Credit cards in the sights of cyber criminals: Italy in the Top 20 most affected countries

In 2022, the proliferation of the exchange of compromised email account credentials on the dark web continued, with hackers particularly targeting data combinations that include credit cards and phone numbers.

This type of information is the most commonly involved in the online circulation of personal data, as seen from the latest CRIF Cyber Observatory, which aims to analyze the vulnerability of individuals and companies to cyber-attacks and to interpret the main trends affecting data exposed in open web and dark web environments. Specifically, the Observatory analyzes the type of information, the areas in which data traffic is concentrated and the most exposed countries, as well as offering some hints on how to mitigate cyber risk.

Phone numbers are often combined with other personal data (such as first name and last name, or passwords); in fact, last year, the increase in the combination of phone number with first name and last name was +4.4%. This combination is valuable because, in addition to allowing access to many platforms and apps, with the introduction of 2-factor authentication in security protocols, it is essential for unauthorized access to private profiles.

Also of concern is the highest increase compared with the previous year, +10.5%, relating to the combination of credit card numbers together with the cvv and expiry date. Obviously, hackers can use these credentials to steal money or carry out transactions on the open web and dark web.

Overall, the number of alerts sent in 2022 was more than 1.6 million. Most of these related to the dark web, where 1.5 million alerts were registered, compared to 106,000 alerts on the open web.

Although the total number of alerts decreased (in 2021, 1.8 million alerts were recorded on the dark web alone), the CRIF Cyber Observatory shows that the severity of alerts sent in 2022 increased compared to the previous period. In fact, alerts relating to the discovery of compromised accounts, phone numbers and tax codes increased.

In Italy, the share of alerts sent to users regarding data on the dark web reached 83.7%, while only 16.3% of users were sent alerts for data found on the open web.