As we’ve seen over the years, no one is truly safe from becoming the next victim of a cybersecurity hack – even if we think we are. From average individuals on a social media platform like Facebook to the world’s richest man, anyone can become a target.
While we often think we are too insignificant or not affluent enough to warrant being hacked, this couldn’t be further from the truth. Kaspersky found that 37% of millennials think that they are too boring to be the victim of cybercrime, which couldn’t be further from the truth. In fact, their data is even more at risk now that they are spending more time at home during the pandemic.
Most cybersecurity firms AMEinfo is in contact with often tell us that the virtual world is simply getting more dangerous by the day, and especially during the current surge in online activity as a result of COVID-19.
What you’ll be surprised of, however, is how cheap it actually is to get access to your data – sometimes, cheaper than a cup of coffee.
The black market of personal data
Kaspersky has revealed the fascinating findings of one of its most recent studies, titled ‘Dox, steal, reveal. Where does your personal data end up?’ The cybersecurity firm analyzed active offers on 10 international darknet forums and marketplaces that operate in English or Russian, and the sample inspected included posts that were shared during the third quarter of 2020 and that are still relevant.
According to the study, it can cost shady individuals as little as 50 cents to access an individual’s personal data, often for the purposes of doxing.
“Doxing occurs when a person (usually the threat actor) shares private information about another person (the victim) without their consent to embarrass, hurt or otherwise put the target in danger,” Kaspersky explains. “Users typically do not expect personal information to leak out into the public domain, and even if it does, do not anticipate what harm that might do. But as practice shows, with especially determined abusers or malicious users, doxing may potentially turn as far as hacking into the target’s accounts – a service that is offered on the dark markets nowadays.”
One has to consider that often, doxing includes more than sharing your personal data or embarrassing images or videos with the world. Often, attackers can “share it in a targeted way with your relatives, friends or employer, especially if it is embarrassing. This can harm the victim’s relationships with their loved ones, as well as their career prospects.”
The price of personal data
Today, whenever you post online, you are opening yourself to all sorts of threats – it’s just a given of the online world at this point. People are as ready as ever with their digital pitchforks, ready to downvote, defame and comment blast anyone that disagrees with them. When the intent is even more malicious, doxing becomes an option.
For those seeking this method, they often need to get a hold your data first, either by acquiring it first-hand (if they have the technical expertise for it), or by purchasing it on the dark web, which as the name suggests, correlates with the shadier side of the internet.
As for the price of personal data, it varies based on its type, depth and usability to hackers.
As Kaspersky notes, new types of data have also emerged for attackers to get their hands on. This includes personal medical records and selfies with personal identification documents, which cost $40 and upwards. The growth in the number of photos with documents in hand and schemes using them also reflects a trend in the ‘cybergoods game’. Abuse of this data potentially results in quite significant consequences, such as taking victims’ name or services on the basis of their identity.
As explained earlier, if it’s not bad enough that a stranger has access to your personal data and is able to use it for doxing purposes, it gets even worse when you consider what other malicious uses for said information exist. Kaspersky notes that data sold on the dark market can be used for extortion, execution of scams and phishing schemes, and direct theft of money. Certain types of data, such as access to personal accounts or password databases, can be abused not just for financial gain, but also for reputational harm and other types of social damage, including but not limited to the aforementioned doxing.
What can you do to protect yourself?
There are many tools at our disposal today to protect us online. While we can never fully eliminate the threat of an attack, tools like antivirus software and VPNs, as well as educating ourselves about the threats that exists, can help improve our security online.
Here are some of Kaspersky’s recommendations:
- Be aware of phishing email and websites;
- Always check permission settings on the apps you use, to minimize the likelihood of your data being shared or stored by third parties – and beyond – without your knowledge;
- Use two-factor authentication. Remember that using an application that generates one-time codes is more secure than receiving the second factor via SMS. If you need additional security, invest in a hardware 2FA key;
- Use a reliable security solution like a password manager to generate and secure unique passwords for every account, and resist the temptation to reuse the same one over and over again;
- To find out if any of the passwords you use to access your online accounts have been compromised, use a tool such as Kaspersky Security Cloud. Its Account Check feature allows users to inspect their accounts for potential data leaks. If a leak is detected, Kaspersky Security Cloud provides information about the categories of data that may be publicly accessible so that the individual affected can take appropriate action;
- Always consider how the content you share online might be interpreted and used by others.