Cybercriminals Use Bots to Steal Active Pharmacy Accounts and Resell Prescriptions

Kasada, an advanced bot prevention solution provider, has published research by its threat intelligence team about a new, illegal use of bots - to steal pharmacy accounts and resell prescriptions on a secondary market for in-demand substances, like Oxycodone. Researchers have also identified an acceleration in this activity: over the past 60 days, the number of stolen pharmacy accounts available for sale has increased by 5x.

In April 2022, Kasada threat intelligence first observed the use of credential stuffing to attack pharmacies, steal active customer accounts, and exploit the distribution of prescribed medications. Credential stuffing is an automated attack where cybercriminals use lists of stolen or leaked usernames and passwords to try and login to various accounts. Once they are successful, they take over accounts (ATO) and either sell them or exploit them by making fraudulent transactions.

This illegal activity puts medications in the hands of people who don’t have a prescription from a doctor. As such, it enables substance abuse. It also takes prescribed medications away from the people who legitimately need them.

“This is one of the boldest, most egregious and dangerous uses of bots we’ve ever observed,” said Sam Crowther, founder and CEO of Kasada. “Because the automated tools used for these attacks are so readily available and affordable, and because the sale of stolen usernames and passwords has never been more lucrative, it is easy to see why this type of theft is growing in popularity.”

Key Findings:

  • Tens of thousands of stolen online pharmacy accounts are currently available for sale on underground marketplaces.

  • These marketplaces offer stolen accounts from both physical and online-only pharmacies, many from the top 10 U.S. pharmacies.

  • Over the past 60 days, the number of stolen pharmacy accounts for sale has increased 5x.

  • Sellers offer access to legitimate prescriptions for controlled and highly addictive substances, such as Oxycodone.

  • The price for a stolen account ranges from the cost of an insurance co-payment, to several hundred dollars.

  • Based on the volume of transactions over the past 30 days, it is estimated that a single operator can make over $25,000 per month selling stolen pharmacy accounts.

  • Stolen accounts often come with a guarantee - if the login or card on file doesn’t work, the provider will replace it with a new account.

To see the full report and learn exactly how this newly observed type of fraud works, click here.

“By bringing this malicious activity to light, Kasada strives to raise the visibility of this often unseen and deceptive fraudulent activity and help stop criminals that exploit these vulnerabilities,” added Crowther.

Kasada’s modern, proactive approach to stopping bots adapts as fast as the attackers working against it, in contrast to reactive bot management systems that rely on static and poorly obfuscated defenses. The company recently announced enhancements to its anti-bot platform, maintaining the company’s position at the forefront of defending against the latest and stealthiest automated threats. Its latest release also addresses the growing prevalence of Solver Services, which are API-as-a-service tools created to bypass the majority of bot management systems and conduct automated attacks such as credential stuffing.


###