Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Identity Theft: Accounts Stolen vs Accounts Used - Reader Input - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Identity Theft: Accounts Stolen vs Accounts Used - Reader Input
It seems to be the general consensus that very few of the accounts stolen from online scams, keyloggers, and phishing actually ever get used.  By comparing the FTC's data (about 180,000 cases of identity fraud from possible online vectors) with my last year's estimate of how many accounts have been compromised you get about 2% of accounts that have been compromised actually get defrauded (so far).  Assuming I'm full of crap (an assertion I wouldn't dispute) and my estimate was ten-fold higher than reality (an assertion I would dispute), that still means 20% of accounts compromised get used.  Credit card information has a street value, and one estimate I heard was that you get $50 USD per good account.

Two questions for readers:
Do you agree that most of the accounts stolen online never get used?
Why do you think that is?

I'll post a montage of responses later in the day and include my thoughts.
John

248 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!