Towards the end of September 2022, the U.S. Federal Trade Commission (FTC) released its statement alerting that cybercriminals started contacting their victims to inform them that their information is on sale on the dark web.
Cybersecurity expert at NordVPN, Daniel Markuson, tells Digital Journal this is in actual fact a phishing campaign and cautions users to take careful steps in case they are contacted.
What to do if you receive an email saying that your data is sold on the dark web?
Markuson says that “While the email can definitely sound scary, this is more likely to be a sophisticated phishing attack. Companies are obligated to inform their customers in case company data gets breached, so they warn users if there is a real risk that their data is sold on the dark web. However, when it comes to the dark web, it is better to be safe than sorry and take some extra steps to ensure your safety.”
He explains that: “Some emails list the stolen information, like all or part of the person’s Social Security number, date of birth, and driver’s license number. The average price for personal information data sets like these on the dark web varies from 8 to 50 USD.”
What should a user do if they receive an email like this?
Markuson answers this with the following advice:
Don’t open any links or attachments in the email.
Markuson says: “most likely, those emails are untrue and are aimed to trick the receiver into disclosing personal information to the scammer. Even if a user doesn’t fill in any forms or reply to a criminal, clicking on a link can result in your device being infected by an info stealer malware, which would then steal all the information stored on the user’s device.”
Change online account passwords.
Markuson advises: “If the user’s data is sold on the dark web, the quickest thing they can do is change the email password. Email accounts often are the weak link in online security because password resets for other accounts go to the email. After changing email passwords, do the same with all the other important digital accounts that you use. Make sure to use long and sophisticated passwords (not shorter than 12 characters) and store them securely in a password manager.”
Check your bank statements.
Markuson cautions: “Hackers can take as little as 6 seconds to brute-force a payment card. Afterward, they can try to use the card themselves or sell it on the dark web. If something in your bank statement seems suspicious, make sure to contact your bank to block or at least freeze your card.”
“The actions you take should depend on what kind of your private information you think could be sold on the dark web. If you think some of your document information (such as passport or driving license number) has been exposed — it is better to contact police to avoid identity theft,” Markuson concludes.
