According to Gregg Foss, a Senior Cybersecurity Strategist at Vmware, E-skimming is very popular during the holiday season.
Mr Foss Said: “Magecart is one of the most prominent groups behind this activity [to] siphon off sensitive card data,”. Magecart are a prominent and with cards and can be found on dark web markets.
Magecart has been getting cards by impersonating legitimate payment applications using homoglyph attacks. A homoglyph attack tries to fool people into using malicious websites, for inatance, creating a website “duckduckg0.com” instead of “duckduckgo.com” which can fool people easily.
These credit cards that go for an average rate of $10 to $20 per card on dark web markets. PayPal accounts sell for $2 to $10 per account, accounts holding more money cost more.
You can get these credit card data in a shopping cart format, where you can check off which credit cards you want to purchase based on a menu of credit card credentials available.
Mr Foss said: “While there are other services that specialise in the aggregation and resale of [social security number and date of birth] data, many carding forums also provide this information in conjunction with credit cards,”.
“This information makes the credit cards all that more valuable and extends the use-cases for this data exponentially,” Mr Foss added.
Not surprisingly, you can find a lot of this pilfered data on the dark web.
For example, in 2019, more than 30 million credit card records on the dark web were sold by hackers, these cards were linked to a data breach that took place at a US gas station and a chain of convenience stores.
The data breach, was caused by an attack on POS (point-of-sale) devices, the breach was undetected for nine months. 860 convenience stores were affected, as much as 600 of the affected stores were gas stations.
Other methods of obtaining credit card data
Another method popular among hackers is ransomware. In these cases hackers will attempt to secure the ransom payment after data has already been stolen and put up for sale on the dark web.
Mr foss said: “We’ve seen these methods employed in the final stages of an attack as a means of covering the criminal’s tracks and maximising profitability,”.