Phished PayPal accounts selling on the criminal underground for $0.50 apiece


Security researcher Brian Krebs got a look at the auction prices at iProfit.su, a criminal marketplace where you can buy hacked and phished PayPal accounts; he discovered that the going account for 100 zero-balance verified PayPal accounts is a mere $50 — that's 50 cents per account.

Accounts are sold with or without email access (indicated by the "email" heading in the screenshot above): Accounts that come with email access include the username and password of the victim's email account that they used to register at PayPal, the site's proprietor told me via instant message. The creator of iProfit.su told me the accounts for sale were stolen via phishing attacks, but the fact that accounts are being sold along with email access suggests that at least some of the accounts are being hijacked by password-stealing computer Trojans on account holders' PCs.