Cybercriminals could be assessing the value of your identity and putting it up for sale at this very moment. That’s right. Selling actual people fortunately went out of fashion in civilized countries back in the 19th century. In 2019, identity theft and black-market identity auctions are thriving. What’s more, this dark business has been given fresh momentum with the growth and development of the Dark Web.
In this article, we’ll be looking into the covert trade in personal identities, yours possibly included. By tracking how our digital selves are bought and sold in the dark corners of the web, we’ll try to find out how much our identities are actually worth. As we learn the numbers, the discoveries we’ll make along the way will be quite shocking. With that in mind, let’s dive right in.
Dark Web as an identity marketplace
The part of the web we see and use daily is merely the surface of something much deeper. And, surprisingly, much larger. It’s easy to assume that search engines like Google encompass the whole World Wide Web, but they don’t. In fact, they don’t even come close.
Alongside the normal internet, websites have a huge archive of unindexed material (the “Deep Web“). But there’s also a much more well-concealed part of the web that Google never touches. Because of its secrecy, this has been coined the “Dark Web,” and it has become a key place for stolen identity purchases.
On the Dark Web, the identity of its users is almost impossible to trace. It can only be accessed via tools like TOR that wrap up your identity in a series of layers, rerouting your traffic until no trace of your original identity is left.
This makes it the natural habitat for people who want to make illicit transactions. Drugs, weapons, the worst types of pornography – all of them are freely available via cryptocurrencies on the Dark Web. And so are billions of stolen identity records. One of them could be yours.
How do identity records enter the markets of the Dark Web?
Every week, stories seem to emerge about data breaches from corporations and public organizations. You’ve probably been caught up in one to some extent. Perhaps it was flight records from a company like British Airways, or Yahoo account details. Anyone’s data is vulnerable.
When data breaches happen, the information involved doesn’t just disappear. It’s often put and stored on the Dark Web, and then turned into a marketable commodity.
By linking together pieces of stolen personally identifiable information (PII), hackers can create fake or real identities that can easily be used to take out credit cards and steal funds from bank accounts. And in some cases, known as “fullz,” these identities include vast troves of details – from postal addresses to Social Security numbers, driver’s license numbers, or even your mother’s maiden name.
How does the PII market work?
Not everyone’s data is on the Dark Web, but it’s likely that you or your family have already been affected. However, this doesn’t mean that hackers have access to your “fullz.”
Most of the time, a few pieces of PII leak onto the Dark Web. Often, that’s just a Social Security number. But even then, criminals will put a price on the number and advertise it for sale.
Typically, a Social Security number on its own won’t go for much. $2.99-$3.99 is standard. When you add in other pieces of data to create fullz, the price jumps a bit, but not that much. Estimates vary depending on the individual concerned, but expect fullz to sell for around $8 – not much more.
However, fullz aren’t the only identity documents for sale on the Dark Web. For example, digital scans of passports tend to average around $15 apiece. And the price will leap if “secondary ID” is included, such as a license number.
According to Experian, diplomas sell for $100-400, while medical records can be the most valuable of all, often retailing for $2,000.
How to find out what your value is on the Dark Web
If you want to know whether criminals are selling your personally identifiable information, one method is to visit the black markets of the Dark Web to find out.
If you choose to do so, paying for high-quality protection (such as a secure VPN for Tor) is highly recommended. This will make it very difficult for anyone to see whether you have accessed TOR and add extra assurance that your activities on the Dark Web will remain private.
Remember, you’re accessing very shady digital locations here, and there’s no need to expose yourself.
To get onto the Dark Web, head here to download TOR (just make sure to pick a quality VPN beforehand). When you log onto TOR, you’ll need to use special Dark Web links to find the right marketplaces. Look here for a list of current websites that may host your PII.
Alternatively, companies like EquiFax and Experian offer “trawling” services which check Dark Web marketplaces for users’ information. That may be a safer option, and professional searchers should know exactly where to look.
What to do if your identity is being sold
So, what happens if criminals are buying and/or selling your identity? First off, don’t panic. Unless you have direct knowledge of theft from your actual bank account, or fraudulent credit card demands, you’re probably fine.
After that, you’ll need to report the identity theft to your bank(s) and, ideally, to the authorities. Look back through your records and report any suspicious credit card activity. Anything out of the ordinary should be flagged and investigated.
After that’s done, try to tighten up your online security procedures to reduce the risk of further PII leaks. Denying your data to criminals is the absolute best way to reduce your presence and value on the Dark Web. In fact, there are several ways to do so.
Strong passwords are vital. So, check your banking logins and make them harder to crack. Changing them regularly also makes a huge difference. Never stick with the same passwords for years on end. And don’t share passwords across different logins. That’s an invitation to fraud.
Updating antimalware and antivirus software is also essential. As is learning to avoid clicking on strange email attachments or links in messages from strangers. Both are good ways to contract malware infections which can send data straight to Dark Web brokers.
Finally, remember the role of VPNs. A quality VPN encrypts all the data traveling between you and the web. This makes it very difficult for cybercriminals to know anything about you. This really matters if your data has fallen into the wrong hands. Identity thieves will often target their victims and try to spy on their online activities. That way, they can build believable profiles and assume false identities that even banks fall for.
So, everyone should have a VPN active whenever they’re out and about online. And especially if their data is being bought and sold on the Dark Web.
Make your identity too difficult to steal
As we’ve seen, there’s a booming online market for stolen identities. Every year, people around the world lose billions of dollars to hackers who put their identities to good use. So, try to cut off their supply at the source. It might mean changing the way you behave online, paying for VPNs, and requesting credit companies to research the corners of the Dark Web. But if we try, eventually we should be able to put these criminals out of business.