Health insurance credentials raise the cost of identity theft kits on underground marketplaces

Dossiers with health insurance credentials and counterfeit insurance cards cost US$1,200 or more, Dell SecureWorks researchers said

Several underground marketplaces are offering full information packages for sale that contain verified health insurance credentials, bank account numbers, Social Security numbers and other personal information, along with counterfeit physical documents corresponding to the data.

The information packages are known as "fullz" among cybercriminals and cost around US$500 each if they include U.S. health insurance credentials, according to security researchers from Dell's SecureWorks subsidiary who identified several marketplaces where dossiers of this type are being sold.

"Fullz" usually contain full names, addresses, phone numbers, email addresses with corresponding passwords, dates of birth, Social Security numbers (SSNs), Employer ID Numbers (EINs), and financial data such as bank account information, including account and routing numbers, online banking credentials with varying degrees of completeness, or credit card information, including magnetic stripe data and associated PINs.

These information packages can also be accompanied by counterfeit physical documents including credit cards, drivers' license, insurance cards and more, in which case they are called "kitz," the Dell SecureWorks researchers said Monday in a blog post.

"Kitz" usually cost between $1,200 and $1,300, but additional fees of $100 to $500 can be added to expedite orders and to cover the escrow or wire transfer payment commissions, the researchers said.

When sold on their own, health insurance credentials cost $20 each and include the names of those covered by the plan, dates of birth, contract number, group number, type of plan -- individual or group, HMO/PPO, deductible and copay information -- and insurer contact information for customer service and filing claims. Health plans that have associated dental, vision or chiropractic plans cost $20 more each, the researchers said.

Based on computer network information and "tell-tale signs" in usage of the English language in communications, the SecureWorks researchers suspect that the people behind one of the major operations selling this type of information are located in the U.S.

Hackers will steal anything they can sell and health insurance credentials are becoming more valuable as the cost of health insurance and medical services continues to rise, said Don Jackson, senior security researcher with Dell SecureWorks' Counter Threat Unit in the blog post.

According to the company, its Incident Response Team investigated a possible cyber intrusion at a large healthcare firm earlier this year and found over 25 versions of a credential-stealing Trojan program called Gatak on the company's network.

In that particular case it was determined that hackers did not manage to steal any protected health, financial or personally identifiable information, the SecureWorks researchers said. However, other companies might not be as lucky.

Companies should install firewalls around their networks and Web applications, as well as intrusion prevention and detection systems (IPS/IDS) that inspect outbound and inbound traffic for known threats. On endpoints they should run host IPS, an advanced malware protection product and a vulnerability scanner, the researchers said.

Employees should be trained on how to avoid the primary infection vectors when using email and accessing the Web, and their email communications should be encrypted, they said.

Join the CSO newsletter!

Error: Please check your email address.

Tags Dell SecureWorkssecurityIdentity fraud / theftmalwareprivacyfraud

More about DellIPSSecureWorks

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lucian Constantin

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place