You can buy pretty much anything on the internet. You just need to know where to look. For most of us, the only times we'd venture off the beaten track would be to find a specialist birthday gift perhaps, or a niche item you spotted on Pinterest, Facebook or Reddit. But what might surprise you is that in some places, your digital belongings could also be listed for sale - all at rock bottom prices.
Roll up, roll up. Welcome to the murky world of the underground economy. Here, everything is for sale - even Netflix and Spotify accounts. The crooks selling your details have no regard for the damage they cause, they're just interested in making a profit. Our researchers at Symantec have seen increased interest in selling media accounts online along with a host of other accounts and illegal services. For Netflix and Spotify, the cost per account could be as little as 10 cents, ranging up to US$10. Similarly, accounts for ride-hailing apps such as Uber can change hands for as little as US$1. You might ask why such account information is sold at rock-bottom prices. The answer lies in the fact that the hackers often already have access to the accounts they are selling, as they stole and stored this information when they first infiltrated the victim's computer or mobile device. This is a secondary income generator to maximise the profits they have already gained from exploiting this information themselves.
Out of sight
With most mainstream commerce sites vigilant to this type of trading, the underground economy lives in the deeper, darker parts of the internet. Underground forums and dark web sites are publicly accessible but evade much of the scrutiny directed towards most regular shopping sites.
Also for sale within the underground economy are restaurant cards, hotel bookings and frequent flyer miles. Then there are the online banking details and PayPal accounts, along with retail shopping accounts for the likes of Amazon. Credit cards are still the most sold digital good on underground forums.
But things get really concerning when you see the amount of "crimeware-as-a-service" options online. Now, you don't even need to be a computer geek to be able to hack into machines. You just need to be able to pay for the services of, or the software from, those with the capabilities. There are even people who will sell you the ability to cash out your ill-gotten gains, which remains the most difficult part of being a cyber-criminal.
It'll probably make you feel a little uneasy to think that account details can be traded so easily and widely online. Here are some things you can do to protect your personal data online.
• Beware of fake links and bogus file attachments - Never click links or attachments in an email that appear to be from your favourite shopping site. Type the address into your browser instead
• Strengthen your passwords - Use a unique and complex password for each account you have. Remember to use a mix of numbers, symbols and letters in lower and upper case
• Protect your bank details - Always look for the padlock icon at the bottom of the browser frame when making a payment. Also, never let a website 'remember' your card details
• Update your security - Make sure you have robust security software installed and is kept up to date to ensure you're protected against even the latest threats that are emerging
• Check your statements - Always check your credit card and bank statements to look for unexpected transactions