Did you know there’s a virtual online marketplace where hackers gather to buy and sell the fruits of their criminal labors? Think of Amazon or eBay — except the items customers put into their virtual shopping carts are stolen credit card numbers rather than audiobooks or dusty collectibles. If this sounds infuriating, just wait until you find out how much one crook charges another for a victim’s name, address, card number with expiration date and even the three-digit CVV code on the back: It’s less than you’d pay for a blended drink at a fancy coffee shop. Bloomberg reports that an Eastern European hacker who goes by the handle “Poxxie” broke into the computer system of a U.S. company and helped himself to 1,400 accounts, which he then turned around and sold on an e-commerce site for cybercriminals for a mere $3.50 a pop.
The only thing that might be more annoying than going through the aggravation and anxiety of having some thief steal your credit card is knowing he or she probably paid only a few bucks for the privilege — and got to “shop” for your personal information via an online underworld that makes it absurdly easy to point, click and buy stolen account information.
(MORE: Study: Your Card Info Is At Risk)
Bloomberg says websites that traffic in stolen card numbers mirror legitimate online marketplaces — they have virtual shopping carts and seller ratings. Some have customer service operations, and the article even mentions one that has a call center designed to help far-flung criminals contend with language barriers if their victims are halfway around the globe.
Cybercrooks make off with $114 billion in data each year, but getting into the illegitimate biz takes a surprisingly small investment: Damaging malware can be purchased for as little as $2,000, and it costs only pennies to spam each potential victim, the article says. While authorities are aware of these operations, law enforcement takes on a kind of cat-and-mouse quality. Most online cybercrime “swap meets” are run from overseas, out of the reach of U.S. law. Many also frequently change servers to avoid detection.
(MORE: Oh, the Irony: Identity Theft Prosecutor Is Hacked)
To prevent having your personal information sold off for pocket change in this freewheeling underground bazaar, take steps to prevent crooks from worming their way into your computer in the first place. Keep anti-virus software updated and be suspicious of emails or unusual correspondence that claim to be from your credit card company. Go through your statements to make sure there aren’t any charges you don’t remember making; credit card thieves will often make a tiny purchase to verify if the account is still live before taking your card on a big-ticket shopping spree.
