How much is your identity worth, or at least a small portion of it? Your email username and password, particularly if you are one of many who use Google’s Gmail, are more valuable than you might think, but remain a small price for a cybercriminal to pay compared to the nightmare your stolen data will cause you.
Help Net Security’s February 3rd article addressing “The value of stolen credentials” quotes two “going rates”: $1.50 for a Hotmail account, and $80+ for a Gmail account. $80 apiece may sound like a lot for the sheer numbers that criminals try to acquire, but think of the wealth of information to which they would then have access. For instance, most Gmail users, and businesses in particular, take advantage of the many features of Google Docs, which includes documents, presentations, and spreadsheets.
Not only can crackers (“criminal hackers”) potentially steal corporate credit card information, banking data, company secrets, and the like, but they can also use the account itself as a building point for their nefarious activities. Once cybercriminals have access to one trusted account, they can email out to the victim’s address book, reaching hundreds more and infecting their machines with malware, perpetuating the scheme (this is the same concept that makes spreading malware through social networks so useful for criminals, and dangerous for us). People are less wary of clicking on links sent by a friend. (Along these lines, Twitter accounts are enormously valued. A recent example of a relatively small account, only 320 followers, sold for about $1000.)
The bottom line is twofold:
- Never click on links or open attachments from sources you neither know nor trust, and proceed with caution even when these sources are sent by friends.
- Choose a smart, safe password utilizing letters, capital and lowercase, symbols, and numbers, and vary your passwords among sites. Ideally, you don’t want to repeat passwords. If you simply cannot remember otherwise (and keep in mind that there are password managers that can store this information for you), at the very least, make sure your passwords for high security and low security sites vary dramatically so someone could not guess one based off the knowledge of the other.
Help Net Security, The value of stolen credentials, http://www.net-security.org/secworld.php?id=8819
Network World, Stolen Twitter accounts can fetch $1000, http://www.networkworld.com/news/2010/012910-stolen-twitter-accounts-can-fetch.html