Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now
  • Blog
    • /
  • Phishing
    • /
  • What’s the Information Stolen in a Phishing Attack Really Worth?

What’s the Information Stolen in a Phishing Attack Really Worth?

Stu Sjouwerman | Sep 29, 2020

phishing attack credentialsOnce a scammer tricks their victim out of web credentials, credit card details, or online access to a bank account, the details collected are worth plenty by simply selling them on the dark web.

The cybercriminal industry is much like regular businesses; each one specializes in a particular product or service and has no interest in doing “everything”. For example, when a phishing attack successfully yields online credentials to Office 365, in many cases, the credentials are sold by the initial attacker, rather than utilized by them to further launch attacks.

Why? Because it’s a lot easier to make a quick buck and repeat the process using automated tools than to develop a complex multi-step attack campaign.

According to the 2020 Dark Market Report: The New Economy report from security vendor Armor, those stolen details are worth quite a bit on the dark web:

  • A credit card in the US can fetch as much as $12. One in the EU is worth as much as $35.
  • The value of cloned ATM cards are based on the bank account balance. For example, the ATM card associated with an account worth $10K in it would be worth between $600-800.
  • Paypal account credential values follow the account’s balance, with credentials to a $1000 account valued at $100.
  • Even social media accounts have value, with Twitter leading the pack at $16 per account

In every case above, the details purchased are used to then be used by the next bad guy. It’s an ecosystem where many cybercriminals have found a way to plug themselves in by simply doing the work of fooling victims into giving up information and then selling it off to the highest bidder.

Phishing attacks remain one of the most prevalent ways attackers steal these details. Teaching user to be vigilant while at work and home (which, for many, is the same place today) is a necessary step using new school Security Awareness Training. Those that undergo training are mindful of the potential harm an email or website can cause and are constantly watching for anything that appears to be abnormal, suspicious, or downright malicious in nature – avoiding the attack and keeping their details secure.

Topics: Phishing

Discover Your Organization’s Phish-prone™ Percentage

Ninety-one percent of data breaches begin with spear phishing. Launch our Free Phishing Security Test for up to 100 users to uncover your team's vulnerability and see how your security posture stacks up against industry benchmarks.

Get Your Free Phishing Security Test

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

Stu Sjouwerman

ABOUT STU SJOUWERMAN

Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

Read more from Stu »

Subscribe the KnowBe4 Blog

Posts By Topic

View All