Identity Theft: I Can Sell Your Details For $15. How You Can Stop It

More than 8,000 identity records are compromised online every minute: RSA

Cyber crime and identity theft is a booming industry. People are stealing your information and spending your money. Now, just after one of history’s biggest data hacks in America, you need to start preparing and protecting your information.

Hackers are a creative lot, especially when it comes to those that make a living out of stealing and selling the information of others. But this isn’t just a hobby a few shady computer nerds have, this is a thriving economic industry with million dollar marketplaces, its own language and its own industry practices and ‘how-to’s’. Welcome to the dark world of identity theft and cyber crime.

Why would people be attracted to this type of life? Why would they hunt for information on my date of birth or where I lived? Information is valuable. Especially when it can lead to a number of untraceable crimes such as credit card stealing, stealing identities and moving your money into untraceable accounts. What other job could a young teen do from his home to secure $5000 in a week?

If you believe security agencies are developing their ways to defend against attacks and protect your personal information you are dead wrong. Hackers and everyday dark web entrepreneurs are making a living out of sharpening their skills and exposing huge backdoors in the systems of your computer, your banks, financial institutions and some of the world’s biggest financial data holders.

Don’t believe me? One of America’s largest credit reporting agencies, Equifax, was hit recently by hackers in what has been one of the biggest data breaches in history. And what do they get out of this? The information is the same as a thief stealing your wallet on the street, only you don’t get to see the face of this thief and he gets access to more than just your wallet.

Out of the Equifax breach, hackers were able to secure names, addresses, birth dates, social security numbers, drivers license details and the credit card numbers of 143 million Americans. That’s everything someone would need to call up a bank, verify your identity and change details, or to make some small online purchases or to open an account in your name.

You need to start preparing against identity theft

Prepping is all about keeping a level of preparedness to deal with any circumstance that you are likely to come across. This means you should be prepping for something that may happen, which makes sense, right? But digital prepping against identity theft and cyber security breaches are just as important as prepping a food supply for a disaster because it is just as likely to happen, if not more considering 8,000 identity records are compromised online every minute.

The problem is, these thieves have a very easy market. Sure, if you want to defend your home some people might buy a gun, install an alarm system or get a dog. That would stop anyone from breaking in and walking out with your television set.

But while everyone is arming themselves against what was once a robber who would break through your window, they are failing to arm themselves against the intelligent thief. This thief can walk into your house while you are watching TV with your family, and take everything you own.

“This thief can walk into your house while you are watching TV with your family, and take everything you own.”

And now these thieves are striking in bulk. They are practically harvesting your wallets. We have seen some pretty significant breaches over the past two years, and it doesn’t look like anyone is winning against these bad guys. This graphic below just goes to show how well they are at breaching the walls of some of the world’s biggest companies:

Recent security breaches displayed. Source: informationisbeautiful.

These statistics on data breaches above might not seem like anything relevant to you. But they do expose a hole in your personal security in the manner that they involve email addresses, names, numbers and other data that I mentioned before that also came with the Equifax leak. With this data, it is easy for someone to sit on that information and track your movements until they have enough information to fulfil credit card purchases or to sell your information online.

What happens to your information after an identity theft?

Let’s take a look at the Equifax scenario. We have a hacker, or a small team of them, that pokes and prods a wall until they find a small hole to break through. For Equifax, it was a tool designed to build web applications that had the security hole. One small security flaw and the thieves have access to the same information that is in the wallets and handbags of 143 million people.

Once they have secured that information, much like typical bank robbing movies, the thieves leave the scene, clear their tracks and sit on their pile of gold for quite some time. While some people are likely to change their passwords and credit cards, a lot of those identities will still stay ripe for the picking.

After waiting until the dust settles, profit-hungry thieves will resell that credit card and identity information on dark web marketplaces under anonymous usernames. They will only leak sales one bit at a time as they are aware that law enforcement and cyber crime investigators will be watching for any traces of Equifax identity theft accounts. All of this will take place through bitcoin or other crypto transactions and the thieves will most likely use a number of ‘washing’ mechanisms to ensure their payment remains untraceable.

Effectively, they have just taken your wallet and sold it to the highest bidder without you even knowing and all by the comfort of their couch while eating takeaway pizza.

So how much will they make out of your details? Onselling bulk amounts stolen credit card information is quite profitable. For a dark web entrepreneur, the prices for this information can vary, such as:

  • VISA and Mastercard credit cards can go upwards of $15
  • VISA premium can go upwards of $28
  • US Email accounts (that have regular personal traffic) $130 per account
  • US Social media accounts $130+ per account
  • Corporate email accounts $460+ per mailbox

Here’s a market view on just how easy it is to purchase these details.

Using this information is very simple for the purchasing thieves. For instance, Equifax executives already have the passwords to their accounts on sale on the dark web. This means that with a simple access to their email account, they can access social sites such as LinkedIn and find other co-workers who may be good targets for future hacks. All it takes is a simple email to a work friend with an attachment to upload a method for a hacker to track every key typed and every movement made on that computer.

Before you know it, a hacker has just made access to volumes of passwords, emails and databases of employee and customer information. If hackers can do this to a company, imagine what a thief, armed with a ‘how-to’ guide found on the dark web for free, can do to your finances and network of family, friends and coworkers.

Oh, and what about the guy that bought your credit card on the dark web for $15, what’s he going to do with it? He might use it on Amazon to buy nike shoes that he can sell to neighbours or on local trading forums. That’s easy money for him, just like this young guy in New Zealand making $5000 a week.

If you are like me, you don’t want this happening.

How you can prepare against identity theft

Chances are, if you have a social account and more than one email address, you might have been breached already. Information is passed through social applications to an almost infinite amount of third-party applications without our knowledge. For every one of those third-party applications, our chance of having our information leaked is exponentially increased.

Here are some things you can do right now to ensure what you currently have is safe, and what you do in the future is safe.

1. Check to see if your email is compromised

A team affiliated with Microsoft, and keen on helping the online world with its safety, has created a website to ensure your email has not been compromised. This is the first step and running your email address through this site will let you know what affiliated breaches have occurred through your social and third-party applications.

Run your email through Have I Been Pwned? to check for any past breaches. You should also check the Equifax website to see what damage may have been done to your personal information

2. Get identity protection

Because your private information has been leaked or could be at risk, chances are you are very susceptible to identity theft. You can use protection from Identity Force, who also protects US Military and US Government employees from identity theft.

Identity Force monitors your information to detect whether it is being illegally sold or used and runs precaution programs to stop your information being leaked. They also have a $1 Million Identity Theft Insurance policy. I recommend checking out their free trial and seeing what they have to offer.

3. Change all of your passwords

If any of your online accounts have been compromised, you should be changing that account’s password right away. If you are using the same account for any of your other accounts, you should probably be changing them as well.

According to some ‘good hackers’, the best type of password is a full sentence that would only be known to you.

For instance, you could use something such as: “My #1 favourite thing in the world is my family”.

Of course, don’t use that exact one.

4. Contact your financial institutions

If you have concerns that your identity and information is at risk, a quick chat with your bank would not hurt. They can put a closer watch on your bank account or credit card to search for any fraudulent transactions. If there is, most of them go through a very quick process of cancelling your card and issuing you with a new one immediately.

Take the steps to stop it from happening

Taking the steps to having effective monitoring systems in place with identity monitors such as Identity Force and even regular viewing of your transaction history, email accounts and social accounts can mean the difference between your details and financial information being breached.

There are also 8 simple safety steps that you can take online to stop any suspicious activity on your phone and computer which you should be following as a simple every day practice.

Let me know your thoughts on this topic!