Let’s be honest: everyone who has a computer is a potential target for cybercriminals, but not all targets are equal. How much effort a hacker may be willing to expend to compromise your account or your computer depends on what your information is worth.
It’s Not Personal
We all worry about bank and credit card accounts. When our accounts get hacked, it feels like a personal attack.
But consider this from a hacker’s point of view. A simple “they stole my card number” attack is worth about $5 to $30 per account on the black market, according to a 2015 McAfee report. Are criminals going to spend 30 minutes to get a single account worth $5—or are they going to spend more time and get $10,000 for 2,000 accounts?
If your account has been hacked, most likely it wasn’t personal—you were just one of thousands that were attacked.
Follow the Money
Many people ask me, “Is it okay to use my credit card on the internet?” That’s a valid concern, one that we addressed in a blog post providing online shopping tips. But keep in mind that to a hacker, a credit card has a limited value. You or your provider could detect a fraudulent transaction and put a stop to it, or reissue the card.
There are more important things to worry about than your credit card. These darknet market values for different types of online banking accounts are from 2015—so they may be worth even more today:
- $20-$300 => Online payment credentials with $400-$8,000 of funds available
- $190 => Bank login credentials with at least $2,200 balance
- $1,200 or more => Bank login credentials with at least $10,000 combined with the ability to transfer money without alerting the account owner
An online bank account is much more valuable than a credit card number. You can recover money stolen with a credit card. But if you discover $20,000 is missing from your bank account, it may be impossible for you to recover it.
What Are You Worth?
It’s not just your bank accounts and credit cards that are attractive to cybercriminals. Hackers also consider your online accounts to be valuable, depending on what those accounts can do.
- Any account that can send money or gift cards is very desirable to hackers. This is one reason why Amazon double-checks your ID when your account is used to purchase gift cards.
- Uber accounts are being hacked so that scammers get free rides while you foot the bill.
- Your email account can be used to send spam and phishing messages. This can be used to trick your friends into sending money or your co-workers into clicking on a malicious link.
- Your accounts on remote services like Dropbox, Google Drive, or OneDrive can be used to host and share malware or illegal files. You don’t want to be accused of providing pirated videos or sharing child pornography.
- Access to your private information can cause you a lot of grief. Examples include providing details for identity theft, burglary, harassment, and embarrassment.
- Your computer is valuable to hackers—and the faster your computer and your network connection, the more your computer is worth. If it gets infected with malware, it could become part of a robot network (botnet): one of millions of computers that allow a hacker to run automated programs on it without you ever knowing. As part of this botnet army, your computer could be used to attempt to infect other computers with ransomware, or to perform a denial-of-service attack on other sites…and much more.
- If you have special privileges (access to systems that control security systems, accounts than can buy or sell products) and access to high-value assets (money transfers, medical or financial accounts, web servers), you could become a victim of a targeted attack. Hackers will often target executives, officers, or those with administrative privileges. They may even hack a secondary account (say, that of a co-worker or a friend) and use that account to perform a social engineering or targeted attack on you.
Brian Krebs wrote a great post on the value of a hacked computer in 2012. He created a graphic that shows the different ways a computer can be used. The SANS institute upgraded the graphic and made a downloadable, printable poster using this information.
So What Can You Do?
The most important thing you can do to protect yourself is to be educated. Reading posts like this one is a good start. In addition, you can:
- Make your accounts less valuable. If possible, you should:
- Remove privileges from your account.
- Disable the option that enables your account to access other accounts.
- Restrict your account’s capabilities. For example, instead of having a single account that handles your life savings and online bill payments, split this into two accounts.
- Segregate account access to different devices (home computer, mobile device, etc.) The more devices that can access an account, the greater the threat. You may want to limit access to your retirement account to a single device that is in a secure location.
- Make your accounts harder for hackers to access. For example:
- Use a password manager so that you have strong, unique passwords.
- Make sure your computer is secure, and apply patches when they are available.
- Don’t engage in activity that will open your computer to malware, such as installing untrustworthy software or visiting dangerous sites.
- Make your valuable accounts harder to hack. To do this:
- Add two-factor authentication.
- Add alerts. For example, check your settings to make sure you are notified when funds in your account are transferred.
- Limit access to your accounts.
Hackers always want easy and valuable targets. Don’t give them what they want. Make it harder for hackers to compromise your assets, and make those assets less valuable.