Yesterday night I was following some security related forums and some person posted a phishing kit for a popular bank from Romania.  A phishing kit is a collection of scripts to help a script kiddie launch a phishing exploit and steal data such as credit card information, passwords.  While looking through the contents of this phishing kit, to my surprise I found a log file containing many valid credit card numbers and other sensitive information. The phishing kit author posted his own kit on the forums but forgot to delete the log file before doing so.

The log file contained the following information:

  • Name
  • Address
  • Town/City
  • Phone Number
  • CNP
  • Credit Card Number
  • Credit Card Expiry Month
  • Credit Card Expiry Year
  • CVV (Credit Card Code)

There is one piece of information that is more interesting than others; CNP.  In Romania every citizen has a Personal Numeric Code (Cod Numeric Personal – CNP), which is created by using the citizen’s gender and century of birth, date of birth, the country zone, followed by a serial number and a checksum.

I’ve quickly made a Python script to parse the CNP data, validate it and extract the interesting information such as gender and date of birth, to get some interesting statistics.  I’ve also computed the CNP checksum to make sure the number is valid and exclude bogus numbers.  Below is what I got:

The first statistic is Male/Female distribution

The following table shows Birth year/age distribution.

Birth year Percent (%) Age
1985 12 25
1987 12 23
1988 10 22
1981 10 29
1983 10 27
1989 7 21
1967 7 43
1982 7 28
1986 5 24
1958 2 52
1992 2 18
1963 2 47
1976 2 34
1977 2 33
1979 2 31
1980 2 30

A quick glance shows that the oldest person has 52 years old and youngest one is 18 years old.


this statistics show that the big majority of people scammed are the younger generation, between 21 and 30 years old.  This came as a surprise to me.

The last table shows distribution based on month of birth.

Birth month Percent (%)
December 17
July 15
September 15
November 10
May 10
June 7
April 7
October 5
March 5
February 2
August 2
January 2


These statistics were constructed using data from a few hundred valid person records, and the phishing scam was targeted at Romanian people.

Bogdan Calin

Acunetix developers and tech agents regularly contribute to the blog. All the Acunetix developers come with years of experience in the web security sphere.