International crackdown on criminal marketplaces selling stolen data
One of the most important tips I have focused on in recent months is the importance of updating and changing your passwords regularly and using unique passwords for different websites. While this helps keep people from easily guessing your password, the bigger issue is the dark web marketplaces that are selling passwords and other account information that could belong to you.
The rising number of damaging ransomware attacks is due to stolen login credentials, typically bought on criminal marketplaces like the one that the FBI recently cracked down on.
DO YOU KNOW ABOUT THIS PRICE TRACKING FEATURE ON YOUR ANDROID?
FBI taking down cybercriminal marketplaces
Genesis Market began in 2018 and was a website that helped facilitate enough cybercrime for the FBI to catch on, and just last month, authorities seized 11 domain names connected to the identity fraud website. Indeed, 119 arrests and 208 property searches were made during a crackdown known as “Operation Cookie Monster” with the goal to shut down Genesis Market after it compromised more than 1.5 million computers worldwide.
MORE: HOW TO SCRUB YOURSELF OFF THE INTERNET
The malicious marketplace was popular worldwide because it was user-friendly and passwords could cost as low as 70 cents per account. Genesis made it easy for hackers to search for login credentials by their type, whether it was social media or banking, for example, making it easy for them to scam any victims they were searching for.
The Department of Justice called Genesis a key enabler of ransomware and said the takedown was “yet another blow to the cybercrime ecosystem.”
TOP APPS TO TROUBLESHOOT YOUR WI-FI SIGNAL
Could my information still be sold on the dark web?
The short answer is yes. Unfortunately, there are still two major infostealer malware marketplaces out there: 2easy and Russian Market. However, the takedown and arrests in multiple countries have scared some of these scammers.
The other issue is hackers can still attempt to obtain your personal login information in other ways than buying it on the dark web. This malware that steals your information is typically deployed through malicious apps or phishing links, which can be sent through emails or texts. For example, hackers embedded infostealer malware into a fake ChatGPT browser extension, which collected millions of login credentials.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER BY HEADING TO CYBERGUY.COM/NEWSLETTER
THE DARK SIDE OF PAYPAL AND HOW TO STAY SAFE
How can you protect yourself against infostealer malware?
Check if your information has been compromised
The FBI has handed over victim credentials to the website Have I Been Pwned, which you can visit here. It’s a free resource recommended by the Department of Justice to quickly check if any of your login credentials have been compromised.
MORE: HOW HACKERS ARE USING CHATGPT TO CREATE MALWARE TO TARGET YOU
Use strong and unique passwords
Create strong passwords for all of your accounts and avoid using the same password for multiple online accounts. Consider using a password manager to securely store and generate complex passwords. It will help you to create unique and difficult-to-crack passwords that a hacker could never guess. Second, it also keeps track of all your passwords in one place and fills passwords in for you when you’re logging into an account so that you never have to remember them yourself. The fewer passwords you remember, the less likely you will be to reuse them for your accounts.
What qualities should I look for in a password manager?
When it comes to choosing the best password manager for you, here are some of my top tips.
- Deploys secure
- Works seamlessly across all of your devices
- Creates unique complicated passwords that are different for every account
- Automatically populates login and password fields for apps and sites you revisit
- Has a browser extension for all browsers you use to automatically insert passwords for you
- Allows a failsafe in case the primary password is ever lost or forgotten
- Checks that your existing passwords remain safe and alerts you if ever compromised
- Uses two-factor authentication security
Check out my best expert-reviewed password managers of 2023 at CyberGuy.com/Passwords
HOW TO DELETE PHOTOS OF YOUR HOUSE FROM REAL ESTATE WEBSITES
Enable two-factor authentication (2FA)
Enable 2FA on your accounts for an additional layer of security. This typically requires providing a verification code in addition to your password when signing in.
Keep your devices and software up to date
Ensure that your computer, smartphone and other devices have the latest security updates installed.
Have good antivirus software on all your devices
The best way to protect yourself from having your data breached is to have antivirus protection installed on all your devices. Keeping hackers out of your devices can be prevented if you have good antivirus software installed. Having antivirus software on your devices will make sure you are stopped from clicking on any potential malicious links which may install malware on your devices, allowing hackers to gain access to your personal information.
See my expert review of the best antivirus protection for your Windows, Mac, Android & iOS devices by heading to CyberGuy.com/LockUpYourTech
Related: Free antivirus: Should you use it?
WHY GEN ZERS ARE GOBBLING UP FLIP PHONES AND REJECTING SMARTPHONES
Identity theft protection
You can also use identity theft protection in case you’re concerned details like your bank account information may be on the dark web. Identity theft protection companies can monitor personal information like your home title, Social Security Number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.
See my tips and best picks on how to protect yourself from identity theft by heading to CyberGuy.com/IdentityTheft
STOP SUBSCRIPTION CREEP IN ITS TRACKS WHILE SAVING MONEY AND PROTECTING YOUR PRIVACY
Kurt’s key takeaways
The recent crackdown on cybercriminal marketplaces like Genesis Market is a significant step in combating the sale of stolen login credentials. However, the threat of info-stealing malware and personal data breaches persists.
It is important to regularly update and change your passwords, use unique passwords for different websites and have reliable antivirus software installed on all your devices. Also, I recommend installing identity theft protection, which can provide an extra layer of security in case your personal information ends up on the dark web.
I know I sound like a broken record – stay vigilant and proactive in protecting your digital identity. It will help you to avoid some potential big headaches down the road.
Have you ever had your password lost or compromised? What did you do? Let us know by writing us at CyberGuy.com/Contact
For more of my tips, subscribe to my free CyberGuy Report Newsletter by heading to CyberGuy.com/Newsletter
Copyright 2023 CyberGuy.com. All rights reserved.