identity theft

Criminals are using exploiting holes in wireless security to steal passwords and account details from ATM machines without the need installing skimming devices.

Criminals conduct this activity by placing a “skimming” device over the card reader of a legitimate ATM and install a pin pad over the keys. When a customer would use the ATM, the skimming machine would be able to capture the customers account data as well as the pin code. Once the machine was recovered, then the criminal would  have the information needed to breach the account.

Internet security experts state that criminals are now attempting to access debit card pin numbers and account information without installing the devices by targeting the machines through the internet.

In its 2014 Data Breach Investigation Report, Verizon studied 130 incidents of ATM skimming cases in 2013. Most of the ATM breaches took place at ATM machines and at gas pumps, where many customers use their debit cards to purchase gas. According to the report, the country with the most ATM skimming cases was Bulgaria, followed by Armenia, Romania, Brazil and the United States.

Source:  Jordan Robertson, “What Happens When the ‘Internet of Things’ Comes to ATM Skimmers,” Bloomberg, April 22, 2014.

Over 129,500 people were recorded as victims of identity theft in the United Kingdom in 2013, according to reports to criminal justice programs. The id theft cases accounted for over 60 percent of all fraud cases in the country, according to a fraud prevention service.

Over 90 percent of identity theft involving plastic card accounts were committed on the Internet.

Criminals targeted credit cards the most, with credit card fraud accounting for 30 percent of all frauds, an increase from 24 percent in 2012. Mortgage fraud in the UK also increased by 26 percent, and loan fraud increased by 55 percent in 2013.

(Prices of online fraud and cyber crimes.)

Source:  Warwick Ashford, “Identity theft linked to 60% of UK fraud in 2013,” ComputerWeekly, March 4, 2014.

In a study of all cyber attacks and data breaches that was officially reported in 2013, the Identity Theft Resource Center found that the health-care sector had the most attacks.

Health care companies and organizations had 267 data breaches in 2013. These data breaches consists of patients identities being stolen or accessed by hackers. The health care industry suffered 43 percent of all cyber attacks in 2013.

The business sector reported 201 cyber attacks in 2013, or 34 percent of major breaches.

Government and military branches reported 63 breaches, educational institutions reported 56 breaches, and the banking, credit cards and other financial institutions reported 23 data breaches, or 3.7 percent of the total.

In all, over 57 million records containing essential identity information was breached in 2013.

Most of the health care beaches took place at hospitals and insurance providers. The health care records of patients are a popular target for hackers due to the many different ways that information can be used. From basic social security numbers to being able to buy prescription drugs, the data is readily available for sale on black market forums.

Medical identity theft caused victims to lose up to $12 Billion in 2012.

Source:  Amrita Jayakumar, “Cyberattacks are on the rise. And health-care data is the biggest target,” Washington Post, Wonkblog, February 5, 2014.


According to the the Online Trust Alliance. over 740 million credit cards and similar accounts were exposed by hackers or other security breaches in 2013.  Cyber security experts believe that the number is on the low estimates, and that more credit cards could have been hacked yet not identified or publicly released. Included in this figure is the over 40 million credit cards numbers that were stolen from Target during the 2013 holiday shopping season.

Most of these credit card numbers are available for sale on the black market at online forums. The Target credit cards were for sale for $26.60 to $44.80.

After they have been purchased, security researchers have found that they are being used in small amounts in order to avoid detections.  Buyers from Cyprus, the United Kingdom and India use stolen credit cards and make purchases for $9.84 cents. By keeping the purchased amount low, the cyber criminals are able to avoid red flags, detection by automatic fraud alerts, and even the card owner looking over the card statement.

(More prices for criminal hacking services.)

Source:  John Bacon and Byron Acohido, “If the credit charge was $9.84, take a closer look,” USA Today, January 28, 2014.

In 2013, the Internal Revenue Service conducted 1,492 criminal investigations for identity theft in the United States. The number of investigations was an increase of 66 percent from 2012.

436 people were sentenced in court for identity theft cases involving tax returns in 2013.

14.6 million tax returns were flagged by the agency for being suspicious between 2011 and 2013. In total, the return flagged as suspicious blocked over $50 Billion in fraudulent tax returns.

In 2012, a total of $4 billion of fraudulent tax returns were issued to people who used stolen identities. The number lost in 2012 was slightly higher than the $3.6 Billion issued in 2011.

The way the scam works is that identity thieves use a person’s social security number to file tax returns early in the filing season. By quickly filing the returns, the thieves can claim refunds before the taxpayer can file. Since the IRS issues most refunds within 3 weeks, the thieves are able to get the tax refund before the legitimate taxpayer is able to file.

Source: Associated Press, “IRS: Identity theft prosecutions double in 2013,” CNBC, January 8, 2014.

In December 2013, it was reported that US retailer Target had a data breach where 40 million credit cards and debit cards were stolen. The thieves stole the information when customers made purchases starting on November 27, 2013, which was Black Friday. The breach lasted until December 15, 2013.

By December 18, 2013, the credit card numbers were available for sale at online black market forums where credit cards and identity sets are sold. According to security researcher Brian Kreb, who broke the story, the prices of these cards were available for purchase for $26.60 to $44.80. The forums does not accept payment in credit cards, so buyers would need to pay for these products by  Bitcoin or other virtual currencies.

(Prices of other cyber crimes and hacking.)

Source:  Brian Kreb, “Cards Stolen in Target Breach Flood Underground Markets,” Krebs on Security, December 20, 2013.

For every $100 in credit card transactions, about 6 cents is lost to fraud.

In 2012, global businesses lost $11.27 Billion to credit card fraud, an increase of 14.6 percent from 2011.

Credit card fraud in the United States accounted for 47 percent of all fraudulent charges in 2012. The rate of fraud was the highest in the world, with the United States accounting for 24 percent of credit car payments by volume.

(Prices of cyber threats and online fraud.)

Source:  Joshua Brustein, “Why the U.S. Leaves Its Credit-Card System Vulnerable to Fraud,” Bloomberg Businessweek, December 23, 2013.

In a household survey conducted by the Bureau of Justice Statistics, 16.6 million people in the United States fell victim to identity theft in 2012, or 1 out of every 14 people over the age of 16 in the United States.

The financial losses from identity theft resulted in $24.7 Billion.  In comparison, the total financial losses from household burglary, motor vehicle theft, and property theft total $14 Billion.

Two thirds of id theft victims was impacted with financial losses. The average amount of money that each id theft victim faced was $1,769.

Roughly 7.7 million people reported that fraudulent use of a credit card. 7.5 million people were victimized though the fraudulent use of a bank account, such as a debit card, checking account or savings account.

Source:  Associated Press, “Gov’t: 1 in 14 Fell Prey to Identity Theft in 2012,” ABC News, December 12, 2013.

Source:  Erin Fuchs, “Identity Theft Now Costs Far More Than All Other Property Crimes COMBINED,” Business Insider, December 12, 2013.

Doxing is a term that is used when a person’s personal information is obtained and released on tot the Internet. Hackers on underground forums offer doxing services to paying customers that wish to find out more information about a target victim. The hackers who are hired accomplish this task by searching public databases, crawling through the person’s social media profiles, conducting social engineering techniques and infecting viruses on the computer to steal data.

According to internet security researchers, hiring the services of a hacker to dox someone costs between $25 to $100.

(More cybercrime prices here.)

Source:  Ellizabeth Clarke, “The Underground Hacking Economy is Alive and Well,” Dell Secure Works, Security and Compliance Blog, November 18, 2013.

According to security researchers with McAfee, online hackers sell the log-in credentials for online banking accounts for a portion of the available balance.

For a United States bank account with full log-in information, the account is sold for 2 percent of the total balance of money that is in the account. A European Union based account costs 4 to 6 percent of the balance.

Online money payment systems are also sold on cybercrime forums. The log-in details for accounts with PayPal or Moneybookers are sold for 6 to 20 percent of the balance that is in the account.

To launder cash through Western Union, hackers charge 10 percent of the amount to be transferred.

(More cybercrime and internet hacking prices here.)

Source (PDF):  Raj Samani, Francois Paget, “Cybercrime Exposed: Cybercrime-as-a-service,” McAfee, White Paper, July 2013.

(Additional examples of money laundering.)