IN THE hidden online world where illicit goods such as credit-card numbers and bank-account details are traded, it is chilling to learn that one of the most popular categories requested by participants is spam and phishing information.
It would be fair to say most of those seeking such information are hoping to cheat you.
In a new year-long study of this shadow cyber-world by Internet- security company Symantec, credit-card numbers were the most requested category, making up 24 per cent of all recorded requests.
But requests for spam and phishing information were close behind at 21 per cent.
This category includes e-mail addresses, e-mail account passwords and mailers.
Phishing is the attempt to get people to divulge confidential information, perhaps by counterfeiting well-known brands or merchants.
The cost of phishing attacks in the United States alone has been estimated at US$2.1 billion (S$3.1 billion) last year.
Still, credit cards were probably the most popular category on the criminal e-market because they "are easy to use for online shopping".
It is "often difficult for merchants or credit providers to identify and address fraudulent transactions before fraudsters complete them and receive their goods", Symantec noted.
In addition, credit-card information is often sold in bulk, with discounts or even free numbers thrown in.
It is also the most advertised category among sellers, since there are many easy ways to obtain such information: For instance, through phishing schemes, magnetic stripe-skimming devices, or database break-ins.
Symantec has estimated the potential worth of all credit cards advertised in the cyber underworld at an eye-popping US$5.3 billion.
The second-most-popular category advertised, at 20 per cent, was financial accounts. This includes bank-account credentials and online stock-trading accounts.
Stolen bank-account data retails for between US$10 and US$1,000, yet the average advertised stolen bank-account balance is nearly US$40,000, offering a nice profit for a crook if he could empty it.
By taking the average advertised balance of a stolen bank account and the average price for a stolen bank-account number, Symantec came up with a total figure of US$1.7 billion.
Though there were relatively few requests or advertisements for malicious tools (2 per cent in both instances), it is perhaps the most worrying category.
Such tools allow attackers to procure identities, credentials and other information: An entire stolen identity can be had in the underground economy for just US$1.
For a mere US$740, details of vulnerabilities of harder- to-penetrate financial sites can be purchased.
As for hosting of phishing scams, a "kit" can be had for only US$10 on average, with different advertisers offering daily, weekly or monthly rates.
In some instances, you can start phishing for as little as US$1.
