Credit cards in the crosshairs of cybercriminals, Italy is in the top 20 most affected countries

In 2022, the sharing of compromised email account credentials on the dark web continues to be widespread, particularly cybercriminals who have focused on batches of data that include credit cards and phone numbers.

This information is mainly involved in the circulation of personal data over the internet as it emerges from the latest cyber observatory created by Crave, which aims to analyze the vulnerability of people and companies to cyberattacks and interpret key trends related to data exposed in the open web and dark web environments. The observatory analyzes, in particular, the type of information, the areas in which data traffic is concentrated and the countries most exposed to it, as well as providing some ideas for dealing with cyber risks in an informed manner.

The phone number is often combined with other personal data (such as name and surname or password); In fact, last year the increase in the combination of phone number, name and surname was +4.4%. This data is precious because, in addition to allowing access to many platforms and applications, with the introduction of two-factor authentication into security protocols, it is necessary for illegal access to private profiles.

Also of concern is the main increase recorded compared to last year, which was +10.5%, related to the collection of credit card number with card verification code and expiration date. Obviously, with these credentials, hackers can steal money or terminate operations on the web and dark web.

Overall, the number of alerts sent in 2022 exceeded 1.6 million. Most refer to the dark web, where 1.5 million alerts were logged, compared to 106,000 alerts on the open web.

Although the total number of alerts is declining (1.8 million alerts were recorded on the dark web alone in 2021), the CRIF Observatory shows that the intensity of alerts sent in 2022 has increased compared to the previous period. In fact, alerts about the discovery of hacked accounts, phone numbers, and tax codes have increased.

In Italy, the proportion of alerts sent to users on the dark web is 83.7%, while only 16.3% of users are alerted by data collected on the public web.

More data at risk

Among the different categories of data that are attacked, Individual or company email addresses (first), passwords (second), and phone numbers (third) They are the ones that spread mainly on the dark web and are therefore most vulnerable. Compared to 2021, usernames drop to fifth place, and phone numbers, first and last names (fourth) are omitted.

It is even interesting to note the main groups of data collected: emails are most often associated with a password (90.5% of cases); Just as passwords appear frequently with usernames (71.7%). In terms of credit card data, the CVV number and expiration date are also frequently found in addition to the card number (98.1% of cases), up from 2021.

The purpose of using the most discovered accounts

Through qualitative analysis of the contexts in which the data is handled, the accounts have been categorized according to the purpose of use.

Most accounts discovered from entertainment (37.2%) especially accounts Online games and dating (online dating sites). Also, esports platforms require a paid membership, so account theft can result in financial loss.

In second place is theft of accounts Forums and websites (28.4% of discovered accounts) up +23.6%.

There was a sharp increase (+125.8%) in account theft Social media (25.7% of accounts detected) such as Facebook, Twitter, Instagram and LinkedIn which can lead to fraud and identity theft attempts with serious consequences for the victim.

Entertainment and live broadcasting decreased compared to 2021, the year in which the number of active accounts in these categories increased after the epidemic, which also attracted the attention of hackers.

Where is credit card information stolen?

A ranking of the continents most vulnerable to the illegal exchange of credit card data sees North America leading, up +34%, followed by Europe overtaking Asia, while South America overtaking Africa. At the bottom of the ranking is Oceania. In particular, an increase in credit card theft is observed in Europe and America.

A ranking of the countries most likely to share credit card data takes the lead United States, Russia, United Kingdom, Brazil and India. Other countries that closed out the top ten are Canada, France, Spain, Japan and China.

Italy is still in the crosshairs of the pirates

Scroll through the ranking of the most countries Prone to credit card credential theft, Italy ranks 14th in the world rankings. Moreover, thanks to the ranking of the most caught emails on the dark web, and provider locating, the .it domain is the sixth most affected domain by online password theft.

The most affected population groups are those over 60 years old (25.6%), 41-50 years old (25.7%) and 51-60 years old (25.4%). Men account for the majority of users alerted by CRIF personal data protection services on the web (63.2%).

The geographic areas where the most people are alerted are the North (37.8% overall) and the Center (36%), but relatively speaking, it is the residents of the South and Northeast who receive the most alerts.

In particular, the regions where the most people are alerted are Lazio (21.1%), Lombardy (14%) and Campania (7.9%), but relatively speaking, it is the residents of Sicily, Molise and Umbria who receive the most alerts.

Also in Italy in 2022, the types of data most frequently collected on the open web, and therefore accessible to everyone on the Internet, are email (46.7% of data collected) and tax code (34.5%) – albeit down from the total compared to 2021 – followed remotely by phone number (11.5%), username (3.7%), and address (3.7%). The last three models are growing in percentage compared to last year, above all the phone number and the address.

On the dark web, on the other hand, email credentials are frequently discovered in 2022; In second place is the phone number, while the tax code is placed in the last step of the platform: this precious data can be used to attempt to commit fraud, for example through phishing or phishing.

“The danger of a phishing attack or data theft always lurks. CRIF aims to spread greater awareness about the topic of phishing among youth and adults alike, and to promote educational initiatives on the topic of the Internet, such as the game Cyberninja. A few months after the game’s launch, results indicate that Young adults are the ones who identify with phishing attempts more often and score the highest. On the other hand, millennials and adults are rated medium, while the 64-year-old group is more likely to have phishing problems, and scores the lowest” explains Beatrice Rubini CRIF Executive Director.

For all news related to computer security, we refer you to this section of our site.