The study comprises 2 parts: a survey conducted on 2,210 users and a challenge: would I be able to find credit card credentials on the internet or, at least buy them from “generous” persons?
Part 1: Hello, do you accept the cybercriminal’s transaction?
Aiming to find out more about peoples’ habits when it comes buying online, a survey was carried out using a sample of 2,210 individuals (age rank: 18-65 years). Don’t take this study as representative for the entire online buyer community, but more as a snapshot of humans’ approach to online shopping.
The first question of the survey aimed to determine if the interviewed people buy things online and if they use online paying methods for their purchases. 97% of respondents answered affirmatively, and only 3% declared that they had never used online shopping methods. The study also revealed some of respondents’ purchasing preferences: electronics (including games) – 78%, clothes and cosmetics -43% (especially women) and various gifts (including flowers) – 32%. When it comes to paying for these things, 98% of respondents use several online methods. Moreover, in order to save time, they use the same methods to pay different bills (utilities, taxes, reservations, etc).
When asked if they know about the phishing phenomenon/fake sites, they gave both affirmative (73%) and negative answers (27%). In addition to that, a huge majority (98%) declared that they had received a message in which they were asked to provide their credit card details at least once. These messages were sent by impersonators of various (financial) institutions (65%) or even by unknown individuals (35%). What is worse – 57% of respondents actually answered such requests, and provided their sensitive information. Afterwards, they came to understand that somewhere along the way they had been the victims of cybercriminals: 65% couldn’t access their e-mails (required alongside with the credit card details), 43% observed that some amounts of money just flew away from their bank accounts, and 32% were phone-called by banks to accept the cybercriminals’ transactions.
Part 2: And now, let me try!
Knowing how big this internet is, I wanted to see what kind of information related to credit cards I can find, performing a quick and simple search.
Well… things are not very optimistic for the ones that gave their credentials, because I found everything I wanted and could be used in order to clean out a bank account: name, address, online ID, PIN, CVV, ExpDate, Security Questions and answers. How many? From a simple 5 minutes search – around 30 bank accounts.
Ok, but if you’re not skilled?!? Then, you can buy these details, if you have money. How much? Hmmm.,. not very much: between 17 and 200 UDS per account (depending on the information the cybercriminals offer you, and, of course, on your negotiation dexterity).
Until the next study, keep a close watch on your bank account, and surf safely on online shops!