Online Black Market

How Did Someone Steal My Identity?

Maybe you’ve received a data breach notification or discovered fraudulent charges on your bank account. Either way, you know it’s not good news. But now what? You know your data’s out there, but how exactly did it get there? And where is “there”?

If your name was on one of the 85,611,528 records maliciously exposed in data breaches last year, there’s a good chance that you would have found it floating around one of the darkest corners of the Internet — the Dark Web.

The Dark Web is a portion of the Internet that cannot be found via search engines and is a hub for illegal activities. This is where you will find a variety of online black markets and black market chatrooms. They are used to facilitate drug trades, cyber attacks, murder-for-hire and identity crimes.

On the online black market you’ll find various websites devoted entirely to identity theft and fraud. These poorly designed sites, reminiscent of EBay or Amazon circa 1990, provide many of the same online shopping amenities we see on reputable sites every day— flash sales, return policies, and easy online payment options.

Batches of credit card numbers and other PII such as Social Security numbers, passports, and birth certificates are bought and traded daily. These documents can help fuel illegal travel, obtain government assistance, commit fraud or create a shady criminal record using your good name.

Your Identity Is Probably In The Bargain Bin

The online black market makes it quicker, cheaper and easier for criminals to commit identity crimes while remaining relatively anonymous. With these features, criminals have driven down the cost of a new identity to rock bottom prices.

Dell SecureWorks found that a Visa or MasterCard number with the CVC code (3-digit number on the back) sells for $4 in the United States, and a complete U.S. identity (data only; no physical documents) — which typically includes your full name, address, email address, Social Security number and bank account information — sells for only $30.

Hacker Product and Service

1. Price in 2013

2. Price in 2014

Visa and MasterCard (US)

1. $4

2. $4

American Express (US)

1. $7

2. $6

Discover Card (US)

1. $8

2. $6

Credit Card with Track I and II Data (US)

1. $12

2. $12

Credit Card with Track I and II Data (UK, Australia, and Canada)

1. $19 – $20

2. $19 – $20

Credit Card with Track I and II Data (EU, Asia)

1. $28

2. $28

Complete Stolen Identity (US)

1. $25

2. $30

New Identities, plus matching utility bill

1. N/A

2. $250; matching utility bill an additional $100

Counterfeit Social Security Card

1. N/A

2. $250 – $400

Counterfeit Drivers’ License

1. N/A

2. $100 – $150

Counterfeit Passport (Non US)

1. N/A

2. $200 – $500

High Quality Bank Accounts with Verified Balances of $70k – $150k

1. N/A

2. 6% of account balance

The Role of Data Breaches

Do you remember when hackers stole 40 million credit card numbers from Target? That data breach was actually discovered once stolen cards were posted for sale on the online black market.

During a data breach, cybercriminals will use malware, social engineering or their own knowledge of cybersecurity to hack into a businesses’ database. From there, they can steal any unencrypted information that is left vulnerable.

This information may include your personal, financial, medical, employment or criminal information.

Identity thieves are beginning to favor medical credentials due to healthcare’s security limitations and the plethora of personal, medical and billing information these facilities hold. Information used to commit medical identity theft costs notably more on the black market than payment cards.

It is vital to be cautious when sharing your information with businesses and take immediate actions after receiving a data breach notice and be aware of how to react to medical identity theft — a crime that can hurt you physically and financially (on average, victims spend $13,500 in out-of-pocket expenses to resolve a medical identity theft incident).

Take a look at the “Day in the Life of a Stolen Healthcare Record.”

A Cautionary Tale

The mystery surrounding the online black market may make it somewhat tempting to snoop around a bit… But the risk is simply not worth the reward.

First, it is impossible to get to the online black market without the right security measures in place. Plus, since there is no search engine, you have to know the exact link to any site you wish to visit beforehand.

The online black market is also riddled with rather disturbing and illegal activities. Law enforcement regularly monitors these stores and forums and will be able to pick out a novice thief, who would accidently give their identity or location away, in a heartbeat. If you are caught interacting with such illegal forums, you may face legal consequences.

One popular marketplace, Silk Road, exemplifies these risks. The creator, Ross Ulbricht, recently received a life sentence for his role in enabling the sale of illegal goods on his website. He is still awaiting sentencing for a murder-for-hire charge in Maryland after a hit man was successfully hired using Ulbricht’s website.

Identity Theft Steals Money, Time And Peace Of Mind

While a payment card costs a cybercriminal less than a fast-food meal, the cost to the victim is exorbitant?

Last year, there were 12.7 million victims of identity fraud in the U.S. As a result, consumers incurred $16 billion in total fraud losses and were left spending a per-incident average of 25 hours of their personal time resolving the matter.

Many of these hard costs are initially shouldered by the consumer, but later reimbursed by their financial institution. However, financial institutions are not completely immune to the financial shock of a data breach.

In 2014, banks began automatically reissuing payment cards following the Target data breach to avoid experiencing additional fraud down the road. Experts estimated that banks and credit unions incurred $200 million in expenses following their mass recovery efforts. It is undeniable that these excessive costs would ultimately fall on the consumer through indirect fees.

To stay personally and financially protected, it is vital for consumers to remain aware of the latest data breach news and take proactive protection measures every day.