Certain types of data (e.g., bank account information, online credentials, healthcare information, email addresses, credit card numbers, etc.) has value to cybercriminals. If it falls into the hands of cybercriminals, they can use it for their gain to purchase goods or apply for credit cards in your name or sell it on the dark web (online black market). The online black market, also known as the darknet, is the hidden part of the Internet where everything from drugs and weapons to credit card information and stolen digital data can be bought and sold. Buyers and sellers are able to trade with illegal or stolen goods anonymously.
Experts say that it is almost impossible to avoid the dangers of the dark web. According to the ITRC (Identity Theft Resource Center), there were 1,257 breaches in 2018, and that number jumped to 1,473 in 2019. With the rising number of data breaches, the likelihood that your personal finance data is available on the darknet is probable.
How the Online Black Market Works
Experts believe that cybercriminals can sell stolen records on underground online forums that are similar to online marketplaces, such as Amazon or eBay. Just like these online marketplaces, buyers and sellers can review previous negotiations and rely on ratings of each other to make decisions.
Buyers interested in acquiring personal information have two options:
- Sellers can go on a black market that operates on the open web, websites that can be accessed by anyone. They can access them using web browsers like Firefox, Chrome, or Opera. There, they can buy debit and credit card account numbers, medical data (hospital and health records or health insurance info), and other types of significant data.
- Another option includes anonymously accessing the dark web, where they can find a small (but emerging) number of online black markets. These websites can be accessed by using specialized browser protocols and encryption software to hide the location of individuals interacting with these sites (such as the free Tor service).
When it comes to receiving payments, cybercriminals, sellers of data records, and hackers actually do everything they can to remain incognito. They can accept online payments via different electronic mechanisms, such as Bitcoin, Yandex, and Web Money. Some of them even accept payments via MoneyGram or Western Union, but to cover the costs of using these services to transfer and receive hard currency, they often charge additional fees.
Payments are often made upfront, and the transfer of stolen information might take from a few hours to several days. That’s why buyers want to know how the sellers are rated on the black market – if a deal goes wrong, the parties don’t know each other’s identity, and they definitely won’t report each other to the authorities. However, they have usernames that remain the same, which helps them build their reputation in the dark web marketplace. If a buyer or seller has a low rating, that might affect their ability to transact business, limiting their ability to make money.
How Much Can a Seller Earn from Selling Stolen Data Records?
Sales of credit card account information on the black market can yield anywhere from $30 to $150, while passports and electronic medical records can bring in more than $1,000. In the U.S. and Europe, a complete set of credit card data (name, date of birth, expiration date, card number, CVV, and social security number) costs $30-45. The copying of info that’s on the magnetic stripe of the card (“credit card dumps”) have selling prices of about $200-300. The information can be copied onto credit card blanks to turn a fake card into a real one.
What Do Buyers Do with Stolen Information?
The purchase and exploitation of stolen data records is a lucrative business for those who know how to use the information. The buyers of stolen data records can use it by:
- Holding your Internet accounts for ransom (e.g., social media account)
- Padding your account reputation by using fake followers
- Using the information to craft better-targeted attacks on you (as the victim)
- Buying goods or services with stolen credit card numbers
- Facilitating money transfers to acquire cash
According to some estimations, the Internet Crime Complaint Center (IC3) received and processed 467,361 complaints, estimating that individuals and businesses lost about $3.5 billion in 2019. In 2018, there was about $1.7 million in losses, which is a staggering 30% less. The profits are massive and are the key reason that data breaches are on the increase. The demand for personal data records is on the increase because they can be used to facilitate cybercrime.
What If Your Personal Info Is on the Black Market?
According to CBS News, once your stolen medical files, financial data, or personal info find their way to the dark web, it’s very likely that it will stay there for years to come. There, it can be sold and resold multiple times over. Once it is there, you cannot stop the spread of it. If your data was stolen due to identity theft or a data breach years ago, some cybercriminals repackage old data that they can sell again. However, this doesn’t mean that you cannot do anything to protect yourself. What steps you should take to ensure your data is protected depends on the type and value of stolen information. For example:
- If your passwords reach the online black market, change passwords on all the accounts where you use it. Use a password manager to encrypt the passwords saved on your browser and change the security questions on all your accounts (as an added precaution).
- If your Social Security number found its way to the dark web, contact the Internal Revenue Service and the Social Security Administration to report it.
- If your passport or driver’s license has been stolen, report it to the U.S. State Department or the Department of Motor Vehicles, respectively.
- If your bank account or credit card numbers are on the cyber black market for stolen financial data, reach out to your lender or credit card issuer to report the issue and ask them to close the old account and open a new one.
When it comes to having their email address stolen, people usually don’t consider it to be such a big deal. But with access to your email address, a cybercriminal can spoof the account, so your contacts think they are receiving messages from you. They will also use it to access your sensitive information, often by resetting important account passwords without your knowledge. People often use their email addresses as user IDs for their online accounts. If you notice spoofed emails coming from your email address, contact your email provider. Also, if your address serves as user identification for any of your online accounts, you should either change your user ID or your passwords.
Keep an Eye on Credit Card Accounts and Report
If your financial information is found on the black market, there are other steps you should take to protect yourself:
- Credit report security freeze. With a security freeze on your credit report, nobody can open a credit account in your name, even if they have your mother’s maiden name, your address, and your account credentials.
- Monitor credit card accounts. Unless there was a late payment, you wouldn’t know whether someone was accessing your credit cards (even if you are monitoring your credit reports). But if you regularly check your credit card bills, you can detect the charges that you didn’t make as soon as they happen. You can also have text notifications sent to you whenever your credit cards are used. With Split® Credit Monitoring, you can have around-the-clock insight into your credit card activity and information, as well as the ability to react immediately (when needed).
For some additional recommendations, Bankrate has written a great article to help people prevent credit card fraud during the Coronavirus pandemic. We’d highly recommend giving it a read. They provide some recommendations that we don’t cover like fraudulent mobile payment schemes and talk about how your liability changes the longer it takes you to discover and report fraud if you primarily use a debit card vs a credit card.
Protect Your Data Records
Today, data protection is more important than ever before. You should frequently review areas that cybercriminals could compromise and take all the necessary steps to protect your information. Treat your information like it’s worth a fortune (because identity theft criminals treat it that way) and don’t make it easy for anyone to steal it to turn a profit on the dark web.
Luckily, banks and credit unions offer various security tools that can help protect your data records from being stolen and sold on the dark web. Furthermore, Split® Credit Monitoring can help you develop a security strategy, provide alert notifications for credit file changes, reclaim stolen identities, and recover the stolen money.