According to experts, this is only “the tip of the iceberg”, since 63% of the cards were accompanied by other private information.
Although banks and other financial institutions do much to protect their customers from credit and debit card frauds, criminals continue to find ways to break into victims’ wallets. NordVPN’s most recent research analyzed 6 million stolen cards found on the dark web. Two out of three cards came with at least some kind of private information, such as an address, cell phone number, email address or even Social Security number.
No less than 156613 cards analyzed belonged to Mexicans, making Mexico the fourth most affected country in the world and the first in South America. The researchers also estimated that the average price of Mexican cards on the dark web is 117. 04 Mexican pesos (world average – 121.82 Mexican pesos). Mexican cards are prone to fraud. According to NordVPN’s Card Fraud Risk Index, on a scale of 0 to 1, Mexico’s card fraud risk index is 0. 54.
“The cards found by the researchers are just the tip of the iceberg. The information sold with these cards makes them much more dangerous,” says Adrianus Warmenhoven, cybersecurity advisor at NordVPN.
“In the past, experts linked card fraud to brute force attacks, when a criminal tries to guess the payment card number and CVV to use their victim’s card. However, most of the cards we found during our investigation were sold along with the email and home addresses of their victim’s card. However, most of the cards we found during our investigation were sold along with the email and home addresses of their victims, which are impossible to brute-force. Therefore, we can conclude that they were stolen using more sophisticated methods, such as phishing and malware.”
Impersonation through payment card fraud
By selling the database analyzed in the investigation, cybercriminals could earn more than 321.28 million Mexican pesos in total. If purchased, this credit and debit card data could report criminals far more than they originally paid for it.
16550 payment cards for sale included the mailing address and almost 8734 cards included the cell phone numbers of their Mexican holders.
If a data breach or hack exposes users’ card data, as well as their addresses and other personal information, it can lead to theft of identity. Once the attacker has obtained the victim’s name, postal address, and email address, they may even abuse legal methods (such as using the GDPR right of access to obtain more personal information) to carry out the phishing plan or commit other malicious activities.
Mexico, the most affected country in South America. Brazil, the second
Brazil was affected by the theft of more than 144,000 cards, making it the second most affected country in South America and the fifth in the world. Chile suffered the theft of more than 13000 cards, Argentina almost 17000 and Peru around 14000.
Malta, Australia and New Zealand lead the risk index. Mexico in 41st place
NordVPN researchers have calculated the risks posed by credit card theft and related cyberattacks to residents in 98 countries. Malta, Australia and New Zealand are on top of the risk index, with Mexico ranked 41st.
At the other end of the spectrum, Russia scored the lowest risk score, with China coming in second-to-last. These results seem to confirm the prevailing assumptions about the location of large-scale hacking operations and the fact that Anglo-European countries are the intended target.
58.1% of stolen cards issued in the U.S.
More than half of the 6 million stolen credit card records analyzed came from the United States, likely due to its high card popularity ratings. its considerable population and strong economy. However, the stolen U.S. cards were relatively priced (119.33 Mexican pesos versus 121.82 Mexican pesos on the world average) in dark web markets; the most valued cards (with an average of 200.80 Mexican pesos) came from Denmark.
Protecting yourself from credit card frauds
“Few criminals now use brute force to steal card information. This means that the techniques are becoming more sophisticated. However, this also means that informed users are less likely to be affected,” says Adrianus Warmenhoven. To make users feel safer online, Adrianus Warmenhoven offers the following tips.
- Use passwords that are impossible to copy. Use different secret keys for each account and store them in an encrypted password manager, such as NordPass. Make sure your passwords comprises at least 20 letters, numbers, and symbols.
- Download the app from your bank. Use the official app to keep track of your balance, paying special attention to any unusual deductions. Some apps alert you to every transaction in real.
- Respond to data breaches: Immediately change your username and password if a company informs you that your data has been implicated in a data breach If you have used the same one elsewhere, change it there as well.
- Use anti-malware software : Anti-malware software (such as NordVPN’s Threat Protection) will make sure you don’t download malicious files onto your device and protect you from viruses that steal information.