Do you know how much your account information is worth to criminals?
You might be shocked to find out that credentials you believe are incredibly important only fetch $10-20 on the dark web.
What’s worse is how much financial damage stolen data could cost you later on.
These thieves are taking part in credential theft, a market expected to exceed $18 billion by 2024.
Let’s find out more about credential theft and how to protect yourself against it.
What Is Credential Theft?
Credentials are specific data or authentication tools that are required to verify a person’s identity. When the credentials match, that person is authenticated and granted access to a particular system or network.
Theft is when an adversary has the intent, capability, and opportunity to intercept that information.
In other words, credential theft happens because criminals are able to intercept your personal information.
One way hackers get credentials is through phishing.
If they are able to access a list of emails on the dark web, they use that list to build an email campaign.
The goal? Trick anyone who receives the email to enter their username and password so they can retrieve your information and log in as you.
They do this to make a profit.
“Most cybercriminals are motivated by cold, hard cash,” says Verizon’s 2018 Data Breach Investigations Report. “If there’s some way they can make money out of you, they will.”
Verizon finds that most attacks target not the wealthy, but the unprepared. Further, Verizon found that 76 percent of attacks were financially motivated.
Security expert Brian Krebs found that, indeed, credentials sold for an average of $15. He also came across a screenshot from a dark-web service that showed one crook who earned more than $288,000 in just a few months by selling stolen data.
How Can You Prevent Credential Theft?
It is nearly impossible to prevent your information from appearing on the dark web. With tens of thousands of data breaches every year, you should practically expect to be on it.
However, you can take steps to prevent the information that’s on the dark web from allowing hackers to access your accounts.
First, practice good email security awareness. Don’t send your credentials to someone else in an email, and don’t click on a link from an unknown sender.
Second, use strong, unique passwords that change on a regular basis.
We recommend creating passwords that:
- Have a minimum of 8 characters, try for 12+
- Combine upper & lowercase letters, symbols, and numbers
- Change your password periodically
- Use a different password for every site
Since you likely access dozens (if not hundreds) of accounts, consider using a password manager. Password managers can help generate, store, retrieve, and change your passwords for you.
Finally, use multifactor authentication (aka MFA or two-factor authentication). This requires you to use a combination of two ways to verify your login credentials with:
- Something you know—such as a password or PIN
- Something you have—like a mobile phone or debit card
- Something you are—like a fingerprint or facial recognition
An example of how MFA works is if you get a notification on your phone that somebody in India is trying to access your bank account. If you’re in the U.S., you know somebody you haven’t authorized is trying to get into your account. You can deny the login attempt. Then, change your password using the guidelines listed above.
The best strategy to protecting against credential theft includes having strong, regularly updated passwords to nullify the effects of having your data on the dark web. That will help protect you from would-be attackers.