Image from Shutterstock
The antivirus company Kaspersky Lab has completed a study of Dark Web markets. As a result, experts found out that cybercriminals can sell the user’s digital life for less than $50. Digital life refers to social media account data, bank details, remote access to servers or desktops, and even information from popular Uber, Netflix, and Spotify services, gaming resources, dating apps, and even adult sites. The price per hacked account averages one dollar. Moreover, discounts are provided for wholesale purchases. Despite the fact that the digital personality is inexpensive, today, it is of some interest to cybercriminals in other respects. In this case, you need to pick the reliable antivirus software; so consider McAfee versus Norton, or choose some other reliable antivirus solutions to protect your digital identity.
What is Digital Identity?
“Digital identity” includes social media accounts, bank details, remote access to servers or desktops, information from Uber, Netflix and Spotify services, gaming resources, dating apps, and porn sites. Kaspersky Lab senior antivirus experts claim that the prices for Dark Web’s “digital identity” are approximately the same around the world. Depending on the personality, they range on average from $50 to $100. On average, you can buy one hacked account for $1. Also, attackers offer discounts for wholesale purchases.
Kaspersky Lab experts concluded that, despite low prices, “digital identity” is a significant asset for cybercriminals. The victim can suffer financial and reputational damage because fraudsters are able to borrow money or commit a crime on behalf of another person.
What Are the Aim of the Criminals?
In case of identity theft, the victim may suffer financial and reputational damage, because attackers are hypothetically able to borrow money or commit a crime on behalf of another person. The most common ways to steal a digital identity are primarily phishing campaigns and exploiting vulnerabilities in programs and applications. After a successful such attack, attackers receive dumps that collectively contain email addresses and passwords for logging into a certain service. It is worth noting that some fraudsters selling user data on a dark network provide customers with a lifetime guarantee: if one account stops working, then instead another will be provided completely free.
Among accounts, the most valuable for attackers are the logins and passwords of users of payment systems, online banks, and cryptocurrency exchanges. Passwords from popular online stores such as Ebay or Amazon are also in demand, because bank cards are usually already tied in users’ personal accounts, which allows criminals to make purchases at someone else’s account, or they use these trading platforms to cash out money from stolen bank cards by buying goods on behalf of others and their further resale. Most credentials are sold at up to $10. Stolen accounts from social networks and other Internet services are sold in batches of several thousand to several million records. Prices for such kits range from tens to hundreds of dollars.
The use of many bots can have a significant impact on the vectors of information dissemination, can be used to promote accounts, and create visibility of popularity. Fake accounts are used not only on social networks. Separate market — confirmed accounts. When they are registered, the owner also provides a mobile phone number and identity documents in some cases. A striking example is the sale of car-sharing accounts. In the future, with their help, crimes can be committed, traffic rules can be violated, allowing the real driver to remain anonymous and unpunished. Platform and social network owners should take more measures to identify
fraudulent and fake accounts. However, according to the assessment, this will not completely stop the trade in “digital personalities” but will only bring the confrontation to a new level, causing an increase in prices due to difficulties.
According to Positive Technologies, data fall into the shadow market in different ways. For example, from attackers who purposefully lure personal information and credentials from users from various services, or from criminal groups that, during a targeted attack on a company, at the same time acquired a database of its customers.