One of the most important tips I have focused on in recent months is the importance of updating and changing your passwords regularly and using unique passwords for different websites. While this helps keep people from easily guessing your password, the bigger issue is the dark web marketplaces that are actually selling passwords and other account information that could belong to you. The rising number of damaging ransomware attacks is due to stolen login credentials, typically bought on criminal marketplaces like the one that the FBI recently cracked down on.
FBI taking down cybercriminal marketplaces
Genesis Market began in 2018 and was a website that helped facilitate enough cybercrime for the FBI to catch on, and just last month, they were able to seize 11 domain names connected to the identity fraud website. 119 arrests and 208 property searches were made during a crackdown known as “Operation Cookie Monster” with the goal to shut down Genesis Market after they compromised over 1.5 million computers worldwide.
MORE: CAUGHT RED-HANDED: FINALLY SOME JUSTICE AGAINST A SPYWARE CREEP
The malicious marketplace was popular worldwide because it was user-friendly, and passwords could cost as low as 70 cents per account. Genesis made it easy for hackers to search for login credentials by their type, whether it was social media or banking, for example, making it easy for them to scam any victims they were searching for.
The Department of Justice called Genesis a key enabler of ransomware and says this takedown is,
yet another blow to the cybercrime ecosystem.”
Could my information still be sold on the dark web?
The short answer is yes – unfortunately, there are still two major infostealer malware marketplaces out there: 2easy and Russian Market. However, the takedown and arrests in multiple countries have scared some of these scammers.
The other issue is hackers can still attempt to obtain your personal login information in other ways than buying it on the dark web. This malware that steals your information is typically deployed through malicious apps or phishing links, which can be sent through emails or texts. For example, hackers embedded infostealer malware into a fake ChatGPT browser extension, which collected millions of login credentials.
MORE: HOW TO SCRUB YOURSELF FROM THE INTERNET
How can you protect yourself against info-stealing malware?
Check if your information has been compromised
The FBI has handed over victim credentials to the website Have I Been Pwned, which you can visit here. It’s a free resource recommended by the Department of Justice to quickly check if any of your login credentials have been compromised.
MORE: HOW HACKERS ARE USING CHATGPT TO CREATE MALWARE TO TARGET YOU
Use strong and unique passwords
Create strong passwords for all of your accounts and avoid using the same password for multiple online accounts. Consider using a password manager to securely store and generate complex passwords. It will help you to create unique and difficult-to-crack passwords that a hacker could never guess. Second, it also keeps track of all your passwords in one place and fills passwords in for you when you’re logging into an account so that you never have to remember them yourself. The fewer passwords you remember, the less likely you will be to reuse them for your accounts.
Get more details about my best expert-reviewed Password Managers of 2023 here.
Enable two-factor authentication (2FA)
Enable 2FA on your accounts for an additional layer of security. This typically requires providing a verification code in addition to your password when signing in.
Keep your devices and software up to date
Ensure that your computer, smartphone, and other devices have the latest security updates installed.
Have good antivirus software on all your devices
The best way to protect yourself from having your data breached is to have antivirus protection installed on all your devices. Keeping hackers out of your devices can be prevented if you have good antivirus software installed. Having antivirus software on your devices will make sure you are stopped from clicking on any potential malicious links which may install malware on your devices, allowing hackers to gain access to your personal information.
Find my review of Best Antivirus Protection here.
Identity theft protection
You can also use identity theft protection in case you’re concerned details like your bank account information may be on the dark web. Identity Theft protection companies can monitor personal information like your Home title, Social Security Number (SSN), phone number, and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.
One of the best parts of using Identity Guard includes identity theft insurance of up to 1 million dollars to cover losses and legal fees and a white glove fraud resolution team where a US-based case manager helps you recover any losses.
Special for CyberGuy Readers: Save up to 51% with my top recommendation is Identity Guard.
Read more of my review of best identity theft protection services here.
Kurt’s key takeaways
The recent crackdown on cybercriminal marketplaces like Genesis Market is a significant step in combatting the sale of stolen login credentials. However, the threat of info-stealing malware and personal data breaches still persists. It is important to regularly update and change your passwords, use unique passwords for different websites, and have reliable antivirus software installed on all your devices. Also, I recommend installing identity theft protection which can provide an extra layer of security in case your personal information ends up on the dark web. I know I sound like a broken record – stay vigilant and proactive in protecting your digital identity. It will help you to avoid some potential big headaches down the road.
Have you ever discovered an account of yours had been compromised? What did you do? Let us know by commenting below.
MORE: HOW TO SCRUB YOURSELF FROM THE INTERNET
21 comments