Buy A Dark Web Passport Scan For $15

Uploaded on 2018-10-11 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

A digital passport scan costs an average of $14.71 on the Dark Web, but a scan is all you'll get for that price. Cybercriminals up the cost for scans accompanied by identity verification documents, and you'll pay more than $13,000 for a legitimate physical passport. 

That's the average price of a digital passport scan, and it goes up with proof of identification, a new study finds

Researchers at Comparitech combed the Dark Web in late September to learn more about the selling prices of passport scans. Their search took them across several illicit marketplaces, including Dream Market, Berlusconi Market, Wall Street Market, and Tochka Free Market.

A wide range of vendors are selling passport scans, but only a few specialize in them. There are several ways to sell a passport. The cheapest is an editable Photoshop template, which can be used to create a fake scan by dropping in a photo and passport number. Since passport numbers are sequential, it's not hard to guess a real one, and most companies don't check if the passport number matches its holder, anyway.

Digital passport scans, which are fairly common and available for many countries, are more expensive and are often sold in bulk. Then there are the physical passports, both counterfeit and legitimate.

Consider digital passport scans: It's common for both counterfeit and legitimate scans to come with various forms of identification: a selfie, utility bill, and/or a driver's license, for example. If proof of ID is added to a passport scan, the average price jumps from $14.71 to $61.27.

"The reason for this is because multiple forms of ID are usually required to pass proof-of-address and proof-of-identification checks on websites," said Comparitech editor Paul Bischoff in a blog post.

"These checks are often part of the account recovery process in which a user has somehow lost access to their account and must prove who they are to regain access."

Researchers primarily looked at digital scans and photos of legitimate passports, he wrote. In total, they discovered 48 unique listings for real passport scans, 38 of which did not come with proof of ID. Listings spanned 20 countries, and they learned nationality plays a role in price.

The most frequently listed passport scans came from Australia and the United Kingdom, and Australian passport scans were the most expensive at $32, on average. There was no consistent price correlation between country and cost, Bischoff noted; however, the price did not seem to be based on either the scarcity or power of the country's passport.

Physical passport forgeries are also available; researchers found fake passports for a number of European countries in their search. Most fraudulent passports cost above $1,000. Real, physical passports are both rare and expensive. Most are at least $12,000; the average cost is $13,567.

Why Steal a Passport?
A counterfeit passport could be useful to a cybercriminal in several ways, Bischoff pointed out. Some banks only require two proofs of identification to open a new account. Someone with a stolen passport and driver's license could open an account, access sign-up bonuses, or use it to cash out on different illicit transactions in a "bank drop" scam, he explains.

These forms of ID can also be used to bypass two-factor authentication on websites that require a photo of a physical ID to prove identity. Some companies require account holders to snap a selfie while holding their IDs, which is why digital passport scans cost more with a selfie of the legitimate owner.

Bischoff provided some guidance for people to keep their passports secure. Among his tips: Travel with black-and-white copies of your passport in case you need to provide it (most criminals prefer color scans). Never post photos of the inside of your passport to social media, and refrain from storing it in checked luggage. Don't store passport scans on your device, and don't store it with other documents that could be used to compromise your identity.

Dark Reading:

You Might Also Read:

What Europe Can Do To Catch Dark Web Criminals:

New US Biometric Passport Regulations Will Prevent Entry To Millions:

 

« China Compromises Tech Companies With Malicious Microchips
Oil And Gas Cyber Attacks Soaring »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Magic Software Enterprises

Magic Software Enterprises

Magic provide Mobile Device Management (MDM) for Secure Enterprise Mobility. Magic MDM overcomes the challenges of mobile device management security by protecting all of your devices, data and content

Micro Focus

Micro Focus

Micro Focus is one of the world’s largest enterprise software providers. We deliver trusted and proven mission-critical software that keeps the digital world running.

CSIRT-IE

CSIRT-IE

CSIRT-IE is the body within the NCSC that provides assistance to constituents in responding to cyber security incidents at a national level for Ireland.

Clavis Information Security

Clavis Information Security

Clavis is an Information Security company offering a complete portfolio of solutions from Pentesting and Security Assessments to Managed Security Services and Training.

Agility Networks

Agility Networks

Agility Networks is a technology company providing integrated services and solutions for Digital Transformation and Cyber Security.

Standards Council of Canada (SCC)

Standards Council of Canada (SCC)

SCC leads and facilitates the development and use of national and international standards and accreditation services in Canada.

Austrian Institute of Technology (AIT)

Austrian Institute of Technology (AIT)

AIT is Austria's largest research and technology organisation and a specialist in the key infrastructure issues of the future including data science and cybersecurity.

Nordic Cyber Summit

Nordic Cyber Summit

Nordic Cyber Security Summit addresses a wide range of technological issues from the IT Security spectrum and also provides a wider perspective from all aspects of the industry.

Innosphere Ventures

Innosphere Ventures

Innosphere Ventures is Colorado’s leading science and technology incubator, accelerating the success of high-impact startup and scaleup companies.

Bradley-Morris

Bradley-Morris

Bradley-Morris is a leading recruiting firm specializing in transitioning military and veteran talent into civilian careers including Cybersecurity.

Field Effect Software

Field Effect Software

Field Effect Software build sophisticated and integrated IT security, threat surface reduction, training and simulation capabilities for enterprises and small businesses.

RealCISO

RealCISO

RealCISO is a CISO grade cloud platform to help companies understand, manage, and mitigate their cyber risk.

Guernsey

Guernsey

Guernsey provides a wide range of engineering, architecture and consulting services to multiple markets, including cybersecurity consulting and CMMC certification.

Mantodea Security

Mantodea Security

Mantodea Security is an industry-agnostic powerhouse backed by extensive experience and expertise in the realm of IT security.

GovSky

GovSky

GovSky streamlines CMMC compliance, saving time and significantly reducing cost.

Holiseum

Holiseum

Holiseum delivers innovative cybersecurity solutions for the critical infrastructure organizations, as well as cybersecurity services and consulting.