11 Aug Credentials for sale, “The Digital Fishing Business”
When we ‘bite’ on a phishing site and try to log in to what we believe to be the legitimate site, our credentials go into the cybercriminal’s database. What happens next?
The reality is that there is a great deal of specialization and there are different agents for each phase and the one who obtains the credential is not the one who uses it. We had already talked about the creation of the phishing kit by an expert, the use of phishing is carried out by other people and the databases obtained are sold on the darkweb to others interested in exploiting the information.
Some examples of database sales
These databases are not only fed by phishings, there are some monstrously large ones that come from data leaks (data breach) like the one suffered by the Marriott hotel chain in which the information of 5.2 million clients was exposed or the case of LinkedIn with 157 million leaked records.
Depending on the information they contain their value varies. If the credentials are for access to a bank account they will have a higher price, social networking accounts are sold at lower prices while corporate accounts, which can give the offender access to the company’s network, can reach very high prices.
How to avoid swell the database of cybercriminals?
Of course the first step is to become aware that anyone can become a victim of a cyber attack. An incident that can expose both our personal and corporate information to the highest bidder on the darkweb. For this reason it is important not to reuse passwords on different accounts and to change them every X time. Nor should we forget to keep our equipment up to date, something that makes the work of cybercrime a little more difficult.
At PhishingHunters the continuous innovation of our team is a maxim and allows us to apply new technologies to respond to the new challenges posed by today’s sophisticated fraud techniques: state-of-the-art phishing detection tactics or fighting cyber-squatting thanks to machine learning.
Phishing has not been a problem exclusive to the financial sector for years. Sectors such as online gaming, e-commerce, physical security or the insurance sector are some in which we currently apply our extensive experience to protect you with the latest innovations.