Password Value

Stolen bank account details were selling for around $260 per account on the deep web recently, while Amazon and eBay accounts sold for approximately $50 each. Facebook, Instagram, and Twitter accounts are valuable to criminals and can sell from between a few pennies to several thousand dollars each. Your social security number is only worth around $1, but your driver’s license might be worth around $20. A complete medical record, including insurance information, sells for about $1000.

Criminals on Internet “dark web” forums sell stolen credentials every day. Sometimes they steal because the account’s name is only a few letters long, or because it already contains posts and pictures. They steal money and identities and use the accounts for insurance fraud, blackmail, and extortion.

Accounts can be stolen using a variety of methods. In the simplest case, the criminal uses software to guess the account. Guessing takes a long time and will likely be noticed by intrusion detection systems. They might use a purchased list to try to gain access to other accounts a person might have.

The lists are often created using a popular method, called “phishing,” to steal your passwords. Using this method, criminals trick people into giving them their username and password. The most common way they do this is by sending large amounts of spam email containing bad links. When the user opens the email, it looks like it came from their favorite store. Instead, it is a link to a website that the criminal controls. Many websites like this then log the user into the correct website. The danger of this is the user never suspects that they were the victim. The benefit for the criminal is they have confirmed that the username and password are correct.

Protect Yourself

Although security and social media companies monitor these gathering sites, it is still best to avoid being a victim. The best way to do that is:

  • Use a different password on different websites.
  • Change your passwords occasionally.
  • Use a password manager like LastPass or KeePass. Using different passwords can be complicated to do manually, but good password managers will help you remember your passwords. While they are not foolproof, they are generally more secure than many other methods. If you choose to use a password manager, make sure that your master password is secure.

For more information on these topics, the FBI has set up an excellent resource at https://www.fbi.gov/scams-and-safety.

-Michael Martinell, The Broadband Guy