For criminals, life is cheap whether it be theirs or their victims. Criminals in the cyberspace and in darkweb are no different too. Lately, it has been a trend left and right that database leaks are frequently happening where people’s email address and password are exposed. However, that is just the tip of the iceberg, because those leaks could often lead to somewhere worse.
The purpose of cybercriminals who steal information is to hack all your accounts in the cyberspace, knowing that each individual has multiple accounts existing from processing payments, sending money, online shopping up to your social media network accounts which are all tied up to an email address.
The information being stolen is valuable for those who frequently commit identity fraud and phishing activities who want to take advantage of it which can be used in various ways. For example Social Security Numbers of infants and other related personally identifiable information aka PII which can be used to file for fraudulent tax returns to get tax credits. Another example is fraudulent phone banking where a cybercriminal can pretend as an account owner of a bank or a financial institution resulting to a financial impact to the victim whose identity has been stolen.
Whole identities being sold on the darkweb are referred as “Fullz” which can be sold for as low as 820 UK pounds per individual.
Now we have a figure on how much a full package of identity is worth thanks to Top10VPN. For reference here is the price list according to their research:
Figure 1 Credits to Top10VPN
With the information acquired above for only approximately 1200 USD, any cyber-criminal who knows how to utilize these information can make huge amount of money. None financial type of accounts can be used as a backdoor to gain more information on the victim for other purposes such as spear phishing and inventive phishing.
Overall anti-phishing teams must consider these leaks as a potential threat for further and expanded phishing attacks. Protecting primary data such as email address credentials is the first step to secure one’s identity i.e identity fraud protection. A password change routine would not hurt for the sake of protecting your accounts and the future of your credit score.