presentation Activity 2. Unit 3 transv.pptxRosabel UA
 
TEACHER REFLECTION FORM (NEW SET........).docx
TEACHER REFLECTION FORM (NEW SET........).docxTEACHER REFLECTION FORM (NEW SET........).docx
TEACHER REFLECTION FORM (NEW SET........).docxruthvilladarez
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
The Contemporary World: The Globalization of World Politics
The Contemporary World: The Globalization of World PoliticsThe Contemporary World: The Globalization of World Politics
The Contemporary World: The Globalization of World PoliticsRommel Regala
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptxYOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptxConquiztadors- the Quiz Society of Sri Venkateswara College
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxConquiztadors- the Quiz Society of Sri Venkateswara College
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfPatidar M
 
Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationRosabel UA
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfErwinPantujan2
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxConquiztadors- the Quiz Society of Sri Venkateswara College
 
Paradigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTAParadigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTABP KOIRALA INSTITUTE OF HELATH SCIENCS,, NEPAL
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management systemChristalin Nelson
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 

More Related Content

Recently uploaded

Dust Of Snow By Robert Frost Class-X English CBSE
Dust Of Snow By Robert Frost Class-X English CBSEDust Of Snow By Robert Frost Class-X English CBSE
Dust Of Snow By Robert Frost Class-X English CBSEaurabinda banchhor
 
Integumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptIntegumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptshraddhaparab530
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxlancelewisportillo
 
Textual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHSTextual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHSMae Pangan
 
ClimART Action | eTwinning Project
ClimART Action | eTwinning ProjectClimART Action | eTwinning Project
ClimART Action | eTwinning Projectjordimapav
 
Presentation Activity 2. Unit 3 transv.pptx
Presentation Activity 2. Unit 3 transv.pptxPresentation Activity 2. Unit 3 transv.pptx
Presentation Activity 2. Unit 3 transv.pptxRosabel UA
 
TEACHER REFLECTION FORM (NEW SET........).docx
TEACHER REFLECTION FORM (NEW SET........).docxTEACHER REFLECTION FORM (NEW SET........).docx
TEACHER REFLECTION FORM (NEW SET........).docxruthvilladarez
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
The Contemporary World: The Globalization of World Politics
The Contemporary World: The Globalization of World PoliticsThe Contemporary World: The Globalization of World Politics
The Contemporary World: The Globalization of World PoliticsRommel Regala
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfPatidar M
 
Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationRosabel UA
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfErwinPantujan2
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management systemChristalin Nelson
 

Recently uploaded (20)

Dust Of Snow By Robert Frost Class-X English CBSE
Dust Of Snow By Robert Frost Class-X English CBSEDust Of Snow By Robert Frost Class-X English CBSE
Dust Of Snow By Robert Frost Class-X English CBSE
 
Integumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptIntegumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.ppt
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
 
Textual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHSTextual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHS
 
ClimART Action | eTwinning Project
ClimART Action | eTwinning ProjectClimART Action | eTwinning Project
ClimART Action | eTwinning Project
 
Presentation Activity 2. Unit 3 transv.pptx
Presentation Activity 2. Unit 3 transv.pptxPresentation Activity 2. Unit 3 transv.pptx
Presentation Activity 2. Unit 3 transv.pptx
 
TEACHER REFLECTION FORM (NEW SET........).docx
TEACHER REFLECTION FORM (NEW SET........).docxTEACHER REFLECTION FORM (NEW SET........).docx
TEACHER REFLECTION FORM (NEW SET........).docx
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
The Contemporary World: The Globalization of World Politics
The Contemporary World: The Globalization of World PoliticsThe Contemporary World: The Globalization of World Politics
The Contemporary World: The Globalization of World Politics
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptxYOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdf
 
Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translation
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
Paradigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTAParadigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTA
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management system
 

Featured

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 

Featured (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

Online Fraud Report 2010

  • 1. RSA Online Fraud Report August, 2010 Prices of Goods and Services offered in the Cybercriminal Underground If you were to take a glimpse into the fraud black market, you would see that not only do cybercriminals trade stolen Online forums serve as platforms for data, but they also offer a multitude of tools and services for cybercriminals to exchange their criminal sale that enable others to harvest this information and/or tools, services, and know how; but even monetize it. Examples of some criminal ‘product’ offerings more so, forums are flourishing markets would include fraudster call center services that “outsource” used by those who profit from the sale of fraudulent phone calls made to banks or merchants; compromised bank accounts and payment information services that provide a rich set of personal and card data. In order to keep feeding the financial data on potential victims; phishing kits that target cybercrime economy, vendors of different banks: Trojan infection kits; and credit card compromised data mainly1 obtain their checking services, just to name a few. “merchandise” by launching phishing and Trojan attacks or hacking into merchants’ For the purposes of our research, the RSA FraudAction databases; they then offer the harvested Intelligence Team has gone out “shopping” in the larger data for sale in a varying number of underground forums where a variety of goods and services are underground forums. offered for sale. Today, we bring you an up-to-date shopping list straight from the underground cybercriminal market, along with the corresponding price tags as advertised in the major online fraudster forums. We’ve also outlined several hypothetical scenarios we’ve developed in order to help illustrate the potential impact of this fraud marketplace. Example Scenario #1 A would-be cybercriminal browses the Internet and reads how lucrative the botnet business can be for individuals with minimal technical computer savvy. After deciding to proceed with the ‘fraud business plan’ – he goes shopping in the underground. Here’s a look at his shopping list: – One powerful banking Trojan (Zeus) with a full builder and extra plugin options: $4,000 to start – One month of bulletproof hosting – up to $400 per month 1 Other sources of compromised data may also include hacked payment – One infection campaign via e-mail (spam blasting) – processing systems and skimmers placed by fraudsters on POS devices and ATM machines. Approximately $70 per campaign with CAPTCHA circumvention option included Total estimated startup cost: $4,470 Credential harvesting potential: Limitless RSA Online Fraud Report
  • 2. How does this would-be cybercriminal set his wares in help of a fraudulent call to the call center, buying credibility motion? He promptly launches a Trojan infection campaign, to a random item-drop address. He can then purchase big and potential victims begin accessing the infected URL, ticket items online, having them shipped to that same item- inadvertently getting the cybercriminal’s Trojan variant drop mule, then directly into his hands for cash resale in his installed on their computer. own local grey market. The cybercriminal now begins building his new botnet as Shopping the Underground Market2 more and more victims fall for his tricky e-mail messages and A stroll through some leading underground forums provided us continue browsing to the compromised site (often referred to with a complete cybercriminal shopping list. Overall, the list as the “infection point”). below reflects an accurate view of the prices of goods and services as they are currently sold in this black market. While In just a matter of time, victims will access their online prices vary, the list below offers a price range rather than one banking services and all their login credentials will get absolute market price and truly represents what cybercriminals captured and transmitted from their PCs directly into the illicitly buy and sell in order to carry-out their fraud operations cybercriminal’s drop server. Whether he decides to sell these both in the online realm and in the real world. credentials to other cybercriminals or uses them to commit fraud himself is all up to the level of involvement he wants to Looking at this non-exhaustive list one can review basic partake in, the risks of getting caught – and how much profit pricing of credit card data, customer credentials, crimeware, he has his sights set on. Phishing, hosting, private consumer information, etc. It is evident the fraud supply chain proves to work through a vast and vibrant underground market where a fraudster’s key Example Scenario #2 purpose is targeting the best avenue to maximizing his ROI. A seasoned fraudster, well-versed in cybercrime techniques, A cybercriminal can procure credit card data for as little as begins planning his Christmas shopping for the year. He the price of a latté. What may seem marginal enough at first quickly opts for purchasing compromised “Fulls” or sight may carry the potential for heavy losses to consumers, credentials, specifically those belonging to customers of the banks and credit card associations involved. large American financial institutions. This cybercriminal visits Various fraud products and services are sold in the his trusted vendor to fulfill the following shopping list: underground for not more than $50, but can be associated – 50 sets of freshly compromised “Fulls” credentials – with the loss of thousands of dollars in the end. Worse yet, $ 500 on average in the case of consumers, one can never put a price tag on – 30 fraudulent phone calls to online merchants, banks the loss of privacy. and money transfer services: $300 Even when looking at the relatively high price of Trojans, – Item drop mules as needed: Mule-herder is commission which may cost up to thousands of dollars per kit, the initial based cost is not very telling of the massive damage and monetary Potential for big ticket item purchase and cash resale: losses it is capable of perpetrating in a rather short time span. Unlimited Today, there are myriad underground forums operating How does this seasoned cybercriminal make a buck off of the throughout the world. Law enforcement and the security “Fulls” credential sets he has obtained? He is able to use the industry invest efforts in thwarting cybercriminal enterprises genuine cardholder’s information including online banking and turning this black market economy into an unprofitable account (via username and password combination), billing business. A good example to demonstrate was the shutdown address, credit card number, CVV2 code, expiration date, of the Dark Market forum in October 2008 by the Federal mother’s maiden name (MMN), date of birth (DOB), and Bureau of Investigation, which ultimately resulted in 56 Social Security Number (SSN). Using the data, the arrests and the prevention of $70 million in potential losses. cybercriminal can modify the card’s billing address with the 2 All prices quoted in US Dollars RSA Online Fraud Report
  • 3. Sale Item Underground Price CVV2 Data Sets $1.50 - $3.00 The CVV2 data set consists of a credit card's 16-digit PAN, CVV2 code, expiration date, billing address and embossed name. Fraudsters buy this data set in order to commit e-commerce (card- not-present) fraud, specifically buying merchandise online and then reselling it for cash. SSN / DOB / MMN $1.50 - $3 per query These personal details are very often used by banks to authenticate an individual’s identity in both MMN $5 - $6 the online banking and phone banking channels; also used by some money transfer services. SSN $1 - $3 DOB $1 - $3 Track 2 Data (aka “Dumps”) Classic/ Standard cards: ‘Track-2’ information is found on a payment card's magnetic stripe. By purchasing ‘dumps’, $15 - $20 fraudsters can produce counterfeit payment cards that can be used in stores (aka ‘carding’). *Prices for these may be as low as US$ 9 per card when buying dumps in bulk, with minimum bulk orders normally starting at purchases of $200 This is done by encoding the data onto blank plastic cards or onto an old payment card. Gold/ Platinum cards: $20 - $80 **Prices may vary widely Worldwide/ Business/ Corporate/ Signature: $30 - $40 Online Banking Logins $50 - $1,000 per account, depending on the account type and Logins consist of a consumer's username, password, and in some cases additional information. balance. After obtaining these credentials, fraudsters would normally attempt to cash the account out by completing wire transfers into mule accounts they control. ‘Fulls’ Data Sets $5 - $20 per set ‘Fulls’ information includes the full details of an account holder, such as a consumer’s online banking credentials (e.g., username and password), mailing address, card number, CVV2 code, card's expiration date, MMN, DOB, SSN. Fraudulent Phone Calls $10 - $15 per call Completed by Fraudster Call Centers, fraudulent phone services are offered to cybercriminals Prices vary according to the destination of the call, for example: as a means to overcome language and gender barriers encountered by those who need to a call made to a mule, a bank’s customer service center, or other impersonate the account holder destinations. CC Checking/ Verification $0.40 per check CC (credit card) checkers are used by cybercriminals to verify the validity of the compromised Prices may vary widely. payment cards they obtain/ purchase in advance. $20 for 50 checks SMS or Phone-Flooding Services (aka Telephony DoS/ TDoS) $25 - $40 per 24 hours of phone-flooding Phone-flooding is usually performed in order to render a consumer’s mobile phone unavailable for incoming authentication calls or SMS text messages sent from the bank. DDoS Attack Service $50.00* per 24 hours of DDoS. A ‘Distributed Denial of Service’ attack is an attempt to make a computer resource unavailable *Average price for DDoS’ing a site for 24 hours. The exact price depends on the to its intended users by overloading, or “flooding” its bandwidth with an overwhelming volume DDoS’ed site of web traffic. Bulletproof Hosting $87 - $179 per month depending on the service level and up to Bulletproof hosting is a hired service used by cybercriminals to host malicious content. The main $400 per month for certain infrastructures. idea is suggested by its name: “Bulletproof ” – much harder for law enforcement to take down than any other hosting method out there. BP infrastructures will host any and all criminal content. Zeus Trojan Kit – Zeus Kit: $3K - $4K One of today’s most pervasive banking Trojans. With an infection rate of thousands of computers – Backconnect $1500 per day, highly advanced features, evolving code, new variants and communication resources – Firefox form grabber $2000 being detected and analyzed by RSA on an ongoing basis, it is the Trojan family most frequently – Jabber (IM) chat plugin $500 encountered in the wild. – VNC (Virtual Network Computing) private module $10K – Windows 7/ Vista Support $2000 *Note: Unauthorized Zeus variant copies sold in the underground would go for ~$800 SpyEye Trojan Kit – Basic kit – $1,000 One of the most advanced current-day Trojans, boasting its own IE and Firefox HTML injections, – Firefox Injection tool – $1,000 - $2000 pre-defined bank triggers and a growing list of unique features. Thus far, SpyEye has been – SOCKS plugin – $750 - $1750 2010’s biggest Trojan innovation, being the only commercially available banking Trojan able to challenge Zeus’ market-share. RSA Online Fraud Report
  • 4. Phishing Attacks per Month 20000 18820 18503 18080 17900 17579 17365 16756 16164 16541 RSA witnessed a 21 percent increase in the 15596 15127 Source: RSA Anti-Fraud Command Center number of phishing attacks launched worldwide 15000 13855 13212 during July 2010. While there was a sharp spike in phishing attacks, our analysis shows this growth can be directly attributed to an increase in the 10000 number of attacks launched against a handful of large entities. Attacks launched against US and UK-based financial institutions accounted for the 5000 majority of the increase witnessed in July. 0 Sept. 09 Dec. 09 Jan. 10 Jul. 09 Aug. 09 Apr. 10 May 10 June 10 Jul. 10 Mar. 10 Oct. 09 Feb. 10 Nov. 09 Number of Brands Attacked 300 282 275 275 281 Last month, phishing attacks were launched 250 239 227 Source: RSA Anti-Fraud Command Center 222 223 216 against 217 brands worldwide, an almost 216 217 195 identical number compared to June. The number 200 188 of brands targeted less than five times last month was also similar to the figures reported in June. 150 100 50 0 Jan. 10 Dec. 09 Jul. 09 Aug. 09 Nov. 09 Feb. 10 Sep. 09 Oct. 09 Apr. 10 May 10 June 10 Jul. 10 Mar. 10 Brands attacked under five times RSA Online Fraud Report
  • 5. 100 4% 4% 6% 6% 6% Segmentation of Financial Institutions 17% 24% 13% 13% 9% 10% 14% 12% Attacked Within the U.S. 80 Source: RSA Anti-Fraud Command Center 58% 45% 52% 57% 60% 71% 61% 60% 39% 35% 29% 28% 30% Despite a four percent decrease in July, nationwide banks remained the most targeted financial 60 segment in the U.S. (in terms of the number of brands attacked). The portion of regional banks 40 attacked increased four percent while the portion of targeted U.S. credit unions remained unchanged 20 for the third consecutive month. 25% 31% 35% 30% 31% 19% 25% 28% 57% 61% 65% 68% 64% 0 Mar. 10 Sep. 09 Oct. 09 Nov. 09 Jan. 10 Feb. 10 Dec. 09 Apr. 10 May 10 June 10 Jul. 10 Aug. 09 JuL. 09 U.S.Credit Unions Regional U.S. Banks Nationwide U.S. Banks Top Ten Countries Hosting Phishing Attacks Brazil 3% France 3% The U.S. remains the country hosting the largest Russia 3% portion of phishing attacks; in July, the U.S. hosted China 3.5% 61 percent of phishing attacks. All other hosting countries reported have remained much the same with Canada 4% the exception of Brazil, who became a top country, South Korea 4.5% hosting three percent of phishing attacks in July. Source: RSA Anti-Fraud Command Center UK 5% U.S. 61% Germany 6% Australia 7% RSA Online Fraud Report
  • 6. Netherlands 1.5% Canada 1.5% Brazil 1% Top Ten Countries by Attack Volume Australia 2% United Arab Emirates .5% The volume of phishing attacks endured by the U.S. Italy 3% increased by eight percent from last month, China 5.5% representing 47 percent of all phishing attacks in July. The UK and South Africa endured a smaller portion of attacks, both dropping four percent from June. The South Africa 9% United Arab Emirates appeared on the chart this month U.S. 47% as one of the countries suffering a high volume of phishing attacks; it is the first time it has appeared on the chart since November 2009. Source: RSA Anti-Fraud Command Center UK 29% Top Ten Countries by Attacked Brands United Arab Emirates 3% Spain 2.5% Phishers continue to heavily favor targeting U.S. brands; Italy 3.5% nearly half of all brands targeted in July were in the U.S. South Africa 3.5% Together, the U.S. and UK continue to represent about two-thirds of all targeted brands. The United Arab Netherlands 5% Emirates is a newcomer to the list, with their brands suffering about three percent of identified phishing Canada 5% attacks in July. U.S. 47.5% Source: RSA Anti-Fraud Command Center Australia 6.5% India 7% UK 16.5% www.rsa.com The information set forth in this RSA Online Fraud Report is based on sources and analysis that RSA Security Inc. (“ RSA” ) believes are reliable. Statements concerning financial, regulatory or legal matters should be understood to be general observations of the RSA professionals and may not be relied upon as financial, regulatory or legal advice, which RSA is not authorized to provide. All such matters should be reviewed with appropriate qualified advisors in these areas. RSA reserves the right to notify law enforcement authorities and/or other relevant agencies regarding the information RSA uncovers in the course of doing business. Usage Guidelines Individuals and organizations may reference content from any RSA Online Fraud Report by following these guidelines: (1) Reprinting and/or distributing an entire RSA Online Fraud Report requires prior approval from RSA in all cases. This includes an entire Monthly Highlight and/or the full set of Statistics and Analysis from RSA’ s phishing repositories. Any requests to reprint and/or distribute an RSA Online Fraud Report must be directed to Heidi Bleau at heidi.bleau@rsa.com. (2) It is permissible to reference up to three sentences from the Monthly Highlight. They must be cited in their entirety and within quotation marks. Any requests to cite more than three sentences must be directed to RSA. (3) It is permissible to reference up to three sets of Statistics and Analysis from RSA’ s phishing repositories. Any requests to cite more than three sets may be directed to RSA. Charts may not be redrawn. All citations from related data analysis must appear in full sentences and within quotation marks. (4) It is required that all references to the RSA Online Fraud Report are credited in the following manner: “ Source: RSA Anti-Fraud Command Center, RSA Online Fraud Report, [month], [year]” . EMC, RSA , RSA Security, FraudAction™ and the RSA logo are registered trademarks or trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned herein are the properties of their respective owners. ONLINE FRAUD REPORT AUGUST 10