Criminals profit R$88 million selling personal data on the dark web; protect yourself

Trading in sensitive information has become increasingly common on the dark web; here’s how to make sure your data isn’t made available on this market.

The sale of personal information has become a lucrative business for criminals operating on the dark web. This is shown by a recent survey carried out by NordVPN, a company that provides solutions for virtual private networks. During the study, more than 22,000 advertisements for the sale of private data were found. The number of pieces of information sold, in turn, exceeds 720,000. According to the research, criminals have already profited around US$ 17.3 million in this market (approximately R$ 88 million, in direct conversion).

Information for sale on the dark web includes passports – one of the most coveted and expensive items on the market – driver’s licenses, ID cards and credit card data, which are sold at lower prices because they are easier to obtain. So that you can preserve the security of your information and avoid possible problems, TechTudo has listed six important measures to protect your data. You can also find out which are the main items for sale on the dark web and how much they cost.

Main data for sale on the dark web

According to NordVPN, there are four main categories of information for sale on the dark web: documents (43%), financial data (39%), accounts (12%) and emails and passwords (6%). The leaked documents include the complete set of personal identity data (40%), driver’s license (35%) and passport (9%). Among financial information, payment card data (67%) accounts for the largest share of items, followed by payment processing accounts (17%), bank accounts (10%) and crypto accounts (10%).

The accounts section, meanwhile, is led by accounts on streaming services (61%), but there is also data leaked from social networks (8%). In the emails and passwords category, the trade is concentrated on personal emails (70%), voter emails (28%) and corporate emails (6%).

How much is the data for sale on the dark web?

Prices vary according to the information. Passports stand out as the most expensive item, costing an average of US$ 600 (around R$ 3,030, in direct conversion). Encrypted wallets are also valuable on the dark web: accounts can cost from US$ 350 to US$ 395 (from R$ 1,768 to R$ 1,996, in direct conversion).

The cheapest items include data that can be forced or guessed, such as phone numbers and payment card details, which cost an average of US$ 10 (around R$ 50). Netflix accounts were also found for the same price, while Uber accounts were slightly more expensive – on average US$ 12 (approximately R$ 60).

It’s also worth noting the price charged for the sale of batches of emails, many of which are used in phishing scams and intrusion attempts. Prices can reach US$ 199.99 (around R$ 1,010, in direct conversion). Here are six tips to prevent your data from being sold on the dark web.

How to protect yourself and avoid data leaks on the dark web

1. Don’t click on suspicious links

One of the most common tactics used to steal data is to send phishing messages via email, messaging apps or social networks. The texts are usually urgent and use supposedly unmissable promotions or the redemption of gifts to trick the user, who is asked to provide their details in order to take advantage of the benefit in question. It is also common for criminals to impersonate government or banking institutions, asking for passwords and personal information in order to update registrations or even verify the authenticity of the account.

That’s why it’s always important to be wary of messages with these characteristics. Even if the sender of the message identifies themselves as a legitimate company or entity, don’t share any data. First go to the official website of the organization or company and talk to customer service to make sure the message isn’t a fake.

Another way to protect yourself is to look for small errors in the message, since texts sent by criminals often have grammatical slips. When it comes to emails, also remember to look carefully at the sender’s address: it is common for scammers to use unusual domains to send the message (@microsoft.biz instead of @microsoft.com, for example).

2. Create strong passwords and change them regularly

Long passwords, with at least eight characters, are usually stronger. When creating codes, it’s also important to avoid obvious combinations, such as special dates, names and letters that appear in sequence on the keyboard. The best thing is to define a password that combines numbers, upper and lower case letters and special characters.

Another important tip to make it harder for attackers is to use a different password for each account. This way, even if one of the combinations is discovered, the criminal will not have access to the other services.

If you have trouble remembering all the codes, use a password manager, software that can generate strong combinations for several accounts and store them securely. The manager also encrypts the information, making it difficult to discover the passwords during attacks. Finally, remember to change your passwords regularly.

3. Don’t save bank details in browsers

Although it’s more practical to leave your passwords saved in a browser, this can put your data at risk. This is because if a hacker gains access to the machine, they will be able to decrypt this information much more easily. That’s why you should always type in your codes manually.

Similarly, it is not recommended to save credit card data in browsers or online stores. If possible, opt for a temporary virtual card. This is because its identification number and security code can only be used once, which helps prevent online scams.

4. Check the app permissions on your phone and disable unnecessary access

It’s common for applications to request permission to access phone features such as the calendar, location, camera, microphone and storage. Although some accesses are really important for the program to work properly, others are unnecessary. A photo editor, for example, doesn’t need access to your contact list.

To prevent apps from stealing sensitive information, go to your phone’s app manager and check the permissions of each piece of software. If any of them have access to features that are not compatible with the program’s role, disable the permission.

5. Activate two-factor verification

As well as creating a strong password, it is recommended that you activate two-step verification, a feature that adds an extra layer of protection to your account. With this, the system needs to confirm your identity not only by entering the correct password, but also via a code sent by email or made available in an authentication app, for example. In this way, you create a barrier and make it more difficult for criminals to access your account.

6. Use Serasa Premium

Serasa has an anti-fraud service that allows users to monitor their data and find out if it has been leaked on the dark web. For R$ 19.90 a month or R$ 169.00 a year, Serasa Premium subscribers can monitor up to five e-mail accounts, three cell phone numbers and a passport. The system notifies the user when someone consults their CPF or CNPJ and issues an alert if the data is leaked on the dark web. To contract the service, simply go to “serasa.com.br/premium/darkweb” (without quotes).

Via Techtudo