Most of the emails sent out by cybercriminals are designed to trick recipients into downloading malware or visiting websites that are cleverly set up to steal their personal information. However, the crooks sometimes send out emails in an effort to advertise the information stolen from others.
According to Sophos experts, the owners of services that commercialize personally identifiable information send out marketing emails to promote their “products.”
For instance, one particular criminal organization was found to sell bank accounts, credit cards, Card Verification Value (CVV) numbers, social security numbers, and blank credit cards (known as plastics).
On these plastics, customers can write information from the “dumps” they offer – raw data from the magnetic strips of credit cards.
They also offer “fullz,” a term utilized for detailed database records of personal information.
“They're happy for you to be anonymous - indeed, it's paradoxically probably slightly safer for them if they don't know who you are. They only really need to care whether you're an undercover cop or a genuine crook,” Sophos’ Paul Ducklin explained.
It goes without saying that such emails should be avoided. Although the offers sound great because most of the products are sold at tempting prices, those who purchase stolen information can easily end up not just on the crooks’ radar, but also on the one of authorities.