(Source – NordVPN)

Data from 22,504 stolen Malaysian payment cards found on the dark web

  • NordVPN researchers have calculated the risks posed by credit card theft and related cyberattacks to residents in 98 countries.
  • Malta, Australia, and New Zealand came at the top of the risk index, and Malaysia came in 21st place.
  • As many as 22,504 (0.4%) analyzed payment cards belonging to Malaysia.

According to research by NordVPN, data from six million stolen payment cards have been found on the dark web. What’s more concerning about this discovery is that 63% of the stolen cards came bundled with other private information.

While banks and financial institutions continue to protect customers from payment card fraud, scammers and cybercriminals are still finding a way in getting this information from victims. The research which analyzed six million payment cards on the dark web also revealed that two in three cards came bundled with at least some private information, such as an address, phone number, email address, or even Social Security number (SSN).

Based on their findings, NordVPN researchers have calculated the risks posed by credit card theft and related cyberattacks to residents in 98 countries. Malta, Australia, and New Zealand came at the top of the risk index, and Malaysia came in 21st place.

Surprisingly, Russia had the lowest risk score, and China was 3rd from last. These findings seem to confirm prevailing hypotheses regarding the location of large-scale hacking operations and the purposeful targeting of Anglo-European countries.

58.1% of stolen cards issued in the US

Over half of the 6 million stolen credit card records analyzed came from the US, most likely due to its high rates of card penetration, sizable population, and a strong economy. However, stolen US cards commanded a comparatively low price on dark web marketplaces while the most valued cards were from Denmark.

stolen cards

(Source – NordVPN)

Researchers also believe that 22,504 analyzed cards belonged originated from Malaysia. The estimated average price of Malaysian cards on the dark web is RM35.54, which is around the global average price for such information. In fact, Malaysian payment cards are prone to fraud as NordVPN’s card fraud risk index ranks Malaysia’s payment card fraud risk index as 0.67, on a scale of 0 to 1.

“The cards researchers found are just the tip of the iceberg. The information sold alongside these cards makes it much more dangerous,” says Adrianus Warmenhoven, a cybersecurity advisor at NordVPN.

“In the past, experts linked payment card fraud to brute-force attacks — when a criminal tries to guess a payment card number and CVV to use their victim’s card. However, most of the cards we found during our research were sold alongside the email and home addresses of their victims, which are impossible to brute force. We can therefore conclude that they were stolen using more sophisticated methods, such as phishing and malware,” added Warmenhoven.

Identity theft through payment card fraud

Looking specifically at Malaysia, there are 9,000 payment cards for sale in the dark web containing data which included Malaysian owners’ home addresses, 4,600 included telephone numbers, 3,500 cards included email addresses, and around 134 cards included their owners’ date of birth.

The sale of this information could easily see cybercriminals profiting more than RM82 million in total. If purchased, these payment card details could net criminals much more than they originally paid for them.

If a data breach or hack exposes users’ card details as well as their addresses and other personal information, it can lead to identity theft. Once the attacker has obtained the victim’s name, home address, and email address, they may even abuse legal methods (such as using the GDPR’s right to access more personal information) in furthering the identity theft scheme or committing other malicious activities.

“Few criminals now use brute force to steal payment card information. This means that techniques are becoming more sophisticated. However, this also means that informed users have less chance of being affected,” explained Warmenhoven.

Warmenhoven also suggested the following tips to help users feel more secure online.

  • Use impenetrable passwords: Use different passwords for each account and store passwords in an encrypted password manager. Make sure passwords consist of at least 20 letters, numbers, and symbols.
  • Download the bank’s app: Use it to track money, paying particular attention to any unusual deductions. Some apps will notify every transaction in real-time — just make sure to look.
  • Respond to data breaches: Change username and password immediately if a company informs users that personal details were involved in a data breach. If using the same one elsewhere, change it there too.
  • Use anti-malware software: Anti-malware software will ensure that users do not download malicious files to their devices and will protect them from info-stealing viruses.