Just as Black Friday brings some of the year’s best retail shopping deals to consumers worldwide, fraudsters, too, are always on the lookout for the most worthwhile packages when it comes to fraud tools, credit cards and “borrowed” identities. Much like their legitimate real-world counterparts, fraudsters operating in the underground market offer services and various stolen wares and go to great lengths to attract potential customers. The holiday season is no different.

The following are some examples from Brazilian cybercrime circles (which are known to be abundant with fraudulent activity) that make for some jolly stocking stuffers for your everyday cybercriminal:

Figure 1: A mix of 15 compromised credit card numbers, including information about the card holder, sold for about R$250 (about $97) for Black Friday.

Figure 2: Classic, platinum and corporate credit card numbers for sale in batches of 10, costing R$50 ($19).

Figure 3: A fraudster offers mobile devices and gaming consoles for extra-low prices for Black Friday. The products, which were purchased with stolen credit cards, are shipped to a different billing address and picked up by the fraudster’s accomplice. As a final step, the product is sent to the buyer.

This article is based on research by IBM Trusteer’s Threat and Intelligence Group, which comprises leading professionals in malware and intelligence research who detect and analyze new, emerging threats in the modern cybercrime landscape.

more from Intelligence & Analytics

Why Threat Analysis Will Continue to Play a Vital Role in Security

Today, the cybersecurity industry faces many challenges. Highly skilled attackers, a daily flood of data full of irrelevant information and false alarms across multiple systems come in amid a severe shortage of skilled workers. In this industry, performing detailed threat analysis with the data you already have will help protect your business. For that, you need threat analysts. These are…

Unprecedented Shift: The Trickbot Group is Systematically Attacking Ukraine

Following ongoing research our team, IBM Security X-Force has uncovered evidence indicating that the Russia-based cybercriminal syndicate "Trickbot group" has been systematically attacking Ukraine since the Russian invasion — an unprecedented shift as the group had not previously targeted Ukraine. Between mid-April and mid-June of 2022 the Trickbot group, tracked by X-Force as ITG23 and also known as Wizard Spider,…