By Dancho Danchev
In 2012, we started the “A Peek Inside a Boutique Cybercrime-Friendly E-shop” series, in response to the emerging market segment largely driven by novice cybercriminals relying on ubiquitous E-shop templates to sell their fraudulently obtained assets.
In this post, I’ll profile one of the most diversified (in terms of quantity and type of fraudulently obtained assets) boutique cybercrime-friendly E-shops I’ve come across since the launch of the series.
Sample entry page of the cybercrime-friendly E-shop:
The news section of the boutique cybercrime-friendly E-shop:
The type of fraudulently obtained assets, and their quantity:
As you can see in the attached screenshot, the E-shop is currently offering:
- USA Leads
- RDP MA
- RDP IR
- Leads USA
- IP Panel
- Mixed Leads
- Apple.com accounts
- RDP USA Fresh
- Amazon.com accounts
- Buy.com accounts
- FTP account
- Match.com accounts
- Dell.com accounts
- Overstock.com accounts
- Wallmart.com accounts
Sample of fraudulently obtained assets offered for sale:
Sample inventory listing for Amazon.com accounts:
Sample inventory listing for Wallmart.com accounts offered for sale:
Although the total amount of 658 compromised accounts isn’t a staggering number for the time being, this E-shop remains the market leader in the series of posts profiling this emerging market segment. Although the E-shop is constantly rotating and re-introducing new domains to stay online, it continues to maintain the same customer base, with new customer acquisition practices taking place primarily through spamvertising.
Consider going through related posts profiling the activities of more E-shops selling access to compromised accounts:
- Recently launched E-shop sells access to hundreds of hacked PayPal accounts
- New Russian service sells access to compromised Steam accounts
We’ll continue monitoring this emerging market segment and post updates as soon as new developments emerge.