Buy A Dark Web Passport Scan For $15

Uploaded on 2018-10-11 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

A digital passport scan costs an average of $14.71 on the Dark Web, but a scan is all you'll get for that price. Cybercriminals up the cost for scans accompanied by identity verification documents, and you'll pay more than $13,000 for a legitimate physical passport. 

That's the average price of a digital passport scan, and it goes up with proof of identification, a new study finds

Researchers at Comparitech combed the Dark Web in late September to learn more about the selling prices of passport scans. Their search took them across several illicit marketplaces, including Dream Market, Berlusconi Market, Wall Street Market, and Tochka Free Market.

A wide range of vendors are selling passport scans, but only a few specialize in them. There are several ways to sell a passport. The cheapest is an editable Photoshop template, which can be used to create a fake scan by dropping in a photo and passport number. Since passport numbers are sequential, it's not hard to guess a real one, and most companies don't check if the passport number matches its holder, anyway.

Digital passport scans, which are fairly common and available for many countries, are more expensive and are often sold in bulk. Then there are the physical passports, both counterfeit and legitimate.

Consider digital passport scans: It's common for both counterfeit and legitimate scans to come with various forms of identification: a selfie, utility bill, and/or a driver's license, for example. If proof of ID is added to a passport scan, the average price jumps from $14.71 to $61.27.

"The reason for this is because multiple forms of ID are usually required to pass proof-of-address and proof-of-identification checks on websites," said Comparitech editor Paul Bischoff in a blog post.

"These checks are often part of the account recovery process in which a user has somehow lost access to their account and must prove who they are to regain access."

Researchers primarily looked at digital scans and photos of legitimate passports, he wrote. In total, they discovered 48 unique listings for real passport scans, 38 of which did not come with proof of ID. Listings spanned 20 countries, and they learned nationality plays a role in price.

The most frequently listed passport scans came from Australia and the United Kingdom, and Australian passport scans were the most expensive at $32, on average. There was no consistent price correlation between country and cost, Bischoff noted; however, the price did not seem to be based on either the scarcity or power of the country's passport.

Physical passport forgeries are also available; researchers found fake passports for a number of European countries in their search. Most fraudulent passports cost above $1,000. Real, physical passports are both rare and expensive. Most are at least $12,000; the average cost is $13,567.

Why Steal a Passport?
A counterfeit passport could be useful to a cybercriminal in several ways, Bischoff pointed out. Some banks only require two proofs of identification to open a new account. Someone with a stolen passport and driver's license could open an account, access sign-up bonuses, or use it to cash out on different illicit transactions in a "bank drop" scam, he explains.

These forms of ID can also be used to bypass two-factor authentication on websites that require a photo of a physical ID to prove identity. Some companies require account holders to snap a selfie while holding their IDs, which is why digital passport scans cost more with a selfie of the legitimate owner.

Bischoff provided some guidance for people to keep their passports secure. Among his tips: Travel with black-and-white copies of your passport in case you need to provide it (most criminals prefer color scans). Never post photos of the inside of your passport to social media, and refrain from storing it in checked luggage. Don't store passport scans on your device, and don't store it with other documents that could be used to compromise your identity.

Dark Reading:

You Might Also Read:

What Europe Can Do To Catch Dark Web Criminals:

New US Biometric Passport Regulations Will Prevent Entry To Millions:

 

« China Compromises Tech Companies With Malicious Microchips
Oil And Gas Cyber Attacks Soaring »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Montash

Montash

Montash is an award winning, global technology recruitment business, specialising in the acquisitions of high-performing talent across a number of core disciplines including Information Security.

SANS Institute

SANS Institute

SANS is the most trusted and by far the largest source for information security training and security certification in the world.

Ethio-CERT

Ethio-CERT

National Cyber Emergency Readiness and Response Team of Ethiopia.

CryptoCodex

CryptoCodex

Cryptocodex has developed Counter-Fight, the most advanced, yet simple to implement, counterfeit detection system.

Accertify

Accertify

Accertify is a leading provider of fraud prevention, chargeback management, and payment gateway solutions.

RCMP National Cybercrime Coordination Unit (NC3)

RCMP National Cybercrime Coordination Unit (NC3)

As set out in the Government of Canada's National Cyber Security Strategy, the RCMP has established the National Cybercrime Coordination Unit (NC3).

Haven Group

Haven Group

Haven Group and its companies are a cyber security one-stop-shop for our clients offering a full range of cyber security services to our clients in a unified and united way.

Wayra

Wayra

Wayra connects Telefónica and technological disruptors around the world. As their preferred strategic partner, we scale them up to accelerate their business and ours.

ECHO Project

ECHO Project

The main objective of ECHO is to strengthen the cyber defence of the European Union, enhancing Europe’s technological sovereignty through effective and efficient multi-sector collaboration.

BullWall

BullWall

BullWall is a digital innovator dedicated to fight cybercrime in its many forms. Our overarching purpose is to stop new and unknown strings of ransomware attacks in its tracks.

e5 Lab

e5 Lab

e5 Lab seeks to develop solutions to challenges faced by the shipping industry including digital transformation, autonomous technologies and big data in order to promote safe and efficient operations.

GrayMatter

GrayMatter

GrayMatter provides Advanced Industrial Analytics, OT Cybersecurity, Digital Transformation and Automation & Control services to clients across the U.S. and Canada.

National Coordinator for Security and Counterterrorism (NCTV) - Netherlands

National Coordinator for Security and Counterterrorism (NCTV) - Netherlands

The NCTV serves the Netherlands’ national security. We protect national interests, identify threats and strengthen resilience.

One82

One82

Serving emerging small and medium-sized businesses in California and neighboring regions for over 20 years, One82 has established itself as the most dependable provider of IT support services.

Segra

Segra

Segra owns and operates one of the nation’s largest fiber networks and provides best-in-class broadband and data security solutions throughout the Southeast and Mid-Atlantic.

Cork

Cork

Cork is a purpose-built cyber warranty company for managed service providers (MSPs) serving small businesses (SMBs) and the software solutions they manage.