Security News > 2022 > December > Automated dark web markets sell corporate email accounts for $2
Cybercrime marketplaces are increasingly selling stolen corporate email addresses for as low as $2 to fill a growing demand by hackers who use them for business email compromise and phishing attacks or initial access to networks.
Analysts at Israeli cyber-intelligence firm KELA have closely followed this trend, reporting at least 225,000 email accounts for sale on underground markets.
The largest webmail shops are Xleet and Lufix, claiming to offer access to over 100k breached corporate email accounts, with prices ranging between $2 and $30, if not more, for highly-desirable organizations.
Hackers use their access to corporate email accounts in targeted attacks like business email compromise, social engineering, spear-phishing, and deeper network infiltration.
Sales of corporate email access have remained steady in the cybercrime space over the past couple of years, with threat actors on all major hacking forums selling email "Combo lists" to access various firms.
"Logs" are email credentials stolen by info-stealing malware, while "Created" are new email accounts that network intruders created on the breached firm using compromised administrator accounts.
News URL
Related news
- Companies mentioned on the dark web at higher risk for cyber attacks (source)
- Dutch police arrest admin of 'Bohemia/Cannabia' dark web market (source)
- Dutch cops reveal takedown of 'world's largest dark web market' (source)
- Bohemia and Cannabia Dark Web Markets Taken Down After Joint Police Operation (source)
- Finland seizes servers of 'Sipultie' dark web drugs market (source)
- Dark web crypto laundering kingpin sentenced to 12.5 years in prison (source)