For many Americans, “identity” is important. In a nation founded on personal rights, most Americans have worked hard to become who they are, both personally and financially. For most, identity is priceless. But if your identity is compromised, how much could it be worth to someone else? What price does a person’s identity — social security number, driver’s license, birth date and other personal identifiable information (PII) — fetch on the dark web? Different forms of PII are sold on the dark web at various selling prices, prices that may astound you. To guard against identity theft, it is important to know where your personal data ends up and what actions to take to protect your identity, especially in light of the recent Equifax breach.
What Data Is Sold?
One of the current biggest sellers on the dark web, an area of the world wide web where users are untraceable and that only those with special software can access, are business credit cards, since many do not have a spending cap. High-end personal credit cards like American Express’ Platinum card are also popular and are rated by dark web users on a percentage scale based on the likelihood of success in using the card for fraud. A 100 percent rating means the card can certainly be used fraudulently. A card with an 85 percent rating would go for the Bitcoin equivalent of between $15 and $20. A standard Mastercard or Visa without a huge limit would go for $7 to $9.
More importantly, these underground markets sell the individual identities of actual people. Thieves compile a collection of PII that offers enough information about the victim’s location, life, finances and geographic location to allow the buyer to commit identity theft and impersonate the victim with the end goal of acquiring money or credit. These dossiers are called “fullz,” as in a full, stolen identity. To add insult to injury, “fullz” go for as little as $8 on a dark web marketplace. With the data in each stolen dossier, thieves are more likely to crack your password and even guess the answers to the additional security questions that some sites require as proof of identity.
The Deep Web
Within a small chasm of the dark web lies an even darker and more elite area only accessible through the Tor Onion network — the Deep Web. Within the Deep Web, users can find anything imaginable, and the more illegal in the light of day, the more coveted it is on the Deep Web. Here, identities are effortless to find. PayPal, Facebook, eBay, Amazon, Uber and Netflix accounts are readily available for sale. A PayPal account that comes with several months of transaction history can go for as much as $300, while stolen bank account information can fetch about $500 from a Deep Web buyer. Credit and debit card data are sometimes sold in bulk, which suggests that many were acquired at the same time, like what a cyber attack or data breach would yield.
As far as your individual bits of data go, they are sold in “lines.” Each line of PII includes your social security number, name, address, birthday and any additional personal data the seller could gather about you. These “lines” sell for as little as $1.
How to Prevent Becoming a Victim
Being smart about the handling of your personal information is the first step in ensuring that your details don’t end up on the Deep Web. Ways to secure your data include:
- Not carrying your Social Security card with you. Stash all important documents in a locked, fireproof box at home.
- Do not respond to requests for your personal data that are unsolicited.
- Do not leave mail sitting in your mailbox and shred all correspondences that include PII.
- Install anti-virus software and firewalls on your home computer and avoid using public networks.
- Invent complex passwords that are difficult to guess.
- Enable security features on your cellphone.
Now that you know what cyber thieves want and where your identity can end up, it is up to you to protect yourself. You’ve spent your whole life building your identity. Don’t let someone steal it from you … for just a dollar.