The theft of credentials and personal data through phishing campaigns is one of the most lucrative and widespread digital threats globally.
A%20recent%20an%C3%A1lysis%20of%20the%20company%C3%B1%C3%ADa%20of%20cybersecurity%20Kaspersky,%20revel%C3%B3%20that%20the88%%20of%20the%20phishin attacks%20g%20searches%20obtain%20access%20to%20services%20in%20l%C3%ADnea, while%20the%20rest%20points%20to%20data%20personal%20or%20banking%20%20information.
One of the questions that arises is what happens to that information after it is stolen and how much your password can be worth in clandestine cybercriminal markets.
The value of your data lies not only in the quantity, but also in the type of access it can grant to cybercriminals.From less than a dollar for basic credentials to hundreds of dollars for bank accounts or cryptocurrencies, the dark web economy turns your passwords and documents into a tradable and reusable resource in a variety of attacks.
Phishing campaigns usually work through fraudulent pages that pretend to be legitimate portals.Users, fooled by persuasive messages, enter credentials, personal data or banking information that are automatically sent to attackers.
According to the cybersecurity report, this data is transmitted through email, messaging bots such as Telegram or private panels before reaching sales channels on the dark web.
Stolen credentials are rarely used just once.Typically, cybercriminals group the data obtained in different campaigns and sell it in large databases.
In some cases, accessing an account can cost as little as $50, while access to cryptocurrency services can reach $105 and bank accounts up to $350.Personal documents such as passports and IDs usually sell for about $15 on average.
The value of a password or document on the dark web depends on several factors.These include the age of the account, the available balance, the associated payment methods and the level of security of the platform.
The more data that is associated and combined, the greater the value to cybercriminals, who can build complex digital profiles and use them in attacks targeting people with relevant assets or access to sensitive information.
From the cybersecurity report it was noted that some accesses are sold for less than a dollar and others can exceed $300 depending on the service.Cybercriminals classify, validate and reuse credentials to try to access multiple platforms and increase their profit.
According to Fabiano Tricarico, director of consumer products at Kaspersky, most phishing campaigns today are optimized to steal credentials.Usernames, passwords, and phone numbers are collected, verified, and traded long after the initial theft.
When this data is combined with additional information, it can facilitate account takeovers and personalized attacks on both individuals and organizations.
The ease with which stolen data is sold and reused means phishing remains a profitable and difficult method to eradicate.Furthermore, the globalization of digital trading platforms facilitates the circulation of these databases among criminals.
To reduce the risk of your credentials ending up in the wrong hands, follow these recommendations:
The best defense against phishing is prevention, education, and the responsible use of digital tools.
