Malware City/Blog/

May
18
Filed Under:
MISCELLANEOUS

I just saw my money flying away… far away…

18 May 2011
Online shopping is becoming more and more commonplace. With today's wild daily schedules, people need to find ways to save time. How about some shopping and paying online? Gladly. In this study I tried to find out more about people’s habits as far as online shopping and paying methods are concerned, as well as to determine the extent of their awareness about credit cards credentials being cybercriminals’ preferred target..

The study comprises 2 parts: a survey conducted on 2,210 users and a challenge: would I be able to find credit card credentials on the internet or, at least buy them from “generous” persons?

Part 1: Hello, do you accept the cybercriminal’s transaction?

Aiming to find out more about peoples’ habits when it comes buying online, a survey was carried out using a sample of 2,210 individuals (age rank: 18-65 years). Don’t take this study as representative for the entire online buyer community, but more as a snapshot of humans’ approach to online shopping.

The first question of the survey aimed to determine if the interviewed people buy things online and if they use online paying methods for their purchases. 97% of respondents answered affirmatively, and only 3% declared that they had never used online shopping methods. The study also revealed some of respondents’ purchasing preferences: electronics (including games) – 78%, clothes and cosmetics -43% (especially women) and various gifts (including flowers) – 32%. When it comes to paying for these things, 98% of respondents use several online methods. Moreover, in order to save time, they use the same methods to pay different bills (utilities, taxes, reservations, etc).

When asked if they know about the phishing phenomenon/fake sites, they gave both affirmative (73%) and negative answers (27%).  In addition to that, a huge majority (98%) declared that they had received a message in which they were asked to provide their credit card details at least once. These messages were sent by impersonators of various (financial) institutions (65%) or even by unknown individuals (35%). What is worse – 57% of respondents actually answered such requests, and provided their sensitive information. Afterwards, they came to understand that somewhere along the way they had been the victims of cybercriminals: 65% couldn’t access their e-mails (required alongside with the credit card details), 43% observed that some amounts of money just flew away from their bank accounts, and 32% were phone-called by banks to accept the cybercriminals’ transactions. 

Part 2: And now, let me try!

Knowing how big this internet is, I wanted to see what kind of information related to credit cards I can find, performing a quick and simple search.

Well… things are not very optimistic for the ones that gave their credentials, because I found everything I wanted and could be used in order to clean out a bank account: name, address, online ID, PIN, CVV, ExpDate, Security Questions and answers. How many? From a simple 5 minutes search – around 30 bank accounts.

Ok, but if you’re not skilled?!? Then, you can buy these details, if you have money. How much? Hmmm.,. not very much: between 17 and 200 UDS per account (depending on the information the cybercriminals offer you, and, of course, on your negotiation dexterity).

Until the next study, keep a close watch on your bank account, and surf safely on online shops!





By Sabina Datcu
Sabina Datcu, PhD has background training in Applied Informatics and Statistics, Biology and Foreign Languages and Literatures. In 2003 she obtained a master degree in Systems Ecology and in 2009 a PhD degree in Applied Informatics and Statistics.

Related

13-05-2011 | Mac® OS X Threats in Review: from Rogue AV to Dedicated Malware Kits

13-05-2011 | No comment? Try again!

06-05-2011 | I dub thee Admin of Page [x]. Arise and Get your Scam

05-05-2011 | Blog Spam Reinvented: Bombing Blog Admins One Link at a Time

Comments:

Nick Selby said on May-18-2011 06:17

Can you make available the raw survey data for analysis?

Joe said on May-18-2011 17:25

What's your theory as to why only a max of 65% of those whom responded to phishing attempts saw something bad happen to their accounts/identity? Seems like if 57% of people responded to phishing attempts, then we should see 100% of those folks finding out later their accounts were accessed or messed with.

That's the real question in above study, even though 57% of people get phished => only 36% of total people saw anything bad happen as a result. Why isn't that 57%?

white bedroom furniture said on Aug-8-2011 05:26

Hello Sabina,
actually, The things you pointed out (phishing scams, etc.) are not the only risks one can run into when using credit cards. I suggest you read this interesting article, explaining how to protect oneself from credit card fraud: http://service.futurequest.net/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=65

I'm also interested in this: as Nick Selby asked, can you make available the raw survey data for analysis?

Orlando payroll processing said on Oct-13-2011 15:17

Thanks for the great article. I have been worried about my money safety. My company just changed their payroll software. I feel much better about it now.

Comment on this

Name:

Email:

Website:

Your email adress will not be published.