ThreatPipes expert David Greenwood conducted an interesting experiment – he decided to establish how long the information on bank cards that got into the network went unnoticed and how soon criminals became interested in it. The fact is that over the past two years, fraudsters have tried four times to use the bank card of the researcher, which could not fail to attract his attention.
First, Greenwood received an anonymous Visa prepaid card and himself tried to sell data on it on a darknet. It turned out that it is so simple, and to trade such information on hacker forums you need a reputation and people who can vouch for you. Then the researcher decided to go from the other side and published a fake set of bank card data on several paste-sites, including in the dump and data of his real card (including the expiration date, CVV and billing address).
After only two hours, a microtransaction was performed on the researcher’s card, designed to verify the reliability of the data. Such tests are usually automated and performed by special bots.
“Within two hours, someone (or something) tried to buy something from a well-known seller in the UK using my prepaid card, ”sums up the Greenwood experiment.
The experience of the researcher proves that the data that got into the network very quickly fall into the field of view of attackers. That is, after a data leak, the account goes literally for hours, which means that measures should be taken (blocking the card, changing passwords, and so on) too quickly.