65,000 Australian bank and credit cards are being sold on the dark web

New research from NordVPN has analysed six million payment card details found for sale on the dark web, of which 65,000 belong to Australians. Australia was the 10th most affected country, with calculations putting us as the second most at-risk nation for hacking.

Of the 65,000 leaked Australian payment card details, around 30,000 were Visa cards, 25,000 were Mastercard, and just under $4,000 were American Express.

In almost a third of cases, the data for sale also included personal information such as home address, phone number, email address and date of birth.

Worringly, the average price of an Australian payment card was just $9.82.

"Australian payment cards are cheap because there is a larger supply of Australian cards available on the dark web," NordVPN cybersecurity advisor Adrianus Warmenhoven explains.

"The country’s card penetration, sizable population, and strong economy make it a very appealing target for criminals. With a significant number of Australian cards available, competition among sellers drives down the prices to attract buyers."

Previously, hackers have relied heavily on brute force attacks (i.e. guessing a credit card number and CVV) in order to gain access to their victims' payment details.

However, 58% of the cards found during NordVPN's research was sold alongside other sensitive data, such as home addresses and email addresses, which, according to Warmenhoven, are "impossible" to brute force.

"We can therefore conclude that they were stolen using more sophisticated methods, such as phishing and malware," he says.

So, how can consumers protect their payment card details and other sensitive personal information online? Warmenhoven recommends taking the following precautions.

• Use unique passwords for each account, ensuring passwords are at least 20 characters long and include a combination of letters, numbers and symbols. An easy way to keep track of complicated passwords is via a password manager.
• Use your bank's official app and avoid linking your payment data to third-party budgeting and financial tracking apps. Some banking apps will even inform you of transactions in real time, allowing you to monitor for anything unusual.
• Check regularly for data breaches. Companies may inform you from time to time that your data was involved in a data breach. When this happens, change your username and password immediately, along with the login details of any other account you've reused those credentials with. You can also check the website Have I Been Pwned to see if any of your logins have been compromised.
• Use anti-malware software. It's worth investing in quality antivirus software, as it will scan any downloads for malicious files that may be attempting to acquire your data.