If you’ve ever received a phishing email attempting to capture your Apple ID login – like the recent App Store subscription ones – there’s a good reason for that: they can be sold on the dark web for $15.39 each.
That’s the most valuable login on the market for anything outside of the financial services sector, according to research conducted by top10vpn.com …
Our team reviewed all fraud-related listings on three of the largest dark web markets, Dream, Point and Wall Street Market over 5-11 February 2018. Relevant listings were collated and categorized in order to calculate average sale prices.
Interestingly, when it comes to financial accounts, bank accounts are not the most highly-prized logins. The site found that PayPal credentials fetch the highest price, at an average of $274 each, compared to $160.15 for a bank account. However, the value depends on the balance of the account – typically selling for around 10% of the available balance.
Prices for other accounts vary.
Dark web bidders can get hold of your passport details for as little as $60, while access to online shopping accounts such as Amazon and Walmart are rarely worth much more than $10 and often a lot less. Even eBay accounts with their broad scope for fraud fetch just $12 on the dark web.
Vital communications services, like Skype and T-Mobile, are worth less than $10 each. With these details, fraudsters could send messages containing phishing links to trusted contacts or get around security features that rely on SMS verification.
On the dark web, even logins to dating sites are valuable, and tend to earn bidders on average $3.11 – allowing criminals to ‘catfish’ potential matches, sparking up relationships to manipulate people for financial gain.
Higher-value credentials include:
- Western Union: $101
- Debit card: $67.50
- Credit card: $50
For online shopping logins, the most valuable is for Macy’s, at $15.34 – a little less than the value of an Apple ID. If a scammer managed to obtain all of your logins, and sold the lot, they would fetch $1200.
The site recommends the use of a VPN (of course), alongside two-factor authentication.