Published: October 19, 2021 on our newsletter Security Fraud News & Alerts Newsletter.
It may be hard to believe, but sadly it’s true. Security researchers recently discovered an avalanche of stolen banking card data, 1 million of them, available for free on an underground forum called All Worlds Cards card shop, or AW_cards for short. In business for just a few months, 3.8 million bank cards were placed on AW_cards, with more than 2.6 million available for sale. The discovery was made by Group-IB Threat Intelligence & Attribution when their system found the bizarre post on other carding forums. Further findings show the free cards are unique in that they have not previously appeared on other underground forums.
Not Just Free Banking Card Numbers
The details available with these free cards may be unsettling. Although the following data included with these cards is not available for all 1 million, much of it is. It includes card numbers; CVV/CVC code; expiration date; card holder name; city, state, and country; physical address and zip code; email address and phone numbers. This type of data provides opportunities beyond cleaning out a victim’s bank card account. Other cybercrimes like identity fraud and email phishing attacks are made much easier thanks to AW_cards.
Group-IB’s statistics show that 48% of free bank cards are VISA, and 47% are MasterCard. Debit cards made up 77% and 23% are credit cards. Cards available from India made up the most available for free at 22%, while the U.S. is in second with 9%, and Australia follows with 8%. Although some cards were already expired, Group-IB found 97% are still valid.
Are Your Banking Cards Safe?
We can cross our fingers and hope our own banking card info isn’t included in AW_cards’ free-for-all postings, or we can be proactive about it. There are ways to help keep this info close-to-the-vest, and steps to take if it’s too late.
Never share card information on untrusted sites, and check to make sure the lock icon is visible to the left of the address bar, and that the URL begins with HTTPS and not HTTP. The added “S” means it’s secure.
Never store payment card information on websites. Should those sites be compromised, your card data is sure to be as well.
Keep tabs on banking card statements and look for any unusual charges. Make a habit of checking your credit report on a regular basis.
Should you find your card has been compromised, contact your financial institution immediately. Also, consider putting a freeze on your credit. It can be done for free with the big three credit bureaus. Unfreezing a card is also free. Just make sure you freeze it with each one separately.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at email@example.com