Dealing in stolen account credentials is big business for hackers. They can easily and widely trade login credentials and full account details in cybercriminal marketplaces to make money for minimal effort.

Although privileged accounts, such as administrator accounts, are considered most valuable, the credit card details and banking information of just about anyone with some money in the bank is also valuable.

“If you transact online, you’re valuable to a hacker. Your login credentials and banking details are inventory for hackers to sell for fraudulent purposes,” warns Douw Gerber, business development manager at Securicom. “Once your bank account is compromised, they have full access to your money and any other sensitive information that is linked to your account. It’s not just banking details that are fodder for cybercriminals, ID numbers, physical addresses and email addresses are also valuable.”

Research by cyber security company, Digital Shadows suggests that there are over 15-billion stolen username and password credentials doing the rounds on the dark web. The average cost of a stolen bank account is $70.91 but some fetch for up to $500.

Prices are influenced by whether or not there is confirmation of access to a certain amount of funds and whether there is other personal identifiable information linked to the account.

“It’s a small price compared to the trouble that can be potentially unleashed on victims. They pay the highest price in the form of having their bank accounts cleaned out, fraudulent purchases made using their credentials or worse, indentify theft,” comments Gerber.

He says hackers acquire account details and credentials in a variety of ways. They hack into company networks and accounts, they use spyware and other malware to capture passwords and user credentials, and they use phishing scams. People don’t know that their account details have been stolen or put up for sale until they receive an alert from their bank or suffer a loss of some kind.

According to Gerber, there is little than anyone can do to remove their personal identifiable information from the dark web. However, he says there are a few things that people should do if they find out that their credentials are available on the dark web.

“Start with a virus scan on your computer and any other mobile device you use to shop, bank, share or transact with online. This is important because if you have a piece of malware installed on any of your endpoints, it will continue to monitor your activity and log your keystrokes. So, if you change your usernames or passwords, these will be logged too. To prevent your devices from being compromised again, install robust endpoint security on all of your devices and make sure that these are kept updated.

“Once viruses have been removed, you can go about changing usernames and passwords on accounts that have been compromised. If it is an email address that has surfaced on the dark web, you should change the login credentials for accounts that are linked to that address. Passwords should never be a word. They should contain at least 12 characters, including uppercase and lowercase letters as well as numbers and symbols. It is also a good idea to have two-factor authentication on your most important accounts. This adds an extra layer of security that makes it harder for a hacker to get in.

“Check all your bank accounts for strange activity and missing money. If you notice anything, contact your bank. Make sure to routinely check your statements for odd activity.”

Gerber stresses the importance of being educated about cyber crime and understanding the risks of engaging and transacting online.

The uBreach functionality within Securicom’s uSecure – a cloud based cyber security awareness platform – can quickly identify exposed email accounts and identities that have been publicly disclosed online via third-party data breaches.