Buy A Dark Web Passport Scan For $15

Uploaded on 2018-10-11 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

A digital passport scan costs an average of $14.71 on the Dark Web, but a scan is all you'll get for that price. Cybercriminals up the cost for scans accompanied by identity verification documents, and you'll pay more than $13,000 for a legitimate physical passport. 

That's the average price of a digital passport scan, and it goes up with proof of identification, a new study finds

Researchers at Comparitech combed the Dark Web in late September to learn more about the selling prices of passport scans. Their search took them across several illicit marketplaces, including Dream Market, Berlusconi Market, Wall Street Market, and Tochka Free Market.

A wide range of vendors are selling passport scans, but only a few specialize in them. There are several ways to sell a passport. The cheapest is an editable Photoshop template, which can be used to create a fake scan by dropping in a photo and passport number. Since passport numbers are sequential, it's not hard to guess a real one, and most companies don't check if the passport number matches its holder, anyway.

Digital passport scans, which are fairly common and available for many countries, are more expensive and are often sold in bulk. Then there are the physical passports, both counterfeit and legitimate.

Consider digital passport scans: It's common for both counterfeit and legitimate scans to come with various forms of identification: a selfie, utility bill, and/or a driver's license, for example. If proof of ID is added to a passport scan, the average price jumps from $14.71 to $61.27.

"The reason for this is because multiple forms of ID are usually required to pass proof-of-address and proof-of-identification checks on websites," said Comparitech editor Paul Bischoff in a blog post.

"These checks are often part of the account recovery process in which a user has somehow lost access to their account and must prove who they are to regain access."

Researchers primarily looked at digital scans and photos of legitimate passports, he wrote. In total, they discovered 48 unique listings for real passport scans, 38 of which did not come with proof of ID. Listings spanned 20 countries, and they learned nationality plays a role in price.

The most frequently listed passport scans came from Australia and the United Kingdom, and Australian passport scans were the most expensive at $32, on average. There was no consistent price correlation between country and cost, Bischoff noted; however, the price did not seem to be based on either the scarcity or power of the country's passport.

Physical passport forgeries are also available; researchers found fake passports for a number of European countries in their search. Most fraudulent passports cost above $1,000. Real, physical passports are both rare and expensive. Most are at least $12,000; the average cost is $13,567.

Why Steal a Passport?
A counterfeit passport could be useful to a cybercriminal in several ways, Bischoff pointed out. Some banks only require two proofs of identification to open a new account. Someone with a stolen passport and driver's license could open an account, access sign-up bonuses, or use it to cash out on different illicit transactions in a "bank drop" scam, he explains.

These forms of ID can also be used to bypass two-factor authentication on websites that require a photo of a physical ID to prove identity. Some companies require account holders to snap a selfie while holding their IDs, which is why digital passport scans cost more with a selfie of the legitimate owner.

Bischoff provided some guidance for people to keep their passports secure. Among his tips: Travel with black-and-white copies of your passport in case you need to provide it (most criminals prefer color scans). Never post photos of the inside of your passport to social media, and refrain from storing it in checked luggage. Don't store passport scans on your device, and don't store it with other documents that could be used to compromise your identity.

Dark Reading:

You Might Also Read:

What Europe Can Do To Catch Dark Web Criminals:

New US Biometric Passport Regulations Will Prevent Entry To Millions:

 

« China Compromises Tech Companies With Malicious Microchips
Oil And Gas Cyber Attacks Soaring »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CERT Polska

CERT Polska

CERT Polska is the first Polish computer emergency response team and operates within the structures of NASK (Research and Academic Computer Network) research institute.

L J Kushner & Associates

L J Kushner & Associates

L.J. Kushner is a leading Information Security recruiting firm.

IronScales

IronScales

IronScales combines human intelligence with machine learning to automatically prevent, detect and respond to email phishing attacks.

Simula Research Laboratory

Simula Research Laboratory

Simula Research Laboratory carries out research in the fields of communication systems, scientific computing and software engineering.

Software Engineering Institute (SEI)

Software Engineering Institute (SEI)

At the CERT Division of SEI we study and solve cybersecurity problems, research security vulnerabilities in software, and develop information and training to help improve cybersecurity.

CyberSure

CyberSure

CyberSure is a programme of collaborations and exchanges between researchers aimed at developing a framework for creating and managing cyber insurance policy for cyber systems.

Siemens

Siemens

Siemens Industrial Security Services provide solutions for cybersecurity in automation environments based on the recommendations of the international standard IEC 62443.

Industrial Defender

Industrial Defender

Committed to ICS Cybersecurity. Industrial Defender provides a fully automated solution to discover, track and report on assets across your ICS footprint.

Cegeka

Cegeka

Cegeka is a family-owned IT company providing end-to-end IT solutions, services & consultancy.

Guidepost Solutions

Guidepost Solutions

Guidepost Solutions are a diverse, global team of investigators, experienced security and technology consultants, and compliance and monitoring experts.

Mailinblack

Mailinblack

Mailinblack protects your organisation against email threats with an innovative solution that meets your security requirements.

Transparity Cyber

Transparity Cyber

Transparity Cyber is dedicated to cybersecurity. As part of the Transparity Group we’re an established name in the Microsoft Cloud landscape, with a focus on cybersecurity excellence.

American Technology Services (ATS)

American Technology Services (ATS)

American Technology Services provides unparalleled services in information technology to support small and mid-sized business. From top-level strategy, to managed services and infrastructure support.

NetScout Systems

NetScout Systems

NetScout assures digital business services against disruptions in availability, performance, and security.

Threat Con

Threat Con

Threat Con is a one of its kind event in Nepal, a series of annual international security conventions similar to the famous Black Hat and DEF CON conferences.

Black Duck Software

Black Duck Software

Black Duck (formerly the Synopsys Software Integrity Group) is the market leader in application security testing (AST).