More than 150,000 credit cards for sale on dark web forums

According to recent World Bank figures, there are currently around 3 billion active credit cards worldwide, so cybercriminal groups dedicated to cardholder fraud campaigns have a larger attack surface than ever before. One of the most common variants of fraud is identity theft, which constantly evolves to deceive users, banks and entrepreneurs.

As a sample of this trendy is the latest report by the banking security and cybersecurity specialist known as “Bank Security”, who claims to have found evidence that a threat actor (individual or group) is selling the information of more than 158,000 stolen credit cards to users in the United States and Canada. Bank Security is a recognized researcher of security incidents, mainly data breaches and theft of confidential information for sale on the black market.   

The report mentions that the card numbers exposed do not include the verification code (CVV), although the data sold by the cybercriminal is sufficient and enough to deploy complex malicious campaigns.

La imagen tiene un atributo ALT vacío; su nombre de archivo es banksec0902202101.jpg

Cybersecurity experts mention that stolen payment card information is often sold through clandestine hacking forums on the dark web, seeking to protect the anonymity of buyers and sellers. The cybercriminal community also resorts to the use of tools such as the Tor browser and payment in cryptocurrencies such as Bitcoin or Monero to concrete these transactions, as this makes it virtually impossible to track those involved in a buy-sell operation.

On the leak reported by Bank Security, it is not yet known how threat actors accessed this information; however, the investigator states that after a brief analysis he was able to confirm that the information is legitimate.

The specialist recommends that potentially affected clients verify their bank records for any suspicious transactions and, if such records are found, report this activity to their bank immediately. So far, the banking institutions that operate the compromised credit cards have not commented on it. There is also no information on the possible malicious use of the affected cards.

Millions of users are affected by such crimes each year, so it is now more than ever necessary to take a more proactive stance and ensure the prevention of these attacks. To learn more about computer security risks, malware, vulnerabilities and information technologies, feel free to access the International Cyber Security Institute (IICS) website.