Identity theft is a sordid matter at the best of times. After all, we’re talking about someone taking your place. It might be merely done as a gesture, committing ID fraud online without even making a note of your name (other than to cross it off a list). Or it could be someone turning up at a bank claiming to be you.
But how do these people get their hands on your identity? And what happens next?
How is your identity stolen?
Your identity is typically stolen in one of three ways.
The first way is when your credit card is cloned or copied by an unscrupulous waiter, waitress, street vendor, or similar. More often than not, this happens abroad or in a big city. It’s less common when you’re at home at places you visit regularly.
Second, identity theft can occur if your details are part of a massive data breach. Consider the Experian data breach in 2015, for example.
The third method of identity theft comes thanks to email, SMS messaging, and any other medium where phishing is prevalent. A technique used to fool you into entering your username, password, and personal information into a fake webpage, phishing relies on a semblance of recognition to trap you. So, the message might appear as a password reset mail or perhaps tell you your account has been restricted. You click the link, log in, provide the information they ask for… and your electronic identity is stolen.
How does the identity travel?
Stolen identities are often for sale, almost always added to vast databases for criminals to access and use. In the case of credit cards, these are typically tested to see if they work – a small purchase might be made. Or the purchase might be larger, sent to a nondescript address on an industrial estate, and then sold on. This is money laundering.
So, it’s almost like virtual travel: you stay at home, and your digital identity gets sent around the internet until a buyer is found.
You’re for sale on the Dark Web
Primarily, accounts with money attached are the most desirable. So, bank and credit card accounts, mortgages, online payments like PayPal, hire purchase deals, smartphone contracts – anything that requires a big chunk of personal data for approval.
The more complete the data, the more likely it is to sell.
Most people think of the internet and the web as the same thing. In truth, the internet is merely the infrastructure of routers, data hubs, DNS servers, and cabling. The web, like email, FTP, and the torrent network, sits on the internet.
So too, does the Dark Web, a hidden portion of the online world accessed via the Tor browser. Think of this as a “wild west” internet that is difficult to police. Standard web search tools cannot crawl these sites so you won’t find any results about them on Google.
Like the back alleyway of the internet, the Dark Web is perfect for selling stolen data, weapons, drugs, and other dodgy deals. Remember, identity thieves, are criminals with all illegal operations in progress.
How much is your ID worth?
The Dark Web provides a marketplace for buying and selling your identity.
Each record for sale on the Dark Web makes a profit for whoever stole them. The more comprehensive the data and the balance in the account, the higher the price. A study by Trend Micro found that bank logins alone are $200 to $500 per account.
Single credit cards are usually sold for under $100, with many under $10. This price is reflected in the amount of unused credit available on the cards.
Meanwhile, accounts with mobile phone operators are available for a maximum of $14. That’s small fry compared to the $300 price tag slapped onto your well-used eBay and PayPal accounts.
Remember when you applied for credit and provided a scan or photocopy of your passport? Perhaps your wedding certificate? Those sell for up to $40 – after all, owning someone’s passport details is an instant new identity.
It’s disconcerting to learn how your digital identity is traded. So, here’s a final sobering price: medical data is worth around $1000 per record. Let’s hope your healthcare provider employs secure procedures to protect your data.
Where does your stolen identity go?
Criminals worldwide have access to databases of stolen credit card details, and entire identities—the more complete data collection is, the better. People with incredible wealth are more desirable to thieves, but the super-rich are rarely found here. Instead, they’re usually targeted in a more specific manner.
Thanks to the internet, your stolen identity could end up anywhere worldwide. Financially speaking, you could simultaneously be in London buying trousers and having breakfast in Rio. However, this sort of activity typically results in credit card companies noting something wrong.
As such, your stolen identity probably doesn’t travel far beyond your usual movement pattern. This way, identity criminals can enjoy the longest possible use of your ID. A week would be a long time, but more than enough time to ramp up huge debts in your name.
Keep hold of your identity
The risk is simple: someone who has the critical elements of your identity can claim to be you. ID fraud can be committed with that information and some basic research into your likely wealth.
Data breaches are impossible to prevent. So, the answer is to protect yourself. While your data languish on a database, ready to be used for automated phishing emails or more specific targeting, you can use security tools and credit monitoring services to reduce your exposure.
Cybercriminals don’t like hard work. It takes time, and it isn’t profitable. So instead, they aim for low-hanging fruit, easy wins. Don’t be an easy win – make identity theft difficult, and the criminals will move on to the next victim.