A new study gives us a first-hand glimpse into the prices that compromised credit cards, bank accounts and other stolen information can sell for in online criminal marketplaces.
Security researchers at Privacy Affairs have put together a list that shows how much cybercriminals charge for stolen data on hacker forums.
- The best identity theft protection services to keep your personal data safe
- Best VPN: add an extra layer of security with a virtual private network
- Latest: Watch out for these fake online shopping sites, FBI warns
Breaking down the prices
According to the Privacy Affairs report (opens in new tab), American Express cards with valid PINs are the most profitable stolen credit cards, selling for an average of $35 each. But login credentials for online bank accounts that have balances of at least $2,000 generally list for $65 apiece.
The researchers also looked at non-credit-card payment processing services and found that stolen PayPal details are hugely in demand on these forums. PayPal transfers of $1,000-$3,000 sell for an average of $320, but oddly, larger PayPal transfers of $3,000 or more sell for only an average of $156.
When it comes to forged documents, U.S., Canadian and European passports go for a staggering average of $1,500. Meanwhile, both “high quality” American drivers' licenses and European national ID cards command average prices of $550.
Among compromised social networking and webmail accounts, the most expensive type is a Gmail account, which would sell for an average of $155.73 per account. Other in-demand account types include Facebook accounts ($74.50), Instagram accounts ($55.45) and Twitter accounts ($49).
Selling their criminal expertise
Because cybercrime has become a service industry, crooks also sell malware and distributed-denial -of-service (DDoS) attack services via these forums. Average price tags for 1,000 malware installations range from $70 to $6,000, depending on the malware's quality, success rate and geographical target area.
Meanwhile, DDoS attacks can be as cheap as an average $10 per hour for attacks on unprotected websites, with bulk discounts for longer periods of time. But for DDoS attacks on "premium" protected websites, those rates triple.
“For the average person, underground market data isn’t necessarily going to provide much use as they most likely aren’t shopping around for stolen card data or PayPal accounts. Though this is true, the prices at which these items sell provide a powerful perspective,” wrote Miguel Gomez, a cyber security expert at Privacy Affairs.
“If someone gets their hands on your financial details or social media credentials, the prices mentioned above is basically what it’s worth to them. There’s a good chance that you value these things much more than they do, as to them you’re just another mark for a quick buck.”
To prevent cyber criminals from gaining access to your data, you should use strong passwords (and one of the best password managers), avoid reusing passwords on different accounts, use security mechanisms like two-factor authentication, question how much personal information you really need to share and download and use one of the best antivirus programs.
- More: Online security is just one of many handy VPN uses