Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Identity Theft: Accounts Stolen vs Accounts Used - Reader Input SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Identity Theft: Accounts Stolen vs Accounts Used - Reader Input
It seems to be the general consensus that very few of the accounts stolen from online scams, keyloggers, and phishing actually ever get used.  By comparing the FTC's data (about 180,000 cases of identity fraud from possible online vectors) with my last year's estimate of how many accounts have been compromised you get about 2% of accounts that have been compromised actually get defrauded (so far).  Assuming I'm full of crap (an assertion I wouldn't dispute) and my estimate was ten-fold higher than reality (an assertion I would dispute), that still means 20% of accounts compromised get used.  Credit card information has a street value, and one estimate I heard was that you get $50 USD per good account.

Two questions for readers:
Do you agree that most of the accounts stolen online never get used?
Why do you think that is?

I'll post a montage of responses later in the day and include my thoughts.
John

260 Posts
ISC Handler
Mar 17th 2006

Sign Up for Free or Log In to start participating in the conversation!