Identity theft is a sordid business at the best of times. After all, we're talking about someone taking your place. It could just be a gesture, committing identity fraud online without even writing your name (other than crossing it off a list). Or it could be someone showing up at a bank pretending to be you.
But how do these people get their hands on their identity? And what happens after?
How is your identity stolen?
Your identity is usually spoofed in three ways.
The first is when your credit card is cloned or copied by an unscrupulous waiter, waitress, street vendor, or the like. Most of the time this happens abroad or in a big city. It's less common when you're at home in places you visit regularly.
Second, identity theft can occur if your information is part of a massive data breach. Consider the Experian data breach in 2015, for example.
The third method of identity theft occurs through email, SMS messaging, and any other means where phishing is prevalent. A technique used to trick you into entering your username, password, and personal information on a fake web page, phishing relies on an appearance of recognition to trick you. Therefore, the message may appear as a password reset email, or it may tell you that your account has been restricted. You click on the link, you log in, you provide the requested data... and your electronic identity is stolen.
How does identity travel?
Stolen identities are often for sale, almost always added to vast databases that criminals can access and use. In the case of credit cards, they are usually tested to see if they work; you can make a small purchase. Or the purchase may be larger, shipped to some address in an industrial area, and then resold. It is money laundering.
It's almost like a virtual trip: you stay at home and your digital identity is sent over the Internet until a buyer is found.
You are for sale on the Dark Web
Mainly, accounts with cash attached are the most desirable. So bank and credit card accounts, mortgages, online payments like PayPal, installment purchase agreements, smartphone contracts – anything that requires a lot of personal data for approval.
The more complete the data, the more likely it is to sell.
Most people think that the Internet and the Web are the same thing. In truth, the Internet is just the infrastructure of routers, data centers, DNS servers, and cabling. The web, like email, FTP, and torrenting, is on the Internet.
The same goes for the Dark Web, a hidden part of the online world accessible through the Tor browser. Think of it as a hard-to-monitor "Wild West" Internet. Standard web search tools can't crawl these sites, so you won't find any results for them on Google.
Like the back alley of the Internet, the Dark Web is perfect for selling stolen data, weapons, drugs, and other dubious transactions. Remember, identity thieves are criminals with all the illegal operations going on.
How much is your ID worth?
The Dark Web provides a marketplace to buy and sell your identity.
Every record for sale on the Dark Web generates profits for whoever stole it. The more complete the data and account balance, the higher the price. A Trend Micro study found that banking logins alone cost between €200 and €500 per account.
Single credit cards generally sell for less than €100, with much less than €10. This price is reflected in the amount of unused credit available on the cards.
Meanwhile, accounts with mobile operators are available for up to €14. That's small compared to the $300 price tag on your well-used eBay and PayPal accounts.
Do you remember when you applied for a credit and delivered a scan or photocopy of your passport? Maybe your marriage certificate? These sell for up to €40; after all, possessing someone's passport details is an instant new identity.
It is puzzling to know how your digital identity is exchanged. So here's one last sobering price: Medical data is worth around €1,000 per record. You can expect your health care provider to use secure procedures to protect your data.
Where does your stolen identity go?
Criminals from around the world have access to databases of stolen credit card data and complete identities. The more complete the data collection, the better. People with incredible wealth are more desirable to thieves, but the super rich are rarely found here. Instead, they are usually targeted in a more specific way.
Thanks to the Internet, your stolen identity could end up anywhere in the world. Financially speaking, you could be in London shopping for pants and having breakfast in Rio simultaneously. However, this type of activity often makes credit card companies realize something is wrong.
As such, your stolen identity probably won't go much further than your usual travel pattern. This way, identity criminals can take advantage of the longest possible use of your ID card. A week would be long, but more than enough to rack up huge debts in your name.
keep your identity
The risk is simple: someone who has the essential elements of your identity can impersonate you. Identity fraud can be committed with this information and some basic research on your likely fortune.
Data breaches are impossible to prevent. So the answer is to protect yourself. While your data languishes in a database, ready to be used for automated phishing emails or more specific targets, you can use security tools and credit monitoring services to reduce your exposure.
Cyber criminals do not like to work hard. It takes time and is not profitable. Instead, they aim for low-hanging fruit, easy wins. Don't be an easy win: make identity theft more difficult and criminals will move on to the next victim.