The dark web, a small slice of the Internet even more secretive and obscure than the deep web, is not limited to the trade in illegal items such as drugs and weapons. With markets specializing in the sale of personal data, the dark web is famous among hackers and cybercriminals, who take advantage of information and files obtained through leaks to profit from scams.
Personal identification documents, bank details, email addresses, and social media profiles are among the information that can be used by criminals for a wide range of purposes, from identity theft to money laundering. In this post, Techidence has listed ten pieces of data about you that may be on sale on the dark web.
Website login credentials
Often used by criminals to apply scams, credential stuffing is a technique that consists of using stolen credentials in services other than those in which they were obtained. With the username and password combinations in hand, criminals use codes that execute mass attacks on websites of interest. Because many people repeat the same login and/or password on multiple services, this data is used to try to access other platforms where hackers can obtain something of value, such as cash, air miles, and expensive goods. The Serasa Anti-Fraud tool lets you know if your email has been exposed on the dark web.
Getting access to personal data has become a frequent target of fraudsters. Cybercriminals can generate large financial losses to the victim from product purchases, financing, credit card applications, and the opening of fraudulent companies, among other actions. This can cause the person’s name to become negative and appear on the Credit Monitoring Service and Serasa lists. If the identity card (ID) is also in the hands of hackers, the chances of being a victim of financial scams are even greater.
Banking information is valuable to dark web criminals. The reason? Access to checking accounts is one of the easiest ways to steal money. According to a survey by the cybersecurity company TrendMicro, the sale price of bank accounts on the dark web is determined by the available balance and usually varies between US$200 and US$500.
Having email for sale on the dark web can generate a big headache. With unrestricted access to the account, hackers can do many things, such as apply phishing scams to people on the contact list, reset the user’s password on other Internet sites, and steal the victim’s identity. This is possible because many people receive invoices via email that contain information such as full name, address, and phone number. If criminals find personal photos in the inbox or of items sent, the identity forgery is complete.
If hackers find airline tickets or hotel booking details in the email, they will know that the person will be away from home for a specified period. Combined with the address obtained from an invoice, this information paves the way for criminals to break into the victim’s home. Email accounts are sold at a banana price on the dark web: from US$0.70 to US$1.20.
Dating Apps Accounts
Hackers use accounts in apps and social networking sites to apply catfish scams. By usurping an existing profile, criminals can take advantage of the trust and intimacy that the person whose account was stolen has already built with the victim to manipulate them and solicit money emotionally. Fraud, however, can go much further: As the FBI alerted in August, some scammers use social networking sites to attract “mules” for money laundering.
Netflix accounts or other streaming services
Many people like to have access to Netflix content, but do not want to pay for the service. If you have a friend like that, s/he probably already asked for your account password. With hackers, it’s no different, except for the fact that they don’t ask permission before they start watching movies and series. On the dark web, accounts from Netflix or other streaming platforms are sold at low prices compared to the monthly subscription fee for the service. If you notice any unusual activity in your Netflix or Spotify history, for example, change the password immediately and log out of all devices.
Airline account login data
Although hackers can use their credit cards to buy airline tickets, this is a tactic that has taken a back seat – at least on the dark web. Because flights – especially international ones – are not cheap, there is a good chance that the bank will block the purchase or alert the victim to the suspicious transaction. That’s why criminals are now more interested in stealing their account login data from airlines. With their credentials, they can spend their accumulated points on mileage programs and decrease the chance of being caught.
PayPal Payment Information
Hackers have a special interest in accounts with payment information. In the case of PayPal, cybercriminals are less attentive to credit cards stored on the platform than to the balance available in the service account. If they can gain access to a particular account and find money available for transactions, the PayPal account is likely to turn into dark web merchandise. The selling price varies depending on the amount available.
It may seem strange to see Fortnite among the items on this list. After all, why would anyone spend money on a free game? The answer lies in accounts with rare items or with special game modes, both of which are unlocked with credit card payments. If hackers get access to accounts with these features, they can sell them on the dark web to interested players. The rarer the items, the higher the price charged.
Fortnite’s account exploitation doesn’t stop there. The game has been used for money laundering. Some criminals use stolen credit cards to buy V-Bucks, the virtual currency of battle royale, directly from the official Fornite store. They then “launder” the money by re-selling the coin on various dark web platforms.
How to Protect Yourself
To protect yourself from knocks and prevent your life from being exposed to the net, it is necessary to take some precautions, listed below:
- Do not expose your data on social networks or sites and platforms that are unofficial, unknown, or seem insecure;
- Keep anti-virus software up-to-date on all your devices;
- Avoid storing personal, banking, or password data in your browser and choose to use password managers, specific programs for this purpose;
- Reduce attention to emails requesting information such as full name and bank account. Check with the sender of the message to make sure it’s not a phishing scam. If necessary, contact the institution in question;
- Use different passwords on each site;
- Give internet banking applications preference over browser-based bank account access;
- Avoid browsing websites without the HTTPS protocol.