Hackers have fashionable tastes, at least when it comes to using your plastic to pay for luxury goods.
That's what Forter, a San Francisco-based provider of e-commerce fraud prevention and detection services, found in an analysis of more than 3 million transactions between September and November of this year.
Scammers are in the market for diamond necklaces, Fitbits and Apple products, but they aren't necessarily interested in toting the trendiest accessories.
Rather, fraudsters are reselling these products on the web in the "gray market" — where goods are sold through iffy distribution channels — and gleaning even more credit card data from unsuspecting online shoppers, according to Michael Reitblat, CEO of Forter.
"Thieves don't want 100 Michael Kors bags; they want the money," he said.
Here's how scammers have evolved their practices.
The thief will obtain either your credit card data or your sign-in credentials at a merchant's website via the so-called dark web. He or she will then use your information to buy goods to sell on the secondary market.
Afterward, the scammer will promote and resell the products at a discount on his own website. When a buyer purchases an item, he unwittingly gives his credit card details to the thief.
While the buyer often gets the purloined goods, Forter said — the scammer now has his information, and the cycle begins again.
Thieves have also stepped up their marketing game. For instance, they've created websites that mirror those of legitimate merchants, and they use social media to funnel traffic to their pages, where they resell the items they bought with stolen data, Reitblat said.
Scammers have also wised up about the items they're reselling, touting affordable luxury goods with believable markdowns, rather than the most expensive products available.
“If you see a Gucci bag at a 70 percent discount, you’dconsider it fake,” Reitblat said. “But if it’s a Michael Kors bag at a 30percent discount, you’d probably buy it.”
Scammers also love reselling electronics. The top three items in that department are refurbished MacBooks, Android phones, and memory cards.
Today's thief also reinvests his ill-gotten gains toward building an online presence and boosting the site in search engine results.
"If I get a hold of someone's Google [My Business account] or I set up a new account with a credit card, I can start buying ads for whatever I'm trying to sell you," Reitblat said.
The top three areas where scammers spend are search engine optimization, phony likes on YouTube and phishing links to ensnare other victims.
The best way to keep your data out of fraudsters' clutches is to ensure you don't use the same passwords for all of your accounts and double check that your credentials aren't too simplistic.
You should also shop at sites you already know, Reitblat said. Be sure to double check the URL to ensure that it's genuine and not a high-quality fake with a misspelled address.
"Using your kid's name [as a password] is a bad idea," he said. "I can find that out in about two seconds."