Hackers are common thieves. They will either steal your money or your personal data, and, most of the time, if they get your personal data, they will monetize it in one way or another.
Some hackers will try to trick you into installing malware onto your device so that they can remotely prowl around your files looking for key information or wait until you log into a prime site, like a banking site, and steal your login credentials. Then, they can either steal your money themselves or sell your login details on the deep web.
However, it is much easier for hackers if you fall for a phishing scam. In this case, they can just get you to send them your personal information directly by having you visit some fake but realistic looking website and filling out a form.
Should the average person be worried? Maybe, but most are not. I’ve spoken with many people who don’t much care if their personal information is stolen. “So what? How does that really affect me?” They often remark. They don’t lose sleep over their bank accounts getting wiped out because they figure the bank will reimburse them. In addition, many of these carefree users claim to lead dull, uninteresting lives which no one would have any interest in. “Let them read my emails. Let them look at my Facebook page. I have nothing to hide.”
Strangely, hackers think otherwise. You might not care if your bank account is emptied, but would you be upset if someone stole your tax refund or your social security payments? Would you like to get a bill from Amazon for goods you never purchased? Would you like to be blackmailed? Would you like all of the files on your computer encrypted so that you have to pay money to get them back? Or, on the more personal level, would you like to lose all of your friends or have your reputation ruined? Would you like to lose your job? Sure, you might not worry about some things, but my guess is there are some good reasons why everyone should do their utmost to protect their personal information.
Hackers know precisely how to monetize stolen personal information. Here is a list of the prices hackers will pay for specific personal information on the deep web. The list is modified from a Top10VPN post.
The article claims that full information (fullz) on a person would sell for about $1,200, but they arrive at that figure by adding up all of the items on their list, some of
which are not shown here. However, no one has all of the services listed.
Let’s look at some of these prices in more detail. It’s rare to see credit card details for sale for over $400. Information on a “first hand Account with American Express Full information Account Simple Login Information User ID Password Billing Information Name Surname Address City Zip Code State Phone Number Birth Day Birth Month Birth Year Place of Birth Social Security Number Mother s Maiden Name Mother s Date of Birth Credit Card Information Credit Card Number Exp Date Name On Card CVV2 ATM Pin CSC Pin E mail Information E mail Address Password” was offered for about $250. The card had a $10,000 limit. The price of credit card information varies in direct proportion to how recently that information was hacked. However, the average price for full credit card information comes in at around $20.
Often, hackers will hack a company or organization’s database to get large amounts of personal information and sell this at a bulk rate. Those who know how to monetize such data can make quite a profit. Why doesn’t the person selling the information just use it for themselves? They may simply not want to take the risk or take the time to monetize it. It takes time and effort to buy gift cards or to buy merchandise and resell it. But don’t feel too sorry for the information sellers. When Hieu Minh Ngo was arrested for identity theft, authorities found that he had made $2 million selling all of the information he stole.
Criminals buy personal information for a number of uses. They can, for example, use it to make fake driver licenses and passports. Fake, but realistic-looking, U.S. driver licenses, from whatever state you choose, sell for around $13 and will come with a matching Social Security Number. British passports with valid numbers sell for around $15.
Obviously, criminals with your PayPal or bank login credentials can simply transfer funds into their own accounts. As soon as the money enters those accounts, they can withdraw it and close the account. Interestingly, those temporary accounts may have been opened with false credentials so that the real owners of them can’t be traced.
Shopping or entertainment login credentials can allow the criminals to buy whatever they want and send you the bill. They will have, of course, changed your delivery address to that of a drop site where they can safely pick up their goods. They often prefer to buy gift cards in your name.
Logins to social media sites are cheap, but, in some ways, they can create the most problems for victims. As soon as a criminal gets these credentials, they will log into the site and then change the password and whatever other information they want. They are now you. As you, they can manipulate your friends. They can ask them for financial help or other information that can allow them to be hacked as well. If they want, they can post pictures on your site that could destroy your reputation. Often, they will use your social media sites to send spam.
Few information sellers on the deep web are ever prosecuted. After all, there’s a reason for calling it, ‘the deep web’. The identity of most sellers is virtually untraceable. Yes, perpetrators have been caught, but it takes law enforcement agencies a lot of effort, which is why they only go after the major sellers. Most of the time, however, it is easier for them to go after the marketplace operators themselves. If the feds do catch the operators, they will take control of the marketplace themselves. Then, pretending that all is normal, they watch the interactions between buyers and sellers until they are ready to make a move. For this reason, there is always a degree of paranoia on deep web markets, but the same paranoia also leads to surprisingly good security measures.
But not all information sellers succumb to paranoia. Some even put up helpful Youtube videos to help buyers use their data. Here is a screen capture from one such video. (I removed identifying data, but you can see the information they have on this and many other potential victims.)
You must accept the fact that you may have already been hacked and your information may be for sale. This is especially true if you have a Yahoo email account or a LinkedIn account. How can you know if your personal information has been hacked? A good place to begin is the ‘have I been pwned‘ website. Put in your email address and see if it shows up in any hacks. If your address does show up and you haven’t changed your password for a while, go ahead and do that.
For those who visit the deep web, there is a website on which you can enter your username or email address and find if there is a password connected to it. When I did this for myself, I did find a valid password connected to an account I have, but the password was one that I used many years ago. Yes, I realize this site could be used by hackers to find passwords to email addresses the hackers may possess. It’s another reason you should be careful about giving out your email address and, yet, another reason why you should change your email password frequently. I considered not giving a link to this deep web site, however, it is important to be able to check what personal information on you may already be in possession of cyber criminals. So for those so interested, install the Tor browser and go here. (Onion addresses change frequently, but this site was still valid as of this writing.)
The bottom line here is to protect your personal information in the same way you would protect your car keys. You wouldn’t give them to someone you wouldn’t trust. In the end, you are worth more than you think you are.