What Is Password Trafficking?

By Paul Higgins

Your passwords can sometimes end up in the wrong hands.
i Hemera Technologies/AbleStock.com/Getty Images

While you might know about the dangers caused by hackers or scammers stealing passwords over the Internet, you might not be aware of the black market economy that supports such criminal activities. There are, fortunately, a few things you can do to prevent any of your passwords from ever ending up in the hands of online criminals.


Password trafficking, a criminal offense under most jurisdictions, is the act of sharing, selling or buying stolen passwords. While some hackers or scammers may use the passwords they have stolen for direct personal gain, others may, instead, try to sell them to third parties. Once they have bought a password from a hacker, criminals can then use it to, for example, gain access to the victim's bank account or his personal records.


When buying passwords, traffickers look for credentials that would allow them to gain immediate financial reward. For this reason, online banking services are a prime target for password trafficking. Criminals can, however, also use passwords that give them access to some of the victim's personal information to, for example, steal their identity. Finally, some password traffickers may also use stolen passwords to gain access to sensitive information and, in turn, threaten to release that information if the victim doesn't pay them a certain amount of money.


Password thieves typically use either scamming or hacking techniques to steal passwords. Scamming is the act of deceiving someone into voluntarily revealing his password. A typical example of a password scam is phishing sites, which are sites that masquerade as a legitimate site to trick a user into typing his password. Hacking techniques, on the other hand, require advanced computer knowledge. Typical examples of password-stealing hacking techniques are keyloggers and viruses. Keyloggers are programs that can record every key pressed on your keyboard and send those records to a third party.


Observing a few guidelines can help you prevent criminals from stealing and selling your passwords. To protect yourself against scams, only type your passwords in secured forms and do not reply to emails asking you for your log-in credentials, even if they seem to come from a legitimate entity. In addition, always check the address of the website you are trying to connect to. You can do so by looking at your browser's address bar. If the address is different from the one usually used by that website, contact the company by phone to check its validity. To protect yourself against hacking techniques, enable the built-in Windows firewall and download a free anti-virus application. Run regular system scans to delete any potential security threat.