ITALY 5TH COUNTRY IN THE WORLD FOR E-MAIL ACCOUNT THEFT
- E-mail accounts are among the most commonly stolen data on the dark web, and e-mail services such as Gmail, Yahoo and Hotmail are in the Top 10 globally.
- Credit cards: Italy ranks 15th on the list of countries most subject to illicit data exchange. In 95.5% of cases, the stolen card data is complete.
- The amount of stolen personal data on the dark web increased by a total of 17.9% in the first six months of the year.
In the first six months of 2023, fraudulent activity by hackers around the world continued to increase. The number of accounts whose credentials were compromised increased significantly, often in combination with other data that is extremely valuable to hackers. As a result, the number of alerts sent relating to data on the dark web also grew, totaling 911,960. This represents a 17.9% increase compared to the second half of 2022. On the other hand, the number of alerts sent relating to data on the open web was more than 45,600, down 26.9% compared to the same period.
These are some of the main findings of the latest edition of the CRIF Cyber Observatory, which looks at the vulnerability of individuals and companies to cyber-attacks and interprets the main trends concerning data exchanged in open web and dark web environments, the type of information, the areas in which data traffic is concentrated, and the most exposed countries.
“The findings from the Cyber Observatory give cause to reflect on the risks related to the circulation of our data online. In particular, contact information and account credentials are becoming increasingly attractive to fraudsters, facilitating scams and identity theft. Indeed, if criminals manage to get hold of multiple pieces of personal data that help complete a victim's profile, they can design their attacks better, using social engineering techniques.
Another threat that is growing significantly is ransomware, especially in relation to companies. Through double extortion, not only does a company suffer the theft and compromise of its sensitive information, but the risk of company details being spread on the dark web also increases”, explained Beatrice Rubini, CRIF Executive Director.
The most commonly stolen data type on the web
Analysis of the data from the first half of 2023 shows that e-mail addresses are the most common category of data circulating on the dark web and therefore more vulnerable to hackers. These are followed by passwords and usernames in second and third place, then postal addresses and telephone numbers. When it comes to the theft of e-mail accounts, one of the countries most affected globally is in fact Italy, which is ranked 5th, after the USA, Russia, Germany and Bulgaria, and higher than Brazil, the United Kingdom, Poland, Japan and Canada.
In addition, among the data found to be most frequently circulating on the dark web are e-mail service account names - with Gmail, Yahoo and Hotmail in the top 3 places in the ranking - followed by dating sites, telecommunications services, and health and fitness accounts.
A qualitative analysis of the domains shows that the e-mail accounts detected on the dark web refer to personal accounts in 90.7% of cases, while in the remaining 9.3% of cases they are business accounts, with an increase of 3.7% in the latter case compared to the second half of 2022.
Together with e-mail addresses, the Cyber Observatory data shows that telephone numbers have also become increasingly valuable personal information that needs to be better protected, because they allow the victim’s profile to be completed. In fact, the combination of this with a password was detected in 29% of cases. This exposes victims to the possibility of receiving more credible fraudulent messages, such as those relating to the authorization of fake payments or blocked accounts. Often these smishing messages (SMS phishing) contain malicious links that encourage victims to click and provide additional data to the fraudsters, allowing them to geolocate victims’ devices and reconstruct their identities. Another very dangerous type of attack is known as SIM swapping, which involves obtaining the victim’s phone number to allow fraudsters to access certain services without the victim’s consent (bypassing two-factor authentication).
As a result, telephone numbers play a key role and, when combined with passwords, increase the vulnerability of victims. Indeed, this combination of data theft more than tripled compared to the second half of 2022, with an increase of 372%. In addition, among the main combinations of data collected on the dark web, e-mail addresses are very often associated with a password (92.3% of cases), just as passwords very often appear with usernames (62.5%).