A two-year study reveals the cost of fake passports, compromised bank accounts, and DDoS attacks on the dark web.
Social Security Numbers, despite being widely regarded as outdated and insecure, particularly in the wake of the 2018 Equifax hack, are still used as the primary means of identity verification. As with Equifax, cyberattacks are often targeted at sites that will yield millions of SSNs at a time, allowing cybercriminals to steal “in bulk.”
Which helps explain the revelation that any individual SSN can retail for as little as $4 on the darknet.
And for that low cost, buyers often receive more than just somebody’s Social Security Number. According to Flashpoint, services sold on the dark web can be divided into four primary categories:
- PII (personally identifiable information)
- Stolen financial information
- Forged documents
- Hacker services
For $4, in addition to the SSN, PII packages typically include the victim’s full name, driver’s license number, passport number, and email address.
Financial information tends to be slightly more expensive than PII. Atlas VPN found that access to:
- Compromised bank accounts with a $10,000 balance cost $25.
- Credit cards with $1k-5k balance cost $10.
Notably here: a victim’s credit score also impacts the price, with better scores going for higher price tags. A good credit score makes it easier for cybercriminals to commit fraud without financial institutions cutting
Interestingly, the price also depends on the victim’s credit score. The better the score, the higher the rate. Financial institutions view a good credit score favorably, which makes it easier to commit fraudulent transactions.
Forged documents command the highest asking prices, with physical passport prices ranging from $2,980 to $5k. Meanwhile, the report found that a one-hour Distributed Denial-of-Service (DDoS) attack, in which targeted servers are overwhelmed and effectively shut down, cost approx. $165. That cost increases by 2-5x when it involves attacking a government or bank website.
While these types of hacks and sales are ultimately impossible to prevent, individuals can take critical steps to safeguard accounts and information. Obviously, be as careful as is humanly possible with SSNs and passwords, and try to select security questions that involve answers that aren’t easily discoverable on the web.
But two of the best steps you can take to secure your accounts that are often overlooked are freezing credit lines and securing your mobile devices.
Credit accounts can be frozen for free at the three major reporting bureaus (Equifax, Experian, and TransUnion). This restricts access to your records so new credit files cannot be opened in your name until your account has been unfrozen.
Mobile devices, meanwhile, are notorious sites of scamming. There are simple techniques that will make you more difficult to hack, and to make it easier for you to identify if you’ve become the victim of identity theft.
- Be sure to have a password on your phone and consider using a PIN to access your account.
- Be vigilant with Bluetooth, public Wi-Fi, and downloading free apps—all of which can be used to gain access to your device.
- Enable two-factor authentication (2FA) whenever possible, with preference toward 2FA apps, such as Authy and Google Authenticator rather than SMS texts.
These steps are especially important amid an increase in cybersecurity threats as a result of the COVID-19 pandemic.
The full investigation can be found here.