Cybercriminals on the dark web have developed new ways to exploit identity verification systems. Rather than hacking or stealing personal information, they are purchasing it directly from individuals, as revealed by security researchers at iProov. This approach allows them to bypass Know Your Customer (KYC) processes used by businesses to verify customer identities.
Researchers found that a criminal group in Latin America is gathering identity documents, such as passports and driver's licenses, along with corresponding facial images.
In some cases, these criminals pay individuals for their personal data. While the exact amount paid remains unclear, this practice raises serious concerns.
This group’s activities extend beyond Latin America, with similar tactics reported in Eastern Europe. Law enforcement agencies in these regions have been alerted to the threat.
Why Is This Dangerous?
Selling personal data equips fraudsters with real identity "kits," which combine authentic documents with matching biometrics. This makes it challenging to identify the kits as counterfeit. According to iProov Chief Scientific Officer Andrew Newell, these kits enable criminals to execute sophisticated impersonation scams, putting victims’ financial security and personal identities at risk.
What Can Be Done?
Classic verification methods have proven inadequate against such advanced attacks. iProov recommends implementing multi-layered security measures to combat these threats. Key steps include:
- Real-Time Authentication: Verifying that the user is a human being in real-time.
- Identity Verification: Ensuring the user matches the rightful owner of the presented identity.
These layered methods significantly hinder cybercriminals, even when they possess convincing identity data. iProov notes that even sophisticated attackers struggle to bypass such systems while maintaining realistic interactions.
- Never sell or share your personal information, regardless of incentives.
- Be cautious of schemes offering money for personal data, as they can fuel large-scale fraud.
- Stay vigilant and report any suspicious activity to relevant authorities.
As cybercriminals continue to innovate, businesses must invest in robust security systems, and individuals must take proactive steps to safeguard their sensitive information.
