One of the most important tips I have focused on in recent months is the importance of updating and changing your passwords regularly and using unique passwords for different websites. While this helps keep people from easily guessing your password, the bigger issue is the dark web marketplaces that are actually selling passwords and other account information that could belong to you. The rising number of damaging ransomware attacks is due to stolen login credentials, typically bought on criminal marketplaces like the one that the FBI recently cracked down on.
FBI taking down cybercriminal marketplaces
Genesis Market began in 2018 and was a website that helped facilitate enough cybercrime for the FBI to catch on, and just last month, they were able to seize 11 domain names connected to the identity fraud website. 119 arrests and 208 property searches were made during a crackdown known as “Operation Cookie Monster” with the goal to shut down Genesis Market after they compromised over 1.5 million computers worldwide.
MORE: CAUGHT RED-HANDED: FINALLY SOME JUSTICE AGAINST A SPYWARE CREEP
The malicious marketplace was popular worldwide because it was user-friendly, and passwords could cost as low as 70 cents per account. Genesis made it easy for hackers to search for login credentials by their type, whether it was social media or banking, for example, making it easy for them to scam any victims they were searching for.
Could my information still be sold on the dark web?
The short answer is yes – unfortunately, there are still two major infostealer malware marketplaces out there: 2easy and Russian Market. However, the takedown and arrests in multiple countries have scared some of these scammers.
The other issue is hackers can still attempt to obtain your personal login information in other ways than buying it on the dark web. This malware that steals your information is typically deployed through malicious apps or phishing links, which can be sent through emails or texts. For example, hackers embedded infostealer malware into a fake ChatGPT browser extension, which collected millions of login credentials.
MORE: HOW TO SCRUB YOURSELF FROM THE INTERNET
How can you protect yourself against info-stealing malware?
Check if your information has been compromised
The FBI has handed over victim credentials to the website Have I Been Pwned, which you can visit here. It’s a free resource recommended by the Department of Justice to quickly check if any of your login credentials have been compromised.
MORE: HOW HACKERS ARE USING CHATGPT TO CREATE MALWARE TO TARGET YOU
Use strong and unique passwords
Create strong passwords for all of your accounts and avoid using the same password for multiple online accounts. Consider using a password manager to securely store and generate complex passwords. I
Enable two-factor authentication (2FA)
Enable 2FA on your accounts for an additional layer of security. This typically requires providing a verification code in addition to your password when signing in.
Keep your devices and software up to date
Ensure that your computer, smartphone, and other devices have the latest security updates installed.
Have good antivirus software on all your devices
Identity theft protection
You can also use identity theft protection in case you’re concerned details like your bank account information may be on the dark web. Identity Theft protection companies can monitor personal information like your Home title, Social Security Number (SSN), phone number, and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.
1 million dollars to cover losses and legal fees white glove fraud resolution team where a US-based case manager
Special for CyberGuy Readers:
Kurt’s key takeaways
The recent crackdown on cybercriminal marketplaces like Genesis Market is a significant step in combatting the sale of stolen login credentials. However, the threat of info-stealing malware and personal data breaches still persists. It is important to regularly update and change your passwords, use unique passwords for different websites, and have reliable antivirus software installed on all your devices. Also, I recommend installing identity theft protection which can provide an extra layer of security in case your personal information ends up on the dark web. I know I sound like a broken record – stay vigilant and proactive in protecting your digital identity. It will help you to avoid some potential big headaches down the road.
MORE: HOW TO SCRUB YOURSELF FROM THE INTERNET
21 comments