Abstract
Account hijacking, i.e. illegitimately accessing someone else’s personal online account, is on the rise and affects not only financial accounts, but the full spectrum of online accounts. To gain more insight in the illicit act of online dissemination of stolen account credentials, we systematically examined how such credentials were offered on three different types of online platforms where stolen credentials were disseminated and how offers varied by platform. We used web scrapes of these platforms for our comparative analyses. Our results demonstrate variation by platform in the type of information on accounts and account holders offered, the average asking price for credentials, and rules and services following a transaction. We conclude with policy implications and suggestions for future research based on the criminal event perspective.
| Original language | English |
|---|---|
| Pages (from-to) | 551-568 |
| Number of pages | 18 |
| Journal | Journal of Crime and Justice |
| Volume | 42 |
| Issue number | 5 |
| DOIs | |
| Publication status | Published - 20 Oct 2019 |
Funding
This work was supported by the Dutch Research Council (NWO) [Research Talent grant no. 406.17.562]. We thank the anonymous reviewers and editor for their helpful comments on an earlier draft and Lukas Norbutas for prematurely disclosing his dataset so we could analyse one additional platform.
Keywords
- criminal event perspective
- illicit online markets
- Stolen account credentials
- web scrapes
