ForHacSec

F-Secure has reported how on-line criminals are selling stolen credit card data on Twitter.

–

For example, check out Mr. SshoaibAhmed:

Let’s follow the link…

Indeed, he seems to sell credit card info, most likely collected with keyloggers from infected home computers.

The prices of stolen credit cards range from $2 to $20, depending on the country where they were stolen from:

“vis” stands for VISA, “mas” for MasterCard, “dis” for Discovery, and “amex” for American Express cards.

Alternatively, if you’d rather not use stolen credit cards yourself, you can have him buy you iPhones, iPads and laptops with stolen credit cards and ship them to you. In practice, the thief will log into an online store, then purchase an iPad as a gift purchase, giving your address as the delivery address and paying for the good with a stolen credit card. An iPad bought like this goes for $150.

But keyloggers collect more than credit cards. They also record passwords when you log into online services.

So this vendor is also selling access to other people’s online bank accounts. An account with a balance of $28,000 sells for $1,000:

Finally, to prove he really has the goods, the vendor posts “demo” information. Which basically is personal information of a handful of victims, including names, home addresses, credit card numbers and passwords (heavily redacted here):

The accounts shown above have been reported to relevant authorities according to F-Secure.