I just saw my money flying away

Online shopping is becoming more and more commonplace. With today's wild daily schedules, people need to find ways to save time. How about some shopping and paying online? Gladly. In this study I tried to find out more about people

The study comprises 2 parts: a survey conducted on 2,210 users and a challenge: would I be able to find credit card credentials on the internet or, at least buy them from “generous” persons?

Part 1: Hello, do you accept the cybercriminal’s transaction?

Aiming to find out more about peoples’ habits when it comes buying online, a survey was carried out using a sample of 2,210 individuals (age rank: 18-65 years). Don’t take this study as representative for the entire online buyer community, but more as a snapshot of humans’ approach to online shopping.

The first question of the survey aimed to determine if the interviewed people buy things online and if they use online paying methods for their purchases. 97% of respondents answered affirmatively, and only 3% declared that they had never used online shopping methods. The study also revealed some of respondents’ purchasing preferences: electronics (including games) – 78%, clothes and cosmetics -43% (especially women) and various gifts (including flowers) – 32%. When it comes to paying for these things, 98% of respondents use several online methods. Moreover, in order to save time, they use the same methods to pay different bills (utilities, taxes, reservations, etc).

When asked if they know about the phishing phenomenon/fake sites, they gave both affirmative (73%) and negative answers (27%).  In addition to that, a huge majority (98%) declared that they had received a message in which they were asked to provide their credit card details at least once. These messages were sent by impersonators of various (financial) institutions (65%) or even by unknown individuals (35%). What is worse – 57% of respondents actually answered such requests, and provided their sensitive information. Afterwards, they came to understand that somewhere along the way they had been the victims of cybercriminals: 65% couldn’t access their e-mails (required alongside with the credit card details), 43% observed that some amounts of money just flew away from their bank accounts, and 32% were phone-called by banks to accept the cybercriminals’ transactions. 

Part 2: And now, let me try!

Knowing how big this internet is, I wanted to see what kind of information related to credit cards I can find, performing a quick and simple search.

Well… things are not very optimistic for the ones that gave their credentials, because I found everything I wanted and could be used in order to clean out a bank account: name, address, online ID, PIN, CVV, ExpDate, Security Questions and answers. How many? From a simple 5 minutes search – around 30 bank accounts.

Ok, but if you’re not skilled?!? Then, you can buy these details, if you have money. How much? Hmmm.,. not very much: between 17 and 200 UDS per account (depending on the information the cybercriminals offer you, and, of course, on your negotiation dexterity).

Until the next study, keep a close watch on your bank account, and surf safely on online shops!

About the author

Sabina DATCU

Sabina Datcu, PhD has background training in Applied Informatics and Statistics, Biology and Foreign Languages and Literatures. In 2003 she obtained a master degree in Systems Ecology and in 2009 a PhD degree in Applied Informatics and Statistics.
Since 2001, she was involved in University of Bucharest's FP 5 and FP6 European projects, as researcher in Information and Knowledge Management field.

In 2009, she joined the E-Threat Analysis and Communication Team at BitDefender as technology writer and researcher, and started to write a wide range of IT&C security-related content, from malware, spam and phishing alerts to technical whitepapers and press releases.