The market for stolen identities is thriving.
But it’s not just individual pieces of information that are selling. According to research from Dell SecureWorks, cybercriminals are also hawking complete kits of information. For example, a scan of a working social security card, name and address can go for $250. Another $100 will get a buyer a utility bill for additional identity verification.
According to the research, hackers are monetizing all kinds of data, and utility companies are right alongside banks, retailers and healthcare providers as sources of personally-identifiable information (PII).
“The new identity kits were for U.S. residents only, and you could choose an identity for a person living in a specific state,” said David Shear, network security analyst at Dell SecureWorks. “The prices mentioned are just for American identities because they also come with a corresponding utility bill if you want.”
Counterfeit non-U.S. passports cost between $200 and $500.
“For this price, you can provide your own specifications: name, address, place of birth, age, etc. and then you will receive a scan of the passport,” according to the report. “Most businesses will accept a scan of a passport as proof of one’s identity, and it is easier for the scammer to produce. This form of identification can be used to assist in fraud: credit card fraud, check fraud, government assistance fraud, etc.”
U.S. passports were not widely available on the underground hacker markets the researchers analyzed. However, U.S.-based drivers’ licenses cost between $100 and $150 each, and could be customized to include any name, street address or state.
“The hackers are also imitating actual holograms on the licenses,” the report noted. “Of course, if you want to purchase them in bulk the price per license goes down. A fake driver’s license can be used to assist in many types of fraud, including check and credit card fraud.”
According to Shear, there are five to 10 popular markets that get a lot of traffic because the hackers behind the market have good reputations.
“I was surprised so many 100 percent satisfaction guarantees along with the goods,” Shear said. “There are a lot of competition with the stolen payment cards for example and these sellers want the buyers to come back to them so they have to offer something extra , plus they have a lot of inventory to pull from.”
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- Malicious NPM, PyPI Packages Stealing User Information
- VMware Confirms Exploit Code Released for Critical vRealize Logging Vulnerabilities
- 98% of Firms Have a Supply Chain Relationship That Has Been Breached: Analysis
- Dutch, European Hospitals ‘Hit by Pro-Russian Hackers’
- Gem Security Gets $11 Million Seed Investment for Cloud Incident Response Platform
- Ransomware Leads to Nantucket Public Schools Shutdown
- Stop, Collaborate and Listen: Disrupting Cybercrime Networks Requires Private-Public Cooperation and Information Sharing
- Boxx Insurance Raises $14.4 Million in Series B Funding
