A picture of your passport sells for $1500 in the dark net

With cybercrime damages projected  by Cybersecurity Ventures to reach $10.5 trillion annually by 2025 (half of the US GDP in 2020), an FBI agent said to the Wall Street Journal that “Every American person should assume all of their data is out there (on the dark web).”

This is not surprising. A recent study asked Americans how much they think cybersecurity is important, and 1 in 5 responded that they don’t care about cybersecurity at all.

Marijus Briedis, CTO of the cybersecurity and online privacy brand NordVPN, adds: “Billions of records are available on the dark web. Cybercriminals even have loyalty programs and discount systems in place ranging from 5% to 30% off for bulk purchases. Dark web is just like Wall Street. The higher the damages the sold data can inflict, the more expensive it is.”

How do cybercriminals make money?

There are three main patterns of how cybercriminals make money out of ordinary people. First, bad actors sell stolen or leaked data on the dark web. Second, they take personal information “hostage” and demand ransom. And, third, they fish out credentials and wipe out bank accounts. There are millions of more ways, of course, but these are the most common.

Dark web prices

“Most of us have a snap of our ID or passport on our phone or cloud storage. Once leaked, it could be used to make a forged document that costs up to $1,500 if you are a citizen of the US, Canada, or Europe. Social Security numbers sell for $70 USD. If you desperately need to have a digital copy of your ID, keep it encrypted and store them somewhere safe” says Marijus Briedis.

Loyalty discounts on Social Security Numbers. Source: Dark web.
Social Security Numbers for sale. Source: Dark web.
Credit card details for sale. Source: Dark web.

Credit card details sell for as little as $1, depending on how much money a victim has in their bank account and how hard it would be to access it. According to the Dark Web Price Index, hacked social media accounts can sell from $49 to $155.

Blackmail is another specialty of cybercriminals

When hackers manage to obtain highly sensitive user data, like intimate photos or compromising conversations, or encrypt documents a victim cannot proceed without, the amount they are asked to pay might greatly exceed their bank account balance. “Hackers drain their victims, make them borrow money, or prey on the data they have for long periods of time to ensure regular payments from the victim,” Marijus Briedis adds.

Unaware clicks on links

The last scenario involves a victim unknowingly giving away their credentials, allowing bad actors to access their bank accounts and jeopardize their lifetime savings.

To avoid falling victim to such schemes, never enter your bank details in online stores that have offers that are too good to be true, and never click on links provided in text messages, because hackers could pretend they are from FedEx, your bank, or a governmental institution.

And, lastly, do not install applications from untrusted sources, as those might be taking snaps of your phone activity and learn your credit card details when you are shopping.

How not to fall victim to cybercrime?

“As the FBI agent said, most probably your data is on the dark web already, so you just have to make sure that nobody can do harm with it. Start simple — change your passwords, even on abandoned accounts. Passwords should be unique and complex. It’s impossible to remember them all, so use a password manager for that. Pay special attention to your cloud services and online bank. Install additional security measures like two-factor authentication,” the cybersecurity expert explains.

To keep your communications from being intercepted, use encryption services like virtual private networks (VPN) and be cautious about what information you share and what links you click on. If you want to find out whether your credentials have been part of a data breach in the past, check out “Have I been Pwned”, it will show whether your e-mail address was in one of these data breaches.

Leave a Reply

Your email address will not be published. Required fields are marked *