Compromised online accounts for sale
Posted on 19 July 2012.
The recently unearthed website of a service specializing in selling access to compromised email and social networking accounts of Russian and Ukrainian users offers a fascinating glimpse into just how much one such account is worth to spammers.

According to Webroot's Dancho Danchev, the service offers access to Facebook, Twitter, LiveJournal, Vkontakte and other social networking accounts, as well as to email accounts opened with Mail.ru, Rambler.ru, Yandex.ru and Qip.ru.

Wannabe spammers and social engineers can choose to buy accounts by the service, and should be ready to pay 190 rubles ($5.9) for 100 compromised Vkontakte accounts belonging mostly to Russian users, or 180 rubles ($5.6) for the same number belonging to mostly Ukrainian users.

Facebook accounts are somewhat cheaper - 500 for 200 rubles ($6.2), and the same number of compromised Twitter account can be had for 250 rubles ($7.7).

And compromised email accounts are cheaper still:


If the owners of the site and service are to be believed, most of these accounts were compromised through social engineering and brute-forcing.

"What this service offers is an easy entry into the world of cybercrime for average cyber criminals looking for fresh platforms to further disseminate their social engineering campaigns attempting to trick users into interacting with their fraudulent scheme," Danchev comments.

"Once a compromised accounts gets resold, the new owner will abuse the ‘chain of trust’ and attempt to serve malware and launch social engineering attacks such as, for instance, phishing knowing that users are more likely to trust a message or a Wall post from a trusted friend. That’s their way of achieving a positive ROI (return on investment) on their initial purchase."






Spotlight

The security threat of unsanctioned file sharing

Posted on 31 October 2014.  |  Organisational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees, and employees routinely breach IT policies.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //