Security News > 2022 > December > Automated dark web markets sell corporate email accounts for $2
Cybercrime marketplaces are increasingly selling stolen corporate email addresses for as low as $2 to fill a growing demand by hackers who use them for business email compromise and phishing attacks or initial access to networks.
Analysts at Israeli cyber-intelligence firm KELA have closely followed this trend, reporting at least 225,000 email accounts for sale on underground markets.
The largest webmail shops are Xleet and Lufix, claiming to offer access to over 100k breached corporate email accounts, with prices ranging between $2 and $30, if not more, for highly-desirable organizations.
Hackers use their access to corporate email accounts in targeted attacks like business email compromise, social engineering, spear-phishing, and deeper network infiltration.
Sales of corporate email access have remained steady in the cybercrime space over the past couple of years, with threat actors on all major hacking forums selling email "Combo lists" to access various firms.
"Logs" are email credentials stolen by info-stealing malware, while "Created" are new email accounts that network intruders created on the breached firm using compromised administrator accounts.
News URL
Related news
- Dark web crypto laundering kingpin sentenced to 12.5 years in prison (source)
- What Is the Dark Web? (source)
- What It Costs to Hire a Hacker on the Dark Web (source)
- Russia sentences Hydra dark web market leader to life in prison (source)
- Russia gives life sentence to Hydra dark web kingpin after seizing a ton of drugs (source)
- Scumbag gets 30 years in the clink for running CSAM dark-web chatrooms, abusing kids (source)