Sep 06, 2021 09:00:00

What is a clever hacker's trick to steal information from 100,000 email addresses a day and earn a solid income?

Many people think of large-scale hacking as flashy things that cause huge damage. In fact, in recent years, it is not uncommon for

ransomware attacks to cause billions of yen in damage. Brian Krebs , a prominent security journalist, reported on a cybercriminal group that, unlike these flashy hacks, repeatedly evades the eyes of law enforcement agencies through small, unnoticed thefts.

Gift Card Gang Extracts Cash From 100k Inboxes Daily – Krebs on Security
https://krebsonsecurity.com/2021/09/gift-card-gang-extracts-cash-from-100k-inboxes-daily/

Krebs interviewed security researcher Bill (a pseudonym) who has been monitoring networks used by cybercriminals for many years to investigate hacking techniques that steal small sums from many people over the long term. ..

According to Bill, this type of cybercrime seeks passwords from forums used by hackers and attempts to log in to an average of 5 to 10 million email addresses a day, of which 50,000 to 100,000 inboxes. It is said that it has invaded. Some hacks using email addresses send spam emails or

launch phishing scams targeting specific victims, but the hackers Bill is monitoring do not use such techniques.

Instead, hackers use their own scripts to periodically search the victims' email inboxes and steal data that could be resold. Specifically, data on gift cards and data on loyalty cards of hotels and airlines were often targeted. Data on these private sector benefits and points can be sold online at a price of 80% of their original value, making them more likely to be targeted.

A typical point system aimed at by hackers is the 'health program' developed by health insurance companies. To encourage healthy exercise for employees, some health insurance companies have a system, for example, 'If you do push-ups 30 times a day, you will be given points that can be exchanged for Starbucks gift cards.' Hackers are making a profit by abusing this and applying for a gift card on behalf of the victim. It may also target more direct services, such as Amazon Gift Cards.

by Kanesue

'They're aiming for hard digital assets, not soft data, that is, money sleeping in the victim's inbox. The Internet is a market where people can steal and sell digital assets from their inboxes,' Bill said. It exists above. '

According to Bill, about half of the email addresses attacked by hackers used a protocol called IMAP, which is used in email software such as Mozilla's Thunderbird and Microsoft's Outlook.

'Users can prevent more than 99.9% of account breaches by enabling multi-factor authentication,' Microsoft said in a statement to Krebs, refraining from commenting on individual findings. I answered.