Identity theft is a sordid matter at the best of times. After all, we’re talking about someone literally taking your place. It might be merely done as a gesture, committing ID fraud online without even making a note of your name (other than to cross it off a list). Or it could be someone turning up at a bank claiming to be you.
But how do these people get their hands on your identity? And what happens next?
How is your identity stolen?
Your identity is typically stolen in one of three ways.
The first way is when your credit card is cloned or copied by an unscrupulous waiter, waitress, street vendor, or similar. More often not this happens abroad or in a big city. It’s less common when you’re at home at places you visit regularly.
Second, identity theft can occur if your details are part of a massive data breach. Consider the Experian data breach in 2015, for example.
The third method of identity theft comes thanks to email, SMS messaging, and any other medium where phishing is prevalent. A technique used to fool you into entering your username, password, and personal information into a fake webpage, phishing relies on a semblance of recognition to trap you. So, the message might appear as a password reset mail, or perhaps tell you your account has been restricted. You click the link, log in, provide the information they ask for… and your electronic identity is stolen.
How does the identity travel?
Stolen identities are often for sale, almost always added to vast databases for criminals to access and use. In the case of credit cards, these are typically tested to see if they work – a small purchase might be made. Or the purchase might be larger, sent to a nondescript address on an industrial estate, and then sold on. This is money laundering.
So, it’s almost like virtual travel: you stay at home, your digital identity gets sent around the internet until a buyer is found.
You’re for sale on the Dark Web
Primarily, accounts with money attached are the most desirable. So, bank and credit card accounts, mortgages, online payments like PayPal, hire purchase deals, smartphone contracts – anything that requires a big chunk of personal data for approval.
The more complete the data, the more likely it is to sell.
Most people think of the internet and the web as the same thing. In truth, the internet is merely the infrastructure of routers, data hubs, DNS servers, and cabling. The web, like email, FTP, and the torrent network, sits upon the internet.
So too does the Dark Web, a hidden portion of the online world accessed via the Tor browser. Think of this as a “wild west” internet that is difficult to police. Standard web search tools cannot crawl these sites, so you won’t find any results pertaining to them in Google.
Like the back alleyway of the internet, the Dark Web is perfect for selling stolen data, weapons, drugs, and other dodgy deals. Remember, identity thieves are criminals, with all manner of illegal operations in progress.
How much is your ID worth?
The Dark Web provides a marketplace for your identity to be bought and sold.
Each record for sale on the Dark Web makes a profit for whoever stole them. The more comprehensive the data and the balance in the account, the higher the price. A study by Trend Micro found that bank logins alone are $200 to $500 per account.
Single credit cards are usually sold for under $100, with many under $10. This price is reflected in the amount of unused credit available on the cards.
Meanwhile, accounts with mobile phone operators are available for a maximum of $14. That’s small fry compared to the $300 price tag slapped onto your well-used eBay and PayPal accounts.
Remember when you applied for credit and provided a scan or photocopy of your passport? Perhaps your wedding certificate? Those sell for up to $40 – after all, owning someone’s passport details is an instant new identity.
It’s disconcerting to learn how your digital identity is traded. So, here’s a final sobering price: medical data is worth around $1000 per record. Let’s hope your healthcare provider employs secure procedures to protect your data.
Where does your stolen identity go?
Criminals around the world have access to databases of stolen credit card details and entire identities. The more complete the collection of data, the better. People with greater wealth are more desirable to thieves, but the super-rich are rarely found here. They’re usually targeted in a more specific manner.
Thanks to the internet, your stolen identity could end up anywhere in the world. Financially speaking, you could be simultaneously in London buying trousers and Rio having breakfast. However, this sort of activity typically results in credit card companies noting that something is wrong.
As such, your stolen identity probably doesn’t travel far beyond your usual pattern of movement. This way identity criminals can enjoy the longest possible use of your ID. A week would be a long time, but more than enough time to ramp up huge debts in your name.
Keep hold of your identity
The risk is simple: someone who has the key elements of your identity can claim to be you. With that information and some basic research into your likely wealth, ID fraud can be committed.
Data breaches are impossible to prevent. So, the answer is to protect yourself. While your personal data languishes on a database, ready to be used for automated phishing emails or more specific targeting, you can use security tools and credit monitoring services to reduce your exposure.
Cybercriminals don’t like hard work. It takes time and it isn’t profitable. Instead, they aim for low-hanging fruit, easy wins. Don’t be an easy win – make identity theft difficult and the criminals will move on to the next victim.