Attackers like Magecart are always active, tracking and stealing payment card details of customers from e-commerce sites. Such type of attacks is usually carried out using a card-skimming malware that is designed to capture as many credit or debit card details as possible but what happens next, is the big question?
It is normal for threat actors to sell the stolen payment card details on underground forums or use it for their own fraudulent purchases.
Unveiling the dirty work
To understand the dirty work - as to how fast the stolen payment card data is distributed over the internet and dark web - David Greenwood from ThreatPipes got hold of an anonymous Visa prepaid card.
Greenwood tried to sell the data directly on the dark web only to find that there were no takers. So he decided to go with a different option and give it away for free. The details including the expiration date, CVV code, and billing address was dumped onto multiple paste sites.
Nothing happened for two hours. Then, the researcher’s card recorded a micro-transaction designed to check if the data was valid. The card was eventually used at the site for a well-known British retailer.
These tests were carried out by fraudsters using bots and scripts. Greenwood notes that an army of bots and scripts are constantly scanning the internet to see if the data they encounter is good or burnt. The data can range from sensitive company information to network data to users’ credentials.
Tips to stay safe
With the increase in the theft of payment card details, users should always be on the toe to beat such attacks. They should periodically monitor their account statements to spot fishy charges or fraudulent purchases.