The sale of American social security numbers through dark channels is a booming business that rakes in millions upon millions for criminals. It costs only $4 to buy a social security number (SSN) on the dark web, according to a new report that compiles the results of a two-year investigation by Atlas VPN, a leading virtual network provider.
How do your numbers end up for sale on the dark web in the first place?
One of the most common scams is a phone call telling you that your SSN has been suspended due to suspicious activity or because it’s been involved in a crime. The caller then requests the victim’s SSN to verify identity and to reactivate, or any other number of excuses.
In 2018, these numbers raked in nearly $17 million for criminals, and chances are, it’s still a booming business. That year, more than 63,000 Americans were taken in by this scam, based on reports to the Federal Trade Commission. That’s up from 3,200 in 2017.
As a result of this crime, consumers lost more than $16.6 million, or about $1,484 per person.
According to the Atlas VPN study, there is quite a menu of items for sale on the dark web, beyond your $4 SSN.
The details you need to access someone’s bank account with at least a $10,000 balance go for about $25--a price that fluctuates depending on the victim’s credit score. For a hit with a good credit score, the cost is higher. The logic is that it’s easier to run fraudulent transactions through a system if you’re linked to a strong credit score. Credit card details for cards with a limit or available balance of $1,000-$5,000 are sold for about $10, Atlas said.
Also for sale by dark vendors are forged documents. A physical passport can cost anywhere from $3,000 to $5,000, depending on which country is in question and how high the demand is for that country. U.S. passports cost around 3,000, while less often requested passports, such as those for European Union member countries, run closer to $5,000.
Finally, hacker services are for hire on the dark web, with yet another sub-menu of items for sale. According to Atlas, a one-hour DDoS attack costs around $165. Attacking a government or bank website will cost up to two to five times more because of the obvious risk.
Internet and security companies, as well as governments, hand out a lot of advice as to how to protect oneself from the dark web vendors and to keep your SSN, bank account information and credit card details from turning up on someone’s illicit menu. Usually that advice is pretty obvious, including the use of security questions whose answers cannot be easily determined by simply trolling your social media or other easy-to-come-by histories.
But why only $4 for an SSN? It’s all about volume.
Cyberattacks often target sites that contain millions of SSNs and, if successful, cybercriminals steal data in bulk.
That’s what happened in 2017 to Equifax, when 44% of Americans—or a total of 147.9 million people--had their personal information exposed. In February, the U.S. Justice Department charged four members of the Chinese People’s Liberation Army with the breach.
Last July, Equifax agreed to pay up to $700 million to resolve U.S. federal and state investigations into the hack. Some $275 million is to be divided between 50 US states and territories and the Consumer Financial Protection Bureau.
Equifax was only ordered to pay up to $425 million to compensate consumers. That works out to a whopping $3 per affected individual, approximately. Just a dollar short for buying their own SSN number back on the dark web.
Two massive Yahoo data breaches in 2013 and following year undisclosed for some three years and affecting 3.5 billion users had cost Yahoo $50 million in settlement damages in the culmination of a two-year-long class-action lawsuit
Target was also the focus of a massive cyberattack in 2013, right before the Christmas holiday, when hackers accessed the personal information of 70 million consumers.
Last July, Capital One reported that the personal information of 106 million individuals, including SSNs and bank accounts, was compromised in a massive data theft that led to the arrest of a former software engineer in Seattle.
Cybercrime is becoming more sophisticated, more widespread, and affecting more people and more businesses. The economic damage from cybercrime could exceed $6 trillion by 2021, making it a much larger illicit business than the entire worldwide illegal drug trade.
By Michael Kern for Safehaven.com
More Top Reads From Safehaven.com: