Here’s how much your login credentials are worth on the dark web

FeaturedMoney

Written by:

 

If you think there’s only a slim chance that fraudsters might steal your login credentials and use them for financial fraudidentity theft and other criminal activities, it’s time for a wake-up call.

 

More than 15 billion login credentials are for sale on any given day on the dark web and other underground markets that sell tools and information for fraud and identity theft, according to “Why Your Social Security Number Isn’t as Important as Your Log-In Credentials,” a report from the Identity Theft Resource Center (ITRC).

 

Stolen login credentials can also be the cause of corporate and small business data breaches and cyberattacks.

In fact, in 2021, one stolen password that wasn’t protected by multifactor authentication (such as a code sent that must be entered to access the account) allowed hackers to launch a cyberattack against Colonial Pipeline that shut down deliveries from Gulf Coast refineries to major markets on the East Coast, according to Reuters.

 

“Identity thieves want login credentials,” says the report. “They make more money defrauding businesses with ransomware attacks and phishing schemes that rely on poor consumer behaviors than traditional data breaches that rely on stealing personal information.”

What are the going rates for login credentials?

Depending on the type of account login, high-value credentials sell on the dark web for as much as $500 to $140,000 each, according to “From Exposure to Takeover,” a report from digital risk security provider Digital Shadows.

Here’s a rundown of the prices for stolen login credentials, according to Digital Shadows :

  • Email administrator: $500 to $140,000
  • Bank and financial accounts: $70
  • Antivirus programs: $21
  • Video and music streaming services: $15
  • Social media accounts: $10 or less

“Most credentials belong to consumers, and cybercriminals give away many for free,” according to the Digital Shadows report.

Ways that criminals steal login information

In addition to data breaches, your login credentials could be stolen in a number of ways, according to cybersecurity software company SentinalOne, including:

Credential stuffing

Hackers test databases and lists of stolen login credentials against multiple accounts to find a match.

Phishing emails and texts

Criminals pose as legitimate businesses to trick users into supplying their login credentials.

Password spraying

Hackers use a list of commonly used and easy-to-crack passwords such as 123456, password 123, batman, letmein and others against a user account name.

Keylogging

Malware keyloggers record your every keystroke to obtain login credentials for bank accounts, credit cards, digital wallets and other secure online forms.

Local discovery

Someone else sees a password you wrote down in a notebook, on a scrap of paper or elsewhere and uses it to access an account or multiple accounts.

How to protect your login credentials

Taking the following steps can help protect your login credentials against being stolen:

  • Use multifactor (code sent to phone, fingerprint, facial recognition, etc.) on all accounts.
  • Use only secure networks — avoid using public Wi-Fi, for example — and a virtual private network (VPN) to keep hackers, identity thieves and spammers from seeing your online activity.
  • Stay on top of all software updates.
  • Use at least a 12-character password on all accounts so they’re harder for hackers to crack.
  • Never click on links in phishing emails or text messages.

This article originally appeared on Debt.com and was syndicated by MediaFeed.org.

More from MediaFeed:

50 ways to avoid hackers over the holidays

 

The holiday season is the most wonderful time of the year for scammers. And like everything else in 2020, these next few weeks promise to be a disaster.

According to Adobe Analytics’ recent holiday forecast, online sales are projected to surge 33% year over year to a record $189 billion as “Cyber-week turns to Cyber-months” amid the ongoing COVID-19 pandemic.

This prolonged season of online shopping (and stress) will provide ample opportunity for phishers, smishers, vishers and identity thieves to pilfer your valuable personal and/or payment information. So, whether you plan to shop on the web or a brick and mortar store, extra vigilance is warranted. Here are 50 ways to avoid getting scammed during the holidays — and beyond.

 

AntonioGuillem / istockphoto

 

Credit cards offer markedly better fraud protections than debit cards, which connect directly to your bank account. Many credit cards also offer ancillary protections, like purchase protection, price protection and extended warranties.

 

Farknot_Architect / istockphoto

 

Mobile payment platforms, like Apple Pay and Google Pay, use advanced technology, like fingerprint authentication and tokenization (in which credit card account numbers are replaced by randomly generated numbers) to provide brick-and-mortar shoppers with an added layer of security. Virtual credit cards similarly allow online shoppers to mask their financial accounts.

 

DepositPhotos.com

 

No matter your payment of choice, check bank and credit card statements daily for suspicious or erroneous charges.

 

artisteer / istockphoto

 

Many financial institutions offer free transaction alerts that notify you when charges hit your account. These alerts can help you quickly spot fraud.

 

DepositPhotos.com

 

If you notice something that shouldn’t be on your bank or credit card statement, call your bank, credit union or credit card company immediately to dispute it. Immediately cancel all compromised cards and request replacements.

 

Milkos

 

Never provide your payment information to anyone who calls you. Instead, hang up and contact the company directly to handle all transactions.

 

DepositPhotos.com

 

Be similarly wary of turning over your address, phone number or, worse, Social Security number, to unsolicited callers. (It’s worth noting that there’s no reason a legitimate retailer would need that last one — the skeleton key to your identity — to process a purchase.)

 

KenTannenbaum/istockphoto

 

Make sure your smartphone, tablet and laptop are password-protected, particularly if you’re in the habit of carrying them around wherever you go.

 

DepositPhotos.com

 

Popular browsers, like Safari or Firefox, frequently issue updates to protect against scams. (Think of Google Chrome blocking you from visiting a suspicious website.) Make sure you have the latest version to protect yourself against new or emerging threats.

 

DepositPhotos.com

 

Protect yourself from malware by purchasing, updating, and upgrading antivirus software. Malware is malicious software designed to harm devices or glean data to commit identity-related crimes.

 

Stick to shopping when connected to your private Wi-Fi network as public Wi-Fi is a hotbed for criminal activity any time of year.

 

DepositPhotos.com

 

If you have to connect to the internet using a public network, do so with a virtual private network. VPNs encrypt data, making it much harder to intercept when transmitted through a shared or suspect internet connection.

 

Depositphotos

 

Keep purchases concentrated to a one-to-two week window, if possible. Shop at reputable and recognizable retailers.

 

DepositPhotos.com

 

If you’re shopping at a retailer that is new to you, research the company’s standing on the Better Business Bureau website. You can also check a site’s status via Google’s Transparency Report tool.

 

DepositPhotos.com

 

Scammers aren’t exactly known for their five-star ratings. If a purported company has a bevy of bad reviews — or no reviews at all — consider that a cue to take your business elsewhere.

 

DepositPhotos.com

 

Minimize the odds of getting price-gouged by legitimate and illegitimate retailers alike by comparison-shopping across trusted websites before making a purchase.

 

DepositPhotos.com

 

While shopping, check that a website url starts with “HTTPS” (vs. HTTP). This designation signifies that the site has a Secure Sockets Layer (SSL) certificate. SSLs ensure all data is encrypted.

 

DepositPhotos.com

 

A green or gray padlock icon in your browser’s address bar also indicates that information, like credit card numbers, is encrypted when transmitted.

 

DepositPhotos.com

 

Typos are a surefire sign of fraud. Check urls for slight modifications to a popular retailer’s name. (Think “amazn.com” or “banofamerica.com”.) You can hover your mouse over links in emails to see full urls without having to click on them.

 

DepositPhotos.com

 

A strong password contains a random collection of uppercase and lowercase letters, numbers and symbols or a series of disassociated words, numbers and characters.

 

filistimlyanin / istockphoto

 

Never use duplicate usernames or passwords across any of your online accounts to limit your exposure in case of a data breach.

 

istockphoto

 

Conduct a password audit before you start your holiday shopping — and after, to decrease the odds of getting hacked after the holiday season is over.

 

Credit: Tero Vesalainen / istockphoto

 

Most online accounts allow users to enable two-factor authentication, or 2FA, which requires someone to login in with a password and a secondary credential, like a one-time code sent to a cell phone. Consider 2FA the equivalent of a lock on your front door: It won’t guarantee protection for your possessions, but it will provide a fair amount of security with minimal effort.

 

DepositPhotos.com

 

Online auto-pay options or auto-fill settings are certainly convenient — but they’re also risky, leaving your credit or debit card information vulnerable to thieves if they compromise whatever protections you have in place.

 

DepositPhotos.com

 

This fine print can provide valuable information regarding the data a site collects, how it’s protected, how they use it and who else has access to it.

 

Depositphotos

 

Malvertising occurs when criminals hide malicious code in ads on legitimate websites. Common schemes include pop-ups advertising free goods or services in exchange for filling out a survey or warnings that your device has been infected.

 

DepositPhotos.com

 

You can minimize exposure to malvertising by using an ad blocker, disabling Flash and Java and keeping all software systems updated.

 

Alina Rosanova / istockphoto

 

If you walk into a store, keep your purse and/or wallet close. Never leave it in your shopping cart, car or even a back pocket.

 

TongTa // istockphoto

 

Be equally vigilant about traveling light: Carry one card for charging your holiday purchases. Leave cash, your checkbook and your Social Security card at home (in a secure location, of course).

 

DepositPhotos.com

 

Thieves are known to install skimmers, devices intended to pilfer payment information and PIN codes, wherever and whenever possible. To mitigate risk, avoid non-bank ATMs, particularly if they’re outside or in areas with little foot traffic, and scan all machines for signs of tampering.

 

DepositPhotos.com

 

Memorize your PIN number instead of writing it down on your card or keeping it in your wallet. Never let a store clerk enter your PIN code for you. Do it yourself. Place a sticker over your credit card’s CVV code, that tiny three-digit number on the back of your card at the end of the signature box.

 

Deposit Photos

 

Compare the totals to the charges that appear on your credit card statements.

 

industryview / istockphoto

 

Criminals often steal account codes from gift cards that are easily accessible, so look for signs of tampering before purchasing one. It’s advisable to purchase gift cards close to Christmas and encourage recipients to use them right away.

 

CentralITAlliance/istockphoto

 

There’s a chance the unsolicited offer in your inbox is a “phishing” scheme. “Phishing” occurs when a scammer poses as a legitimate company or website in an attempt to get their targets to click on a link that prompts them to enter personal information or downloads malware onto their devices.

 

DepositPhotos.com

 

Retailers will never send an unexpected attachment. If you receive an email from a seemingly legitimate retailer that contains an attachment, close the email and call the retailer directly.

 

DepositPhotos.com

 

Phishing schemes don’t only travel by way of email. Avoid clicking on links in unsolicited texts, especially if the deal they’re touting seems too good to be true.

 

DepositPhotos.com

 

In one of the tried-and-true scams of Christmas, fraudsters phish by sending their targets texts or emails about “delivery issues” or false-shipping notifications. Contact the sender directly if you get one of these communications.

 

DepositPhotos.com

 

Avoid delivery issue scams by tracking your shipments via confirmation emails or password-protected online accounts.

 

DepositPhotos.com

 

Dissuade porch pirates from stealing deliveries by installing a security camera or smart doorbell.

 

Depositphotos

 

Security cameras are a deterrent, but not a failsafe. Thwart thieves by having items shipped to a nearby store that offers contactless curb-side pickup. You can also have packages held at your local post office or, for example, stored in an Amazon Hub Locker.

 

arlutz73/istockphoto

 

Steer clear of freebies, discount codes, e-vouchers and sweepstakes making the rounds on social media. They’re often designed to harvest valuable personal information.

 

DepositPhotos.com

 

Back in 2016, hundreds of fake retailer apps flooded Apple’s App Store just in time for the holiday shopping season. The apps were ultimately removed, but scammers are still known to slip into the App Store or Google’s Play Store from time to time. You can avoid downloading a counterfeit app by checking the developer’s or company’s name for misspellings or typos, reading reviews and accessing the app via the company’s official website.

 

DepositPhotos.com

 

They are a scammers’ modus operandi. Be equally dubious of any sellers or resellers asking you to pay via a gift card.

 

BrianAJackson / Getty

 

Scammers will tug at your heartstrings via charity scams at all times of the year, so pause before giving. Instead, visit the organization’s website by manually typing in its URL or using search to find the link. You can also use Charity Navigator to confirm an organization’s authenticity.

 

LemonTreeImages / istockphoto

 

It bears emphasizing: You can skirt most online shopping scams by ignoring unsolicited links and verifying any deals, steals and promotions directly with the retailer.

 

Choreograph / istockphoto

 

Identity thieves make a living piecing together profiles or figuring out passwords by looking at photos, geolocational data or other seemingly innocuous information shared via social media platforms.

 

DepositPhotos.com

 

Online wish lists are designed to let your friends and family know what you want for Christmas, but they also provide scammers with an aggregate of your interests. Resist the urge to create one — or, if you must, adjust your privacy settings so that only particular people can see it.

 

Depositphotos

 

A best practice any time of the year, never discard full bank or credit card statements in the trash. Identity thieves go through garbage in the hopes of obtaining payment or personal information.

 

PhotoBlink / istockphoto

 

Unfamiliar accounts on your credit report could be a sign of identity theft. You’re entitled to a free credit report from each major credit reporting agency every twelve months — and due to the COVID-19 pandemic, the bureaus are offering free weekly online reports through April 2021. You can request these reports from AnnualCreditReport.com.

 

Depositphotos

 

Spread awareness by reporting any scams you encounter to the Federal Trade Commission. If you fall victim to fraud, file a police report and register a complaint with the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3).

Identity-related crime doesn’t have to ruin your holidays or your life. Many insurance companies, financial services organizations and employers offer cyber and identity protection products and services as a perk of your relationship either for free or at a deep discount.

Before you have a problem, it’s a good idea to contact your insurance agent, bank or credit card rep or the HR Department where you work to find out if they offer it, if you are already enrolled and if not, what you need to take advantage of it.

This article originally appeared on AdamLevin.com and was syndicated by MediaFeed.org.

 

ismagilov / istockphoto

 

Featured Image Credit: tsingha25/iStock.

AlertMe