Have you ever been a victim of identity theft? If you have, you know how it can complicate your life. If you haven’t you should consider yourself lucky. The repercussions of identity theft can last from a few days to several years, depending on the type of theft and how quickly it has been reported. According to Javelin’s report, 49 million people fell victim to identity theft in the U.S. alone and lost $43 billion. But what happens to the data that is stolen during these incidents?
Data breaches have become almost a daily occurrence, and a large amount of information is stolen every year. We can all agree that 2020 was the worst year, with the pandemic, financial crisis and ecological disasters, but 2020 has also been one of the worst years for cyber attacks. The resulting financial losses came to exceed $4.2 billion.
Depending on the motives of the hackers there are several options of action. They can release your data to embarrass you, blackmail you to extort money, sell them on the dark web or simply give them away for free. What’s even worse is that the stolen data can be used for espionage. That was the case of the stolen information about the personal data of 500 million guests in Marriott hotels.
The items sold on the dark web vary from physical passports and identity cards to documents scans, packages containing identity documents and selfies, hacked social media accounts, emails, cryptocurrency accounts, payment processing services accounts. The list goes on and depending on popularity the prices change.
According to the Dark Web Price Index 2021 by Privacy Affairs stolen PayPal account details with no balance costs only $14, however with the balance of a minimum of $1,000 the price goes up to $120. With the booming crypto exchange platforms and cryptocurrencies on the rise, access to the platforms has become very popular. The largest exchange in the world, Binance verified account costs only $410.
Stolen social media accounts cost from $35 to $65, but one thousand followers on Instagram costs only $5. Hacked Gmail account can be bought for only $80. A Netflix account with a paid one-year subscription has an average price of $44.
And when it comes to stolen or forged documents prices differ depending on the country or if it is a physical document or a scan. US documents scans are sold for less than $100. A physical Polish passport costs on average $4,000, but the Lithuanian passport only $1,500. The priciest document is the Maltese Passport which is sold for $6,500. European Union National ID card can be bought for an average of $120.
The data can be used in several ways, depending on their type. The information can be used in a malware attack through social engineering. Stolen credit cards or security codes can be used for making fraudulent transactions. Personal information can be used in identity theft. The person who purchased the details can apply for loans, create new bank accounts and apply for credit cards. It can also be used by marketing companies for spam campaigns. The most popular is simple extortion. Hackers can blackmail their victims and threaten to leak personal information if they will not receive the ransom. Stolen social media accounts can take over the already established following. Access to verified accounts on different payment platforms or exchanges can be used to launder money.
Moreover, the stolen identity may be used by fraudsters to create fake listings of non-existent products or services on marketplaces. Then, they can obtain personal and financial data by interacting with honest buyers and use it for another illegal activities. Platform’s operators are responsible for protection of their users and the identity verification service for marketplaces may help to achieve this goal. For more information, see our article on KYC procedures for marketplaces.
While to an ordinary person this information may be not useful at all, we can see just how valuable our personal information can be to a hacker. We already share so much of our lives on the internet and sometimes we can even share personal information without knowing it. Criminals exploit the shift to online activities that the pandemic has forced upon us. Millions of people have fallen victim to identity theft or identity fraud and it takes a long time to get their life together after the attack.
The time depends on the type of fraud that has been committed. Sometimes it can be over when you report it and for example, block your credit card. But more serious cases can take months and even years. The victim has to prove in court that the crimes or other violations were not committed by them.
Do not give away your personal information to everyone who asks. Watch out for phishing attacks, use different passwords for each application, use a password manager to keep track of all your passwords. Use two-factor authentication whenever it is available. Don’t use public Wi-Fi for any actions that require your personal information. Check your bank and credit card statements and look for unauthorized transactions. Use data breach notification services to learn if your information has been stolen. Make sure all of your security measures are up to date. You can also check for breaches that might include your data.
Fully-Verified was created as answer to its founders collectively losing over $150 000 to various types of fraud in their eCommerce businesses.