The latest research from security vendor Symantec would appear to suggest that cybercrime gangs are now applying drug smuggling techniques to their trade, and are actively using 'malware mules' in order to distribute threats within social friendship networks.
According to the latest Internet Security Threat Report, email accounts are now being sold for just 65p on the underground web black market, and these are then used to distribute spam or malware via people's trusted network of contacts. The advertised prices of email accounts in 2009 ranged between 65p and £13 for each account. Most advertisements listed a flat rate, although some sellers also listed bulk purchase prices such as 30 for £95 or 65p each on bulk purchase. Some advertisements stated that Web space was included with the email account and were listed at higher prices. ISPs often include free Web space along with email accounts as a part of the service, which many people never use. Criminals who compromise these accounts can use the space to host phishing sites or malicious code without the knowledge of the account owner.
These compromised accounts can be used for sending out spam in addition to harvesting additional email addresses from contact lists, taking advantage of the fact that the recipients are likely to trust the validity of a message coming from a known contact.
The stolen personal email account details are advertised on the underground economy on black market forums that are used for the promotion and trade of stolen information and services. What's more, compromised email accounts are also often used to provide access to additional sensitive personal information such as bank account passwords, student identification numbers, mailing addresses and phone numbers as well as passwords to social networking accounts that people often store in saved personal emails. The data could be used to reset passwords, potentially giving the fraudster complete access to personal account and indeed whole identities.
Con Mallon, Security Expert, Symantec, comments: "The growth in sales of email accounts on the underground economy is a worrying trend. If fraudulent purchases are made on your credit card, you're covered by your lender and can usually recoup the money. However, if your email account is hacked who do you turn to? Scarily, scammers could have access to all your passwords for less than a pound".