A website on the dark web named Richlogs has emerged as a competitor to the Genesis market, selling digital identities. By collecting and stealing “digital fingerprints” from users’ web browsers, including IP address, web traffic, and operating system information, hackers can impersonate online users and access their sensitive data, include bank accounts, tax sites, and social media accounts. This could be a huge issue, as many users store credentials in their browser, according to a research report from IntSights, a cybersecurity firm based in New York City.
Related: The Best Password Managers of 2019
Security Baron spoke to Ariel Ainhoren, Research Team Leader of Cyber Threat Intelligence at IntSights, regarding digital fingerprints. Ainhoren said,
“I can profile someone by just looking at what sites they have looked at. You can dig up someone’s life to the bone. You can figure it out from their Uber, where they are going, what they are doing….[there are] constant digital fingerprints.”
In his work at InTSights, Ainhoren works with a variety of sectors, from government to financial to credit companies. In his interview with Security Baron, Ainhoren said that phishing is the most common way for hackers to access users’ information across all sectors.
Protecting Companies From Digital Identity Fraud
In order for companies to protect themselves from hackers, companies should invest more in cybersecurity education, Ainhoren said. The research report on Richlogs included a few tips for protecting organizations from digital identity fraud, including:
- Monitor digital identity markets continuously
- Enable two-factor authentication
- Update fingerprinting protocols
- Clear cookies and browser history repeatedly
- Regularly change passwords.
Related: 2019’s Top VPNs
As hackers find new ways to get unauthorized access to accounts and steal information, cybersecurity professionals must stay on top of these tactics and take preventative measures to protect their employees and customers’ data.