“Retailers aren’t the only ones offering deals this time of year, and consumers aren’t the only ones out shopping,” said Olivia Fryt, senior security researcher at SpyCloud. “This research shows that criminals, both buyers and sellers, are increasingly active during the holidays. They are busy and making money. People need to remain especially vigilant to avoid becoming victims.”
SpyCloud examined popular cracking forums and identified over 800 individual storefronts across three online selling platforms. Researchers then scraped inventory and transaction data from those shops to compile the results.
The number of transactions, amount of inventory, value of stolen information and amount of sales increased exponentially from normal periods. The number of transactions for hacked online accounts averaged 10,079 per day during November but skyrocketed to 143,110 on Nov. 24. For the first 28 days of November, criminals spent just over $1 million on these transactions for an average of $37,535 per day. More than half of that spending happened on Nov. 25 when criminals spent $506,969.
The SpyCloud team found that compromised account logins for dating apps were the most trafficked, followed by retail, food and gaming accounts. Tooling for the purpose of orchestrating credential stuffing attacks was also widely available.
Criminals typically leverage stolen dating accounts to set up spambots or use social engineering tactics to scam unwitting victims. Retail and food sales typically include users’ ecommerce account credentials as well as gift cards and gift codes being sold at steep discounts. Researchers also found thousands of account credentials for well-known gaming and streaming services. In some cases, people purchasing the accounts may not even be aware they are buying stolen account data. They might simply be looking for a bargain.
“These criminals use a lot of the same marketing techniques that legitimate retailers use,” said Fryt. “They promote their products and offer discounts to their buyers. Many of them even offer warranties and give refunds or replacements when something goes wrong.”
This is the second year SpyCloud tracked dark web transactions leading up to Black Friday and Cyber Monday. This year, the activity spiked on Nov. 18, a few days earlier than in 2019, presumably due to an extended shopping season resulting from the Covid-19 pandemic.
SpyCloud will host a webinar at 2pm CT on Wednesday, Dec. 9, to dig deeper into its findings and explain what businesses and consumers can do to protect themselves from fraud. To register: https://spycloud.com/resource/webinar-dark-web-holiday-trends/
SpyCloud is the leader in account takeover (ATO) prevention, protecting billions of consumer and employee accounts either directly or through product integrations. Our award-winning solutions – backed by the world’s most comprehensive and actionable repository of exposed assets – proactively defeat fraud attempts and disrupt the criminals’ ability to profit from stolen information. Learn more and check your exposure at spycloud.com.