Criminals are selling the bank details of over 160,000 Britons on the dark web – for just £4.61 each.
Many come bundled with a ‘treasure trove’ of other sensitive information, including home addresses, phone numbers and National Insurance numbers.
Cybersecurity specialists NordVPN said victims were likely to have been hacked without their knowledge and were now at serious risk of identity fraud.
A trawl through illegal online marketplaces by researchers found the UK had the most stolen card details than any other country in Europe.
They were third globally behind the US and India – despite having a fraction of their populations.
Criminals are selling the bank details of over 160,000 Britons on the dark web – for just £4.61 each (stock image)
One in ten people in the UK – around five million overall – are defrauded every year via their debit or credit card, previous research has found.
Victims lost on average £833 – however they are usually protected by their banks if it the payment was deemed ‘unauthorised’.
Overall, NordVPN found 164,143 British card details overall were listed on the dark web.
This is almost as many as the next two biggest European victims, France (97,032) and Italy (78,676), put together.
Just over half of these were debit cards and around a third were credit cards. They were sold for £4.61 on average each – a fifth lower than the global average of £5.61.
Adrianus Warmenhoven, a cybersecurity expert at NordVPN, says: ‘The card numbers found are just the tip of the iceberg when it comes to payment fraud.
‘This is a crime with a huge ripple effect and the extra information being sold makes it far more dangerous as a skilled criminal can use these to acquire more personal details.
Overall, NordVPN found 164,143 British card details overall were listed on the dark web. This is almost as many as the next two biggest European victims, France (97,032) and Italy (78,676), put together
‘Once an attacker has obtained the victim’s name, home address and email, they may even abuse legal methods, such as using the GDPR, to go further with identity theft or other malicious activities.
‘In the past, experts linked payment card fraud to brute-forcing attacks — when a criminal tries to guess a payment card number and security code to use their victim’s card.
‘However, most of the cards found were sold alongside the email and home addresses of their victims, which are impossible to brute force. We can therefore conclude that they were stolen using more sophisticated methods, such as phishing and malware.’
NordVPN’s Card Fraud Risk Index measures how likely payment information is to appear on the dark web, in proportion to factors like a country’s population and cards in circulation — along with the risks of it being sold with additional identifying data.
The UK ranked 22nd place on the index, with Malta, New Zealand and Australia the three most at-risk nations.
Russia finished bottom of the risk index, indicating the country was primarily a perpetrator rather than a victim of card fraud.
This post first appeared on Dailymail.co.uk
