Black Friday has long been a big day for retailers to kickstart the traditional holiday shopping season with great deals, but they weren’t the only ones promoting bargains over the last few days. Cybercriminals have gotten in on the action, too.
In the days leading up to Black Friday and Cyber Monday, criminal transactions for exposed consumer data on the dark web spiked, according to new research from SpyCloud, known for its unique anti-fraud platform powering account takeover prevention and fraud investigations solutions.
“Retailers aren’t the only ones offering deals this time of year, and consumers aren’t the only ones out shopping,” said Olivia Fryt, senior security researcher at SpyCloud. “This research shows that criminals, both buyers and sellers, are increasingly active during the holidays. They are busy and making money. People need to remain especially vigilant to avoid becoming victims.”
SpyCloud examined popular cracking forums and identified over 800 individual storefronts across three online selling platforms. Researchers then scraped inventory and transaction data from those shops to compile the results.
The number of transactions, amount of inventory, value of stolen information and amount of sales increased exponentially from normal periods. The number of transactions for hacked online accounts averaged 10,079 per day during November but skyrocketed to 143,110 on Nov. 24. For the first 28 days of November, criminals spent just over $1 million on these transactions for an average of $37,535 per day. More than half of that spending happened on Nov. 25 when criminals spent $506,969.
The SpyCloud team found that compromised account logins for dating apps were the most trafficked, followed by retail, food and gaming accounts. Tooling for the purpose of orchestrating credential stuffing attacks was also widely available.
Criminals typically leverage stolen dating accounts to set up spambots or use social engineering tactics to scam unwitting victims. Retail and food sales typically include users’ ecommerce account credentials as well as gift cards and gift codes being sold at steep discounts. Researchers also found thousands of account credentials for well-known gaming and streaming services. In some cases, people purchasing the accounts may not even be aware they are buying stolen account data. They might simply be looking for a bargain.
“These criminals use a lot of the same marketing techniques that legitimate retailers use,” said Fryt. “They promote their products and offer discounts to their buyers. Many of them even offer warranties and give refunds or replacements when something goes wrong.”
This is the second year SpyCloud tracked dark web transactions leading up to Black Friday and Cyber Monday. This year, the activity spiked on Nov. 18, a few days earlier than in 2019, presumably due to an extended shopping season resulting from the Covid-19 pandemic.
Image licensed in Pixabay.com