Underground economy servers are black market forums used to advertise and traffic stolen information. The information can include government-issued identification numbers such as Social Security numbers, credit card information, bank accounts credentials, personal identification numbers, email address lists, and email accounts. They can also provide services to facilitate these illegal activities and can include cashiers who withdraw funds from the stolen accounts, scam page hosting, and job advertisements for roles such as scam developers or phishing partners.
Symantec's Report on the Underground Economy shows that there are a wide variety of goods and services being advertised on underground economy servers, and many of these goods and services form a self-sustaining marketplace. Participants in this fraud can obtain goods by a variety of means; credit card and banking information can stolen by phishing schemes, monitoring merchant card authorizations, the use of magnetic card skimming devices, or breaking into databases and other data breaches that expose sensitive information; as well, email addresses can be obtained by downloading the contact lists in hacked email accounts, or even harvested from public areas of the Internet such as social networking sites and public forums, or from personal websites.
The profits from the sale of goods such as credit card information can be re-invested to develop better spam and phishing exploits for obtaining more data. Credit card information was advertised in the underground economy for between $0.10 and $25 USD per card and often sold in bulk packages. Participants can either buy new exploits and scams or hire developers to produce new ones. Not only can they use these spam and phishing exploits and attempts to build up their supply of sensitive information, but they can also sell these improved exploits to others. Also, profits from one exploit can be reinvested and used to hire developers for other scams, used to purchase new malicious code or new phishing toolkits, and so on. Spam and phishing exploits were advertised for an average of $10 or less.
Participants in the underground economy can use email addresses obtained from hacked databases or hacked email accounts in tandem with mass-mailers for sending out substantial amounts of spam or phishing emails. A botherder can program a botnet to automatically distribute spam to thousands of addresses. He or she can also buy email addresses in the underground economy, which were advertised for as little as $0.30 per megabyte of data.
In addition, compromised email accounts will often provide access to additional sensitive personal information such as bank account data, medical or school information, or access to other online accounts (social networking pages, etc.). From there, it is often simple for someone to go online and use the password recovery option offered on most registration sites to have a new password sent via email and gain complete access to these accounts. This danger is compounded by the habit many people have of using the same password for multiple accounts.
For more information about the underground economy, please Symantec's Report on the Underground Economy.