Every day, cyber criminals of varying skill levels and capabilities buy and sell stolen consumer and business credentials on the dark web. While once perceived to be an inaccessible, mysterious place, the dark web of today is very much within reach. Less technical, younger individuals can access the dark web and participate in underground commerce with just a few clicks.
The dark web now resembles, in many ways, any other commercialized online marketplace. There are banner ads, social media pages, and even user-friendly YouTube tutorials to help guide criminals in their pursuits. Without much effort or technical skill, cyber criminals can access personally identifiable information (PII), popular user accounts, and malware kits to more easily orchestrate attacks.
I’ve enjoyed the opportunity to shed light on these underground marketplaces at conferences like South by Southwest. One exercise I like to run through with attendees is to have them guess the going rate for different pieces of PII. It often shocks people that even high-value information and accounts are selling for cheap across the dark web. For instance, Social Security numbers, email accounts like Gmail and Yahoo, Uber accounts and Netflix accounts being sold on the dark web for around $1.
While it is a somewhat scary reality, consumers and businesses can take steps to significantly reduce the risk that their information ends up on the dark web. By creating long, strong, and unique passwords across accounts, taking advantage of software updates as they are available across all devices, and enlisting the help of a third-party monitoring service, consumers and businesses can stay one step ahead of these growing threats.