EDITOR’S QUESTION
WHAT STEPS
SHOULD YOU TAKE
TO PREVENT YOUR
DIGITAL IDENTITY
BEING STOLEN?
//////////////////////////////////////////////////////////////////////////////////////////////////////////
A
new study from Kaspersky Lab has
revealed that while our identity
may not be worth a lot in terms of
dollars, it is a significant asset to criminals in
other ways.
The research uncovered an appetite
among cybercriminals for data stolen from
popular services – including via social media
accounts and remote access to gaming
websites. User confusion about what their
data is worth could result in a haphazard
approach to security, making it all too easy
for thieves to steal data and commit crime.
Data stolen due to people’s lax security may
have limited resale value but can be put to
many uses. This can cause huge problems
for an individual victim, who may lose money
and their reputation, find themselves being
chased for debt that somebody else has
incurred in their name, or even suspected of
a crime that somebody else has committed
using their identity as a cover. Kaspersky Lab
investigated Dark Web markets to find out
how much personal data is worth and how it
is used by criminals.
The company’s researchers found that
criminals can sell someone’s complete digital
life for less than US$50; including data
from stolen social media accounts, banking
28
INTELLIGENTCIO
details, remote access to servers or desktops
and even data from popular services like
Uber, Netflix and Spotify. stolen data funds many social evils,” said
David Jacoby, Senior Security Researcher at
Kaspersky Lab.
Meanwhile, researchers found that the
price paid for a single hacked account is
lower, with most selling for about US$1
per account, and with criminals offering up
discounts for bulk-buying. “Fortunately, there are steps we can take to
prevent it, including by using cybersecurity
software, and being aware of how
much data we are giving away for free –
particularly on publicly available social media
profiles, or to organisations.”
The most common way criminals steal
this sort of data in the first place is via
spear phishing campaigns or by exploiting
a web related security vulnerability in an
application’s software.
After a successful attack, the criminal gets
password dumps which contain a combination
of emails and passwords for the hacked
services. And, with many people using the
same password for several accounts, attackers
might be able to use this information to access
accounts on other platforms too.
Interestingly, some criminals selling data
even provide their buyers with a lifetime
warranty, so if one account stops working,
the buyer will receive a new account for free.
“It is clear that data hacking is a major
threat to us all and this applies at both
an individual and societal level because
People can avoid such risks by taking several
security steps:
• To stay safe from phishing, always check
that the link address and the sender’s
email are genuine before clicking
anything. A robust security solution will
also warn you if you attempt to visit a
phishing web page
• To avoid one data leak harming all
your digital identities, never use the
same password for several websites or
services. To create strong, hack-proof
passwords and remove the struggle
of remembering them, use a specific
password manager application, such as
Kaspersky Password Manager
• To find out who has your personal data,
use services such as PrivacyAudit.me that
automatically search for a user’s data
across a large number of sources
www.intelligentcio.com