Hackers Charge Just $129 to Access Personal Email, $500 for Corporate Accounts, Report Finds
Personal Email Access is Cheap, But a Credit Card is Cheaper
Dell SecureWorks recently released a report that covers underground hacking in the English speaking and Russian Underground marketplaces.
The report revealed new trends and listed common items available for hacking, along with a price list for services provided by hackers. The price list includes comparisons to costs from 2013 and 2014 for everything from personal email accounts such as Yahoo, Gmail, and Hotmail, corporate email accounts, computer user IP addresses, and U.S. Visa and MasterCard credit cards.
Credit cards: Just $7
Prices range anywhere from $7 for a regular U.S. credit card, to $500 for a corporate email mailbox, to $10,000 for a physical counterfeit U.S. passport. Premium credit cards, such as Discover and American Express, were higher at $30 per card, while Crypters cost anywhere from $80-$440. Hackers apparently are even willing to steal airline and hotel chain points, for a mere cost of anywhere from $200 to $450.
Need Additional Cash? Hackers Can Get it - For a Fee
Bank accounts will cost individuals a little more, especially those in Australia, where an account hack to gain $62,567 will cost someone about $3,800. Less money from an Australian account will actually cost a person more money to acquire: a mere $4,750 will buy someone $18,000 ANZ.
According to the report, hacking tutorials are also available to help teach individuals how to hack, with prices being based on the number of videos. What's more, hackers are even offering robust customer service, posting operating hours online, no pre-payment, guarantor service, professionalism, and, yes, even trustworthiness and honesty.
Yes, the report indicates that one website "provides conditions for repayment of funds" if a customer is not entirely satisfied.
What does this mean to the individual consumer and corporate business? Dell offers a pretty comprehensive, if seemingly daunting list of do's and don'ts for internet and computer safety.
Below are a few of Dell's suggestions to maintaining personal and organizational security online.
For Individual Consumers
To protect bank accounts, credit cards, and personal information, the company suggests:
- For online banking and bill paying:
- Use a dedicated computer that is only for that purpose and is not used for internet searches or emails, which can result in web exploits or malicious emails.
- Around town:
- When entering PIN numbers, cover the keypad.
- Avoid hidden, non-bank ATMs which allow thieves easy access without detection.
- Monitor balances for fraudulent transactions:
- Check bank and credit card statements regularly.
For safer online browsing and email:
- Avoid installing free pop-up software, as these often contain viruses/malware.
- Avoid opening emails from unknown senders.
- Do not open suspicious links or attachments, especially if the email comes from an unknown or suspicious source.
- Be cautious using trial versions of software indefinitely. Trial versions often do not receive updates that are critical to maintaining the software's security, leaving computers open and vulnerable to malware/viruses, trojans, and hackers in the future.
- Install updates to software as soon as they become available to ensure protection of computers.
For Corporate Organizations
- Educate employees:
- Ensure that employees know to avoid clicking on suspicious emails, links, and/or attachments and verify any emails that are of concern with the sender.
- Ensure that the organization employs a mandated two-factor authentication for any remote access, all employees, or authorized users (business partners, vendors, etc.).
- Avoid having local administrators as this is often exploited by hackers.
- Ensure a robust data backup system, both at the facility and offsite, with strong defenses and a continuity of operations/crisis action plan should a data breach occur.
- Build a system of strong technological defenses:
- Use Intrusion Prevention Systems or Intrusion Detection Systems (IPS/IDS) to detect/block cyber threats by inspecting inbound/outbound traffic.
- Employ the use of encrypted email.
- Use the latest security intelligence (human intelligence) to identify threats.
- To help identify any suspicious communications that are being sent to/from the host, examine network connection data.