You’re Not the Target, You’re Just a Victim
Most everyone is afraid of having their computer hacked. But it’s very unlikely that your PC will ever be hacked.
If I had a dollar for every person who wrote to us saying they have been hacked, I’d have at least $5000 in my pocket by now. But seriously, big-time hackers and scoundrels don’t care about you personally. They have bigger fish to fry. But even if you’re not the target, that doesn’t mean you can’t be a victim.
First, it’s very unlikely that a hacker is going to take the time and effort to hack Alice or Jack’s PC. What I mean is, home users like you and me aren’t worth the time and effort it takes to hack us. It takes a lot of effort to hack a computer and miscreants aren’t stupid. They are not going to figure, against all odds, that maw and paw users like you and I are worth millions of dollars. It would be a very poor strategy indeed to assume most home users are worth millions. In short, it would generally be a huge waste of a hacker’s time.
But there are banks, retailers, websites, government sites, Internet service providers, credit card and financial services sites, and so on who are worth millions and/or offer a potential treasure trove of user data.
And while a hacker targeting your home PC is hugely unlikely, credential-stealing malware and phishing campaigns as well as a plethora of trojans and keyloggers have the express purpose of tricking users into voluntarily giving away their usernames and passwords all hoovered up by the villains behind the software. The techniques of tricking users into voluntarily giving up their username and passwords are eclectic… and new pieces of malware surface regularly.
Most online thieves don’t hack – they buy
The following image from Digital Shadows shows you how much your information is worth on the “Dark Web”.
Hackers steal large databases and then sell login pairs to other hackers. It’s a lot easier to buy filched information than it is to steal the information by doing the hacking yourself.
In the screenshot above from DigitalShadows, you can see what cyber-thieves are willing to pay for information.
Bleeping Computer points out that…
“Login pairs from accounts for non-financial services (cable, social media, streaming, VPN services, file sharing, video games, adult) are the cheapest and cybercriminals give away many of them. Those for sale have an average price of $15.43.
From advertisements analyzed by data loss detection firm Digital Shadows, one in four offers accounts related to banking and other financial services. These come at a higher average price, $70.91 each.
However, a confirmed balance for an online banking account, availability of personally identifiable information, and freshness can drive the price up to $500.
In many cases, cybercriminals use them for money laundering to cover their tracks, or for cash-out schemes.
Several markets exist that rent access to an account without triggering an alarm. Some have botnets of info-stealing malware that collect fingerprint data (cookies, IP addresses, time zones) that once injected, make it look like the legitimate owner logged in…
Depending on the type of access they want to rent, cybercriminals can pay less than $10 to log into an account for a limited period using the victim’s fingerprint data.
According to Digital Shadow’s report, Genesis Market is the most popular. It is not without competition, though. UnderWorld Market (formerly RichLog) and Tenebris are in the same business…
We don’t want to bury you in geek-speak, but we do want to keep you safe. If you understand the basics – that hackers are not going to target your PC directly, but are far more likely to try to trick you and steal your personal information by using phishing emails to entice you to enter your username and password on fake banking or other financial sites, or by tricking you into installing information-stealing malware either surreptitiously, or by being tricked into installing the malware directly or downloading freeware or browser extensions bundled with the malware – then you’ll be less likely to be tricked into disclosing personal information and falling into the scoundrels’ traps.
If you know how and why so many people have their personal information stolen, the less likely you are to be fooled by the tricks criminals use to steal your information. And then you’ll also realize that VPNs and services like Norton/Lifelock are not the answer to this problem. There is no magic elixir.
Things you can do to keep your personal information safe.
- Use strong passwords containing upper and lower case letters, numbers, and symbols. If available use two-factor authentication.
- Change your passwords for financial sites, banks, credit card sites, government sites (tax and Social Security) every three to six months.
- Never click links in emails that appear to come from your bank or any other site that deals with money or highly personal information. Emails from banks, credit card companies, or government agencies will never ask you to click a link to log in.
- Ignore emails from sites dealing with money or that appear to come from government agencies that tell you that your account may have been compromised and tell you to click a link to verify your information. These kinds of emails are almost always phishing emails.
- Always be cautious about where you download software. Avoid downloading software from C|Net, Tucows, FileHippo, or Softonic – these sites are known to bundle software. Whenever possible download from the developer’s website or from SnapFiles or MajorGeeks.
- Always use good security software like Emsisoft. And when it comes to security software – more is not better. While security software cannot prevent you from being tricked, it can prevent malware from being surreptitiously installed on your device.
- VPNs and so-called identity theft protection programs do not keep you safe. Most often if your information is stolen, it’s not because someone or something took it- it’s because you were tricked into giving it away. i
Being cautious and staying informed can go a long way in keeping you safe.