For $12.99, You Can Get the New Disney Bundle, or Illegal Access to Someone’s Social Media Account

Data breaches lead to dark web sales at shockingly low prices. Content abuse prevention remains elusive on social. Bots are now into sextortion. This Week in Fraud News, October 18, 2019.

Some weeks, fraud news can get pretty exotic. Other weeks, you’d swear you just saw the very same stories the week before. This week, we’ve got a little bit of everything — the yawn-inducing and the jaw-dropping, the unexpected, and the unexplained, the mystifying, and the maddening.

We’ll start with a jaw-dropper: 26 million stolen payment cards leaked!

Data for a whopping 26 million stolen payment cards leaked in hack of fraud bazaar

“Krebs said that Gemini Advisory, a company that monitors dozens of underground markets trafficking stolen card data, currently tracks a total of 87 million credit and debit card records. The haul of 26 million cards means that about a third of that supply has been taken out of circulation in a single swipe.”

If you’re curious about what happens in the aftermath of breaches like the one described above, Digital Trends had some information for you this week:

This Is How Much Your Personal Data Costs on the Dark Web | Digital Trends

“To gain access to someone’s social media accounts, VPNOverview asserts that someone can purchase that access ‘for as cheap as $12.99.’ A victim’s personal information can be sold at a price ranging from $40 to $200. And bank details have a price range of $50 to $200.”

Those are worrisome numbers, to put it mildly. Access to your social media account for $12.99? Think of all the damage that could be done — from reputational damage related to abusive content, to financial damage through access to ad accounts, to app access via social logins, it’s genuinely frightening to consider all the havoc a fraudster could wreak, and all for the cost of a Disney bundle.

Speaking of genuinely frightening, if you’re on the receiving end of one of these spam attacks, you probably had cause for some nervousness, to say the least:

Botnet evolves to use 'sextortion' threat to scam users

“According to Check Point, the Phorpiex bot downloads an email database from a command and control server, randomly selects an email address from the database, and sends its spam message to the address, claiming to have the victim’s private data and a video of the victim “SATISFYING YOURSELF” via the victim’s webcam … But the bot ups the spam game by using databases that include leaked passwords and including those in the email, thus making the attack seem more authentic to victims. The email, of course, demands payment via Bitcoin to prevent the alleged video from being spread.”

The question you’re probably asking right now is, is anybody doing anything about this?

Well, Facebook is trying …

Facebook is reportedly locking users out for reporting fake accounts

“In a completely bizarre incident, Facebook is locking people who report scammers, fake accounts, and impersonators out of the accounts for days. Due to this, #FacebookLockout is trending on twitter with many users angry at the social network’s strange behavior … Here’s what’s happening, if you report an impersonating account, Facebook will lock your account and ask for an ID for verification. However, even if you scan your ID, it won’t let you in.”

Sometimes it seems like Facebook can’t win. You’d think, with all the talent and money they have at their disposal, they’d be able to figure this out. It’s a mystery no one seems to have the answer to, although The Verge made an attempt this week to try and get to the bottom of things:

Why social networks keep tripping over their own content moderation policies

“The swarm of headlines about content moderation over the past week should not be mistaken as a coincidence. What stays up — and what comes down — has never been a more salient question in people’s minds. And absent any meaningful regulation, expect the tech platforms to keep fumbling their way forward, trying to appease as many users as possible.”

If this week’s news leaves you with more questions than answers, rest assured, you’re not alone! Among the questions we’re wrestling with:

• Will malicious content continue to pollute social ecosystems?
• Will people still pay in bitcoin to avoid the threat of indecent exposure?
• Will your Facebook account come available on the dark web, and will purchasing it there be easier than getting in through your normal login?

Join us next week to get the answers to these questions, and more!