No user is safe from identity theft. Hackers and ransomware gangs are investing massive efforts in account takeovers and spear-phished targeted attacks. Their aim is to gain access to any SaaS company that holds user credentials. It’s no wonder - these credentials and PII are valuable: they can be sold on the dark web for a profit. The new owners of the stolen data can then use it for their own financial needs. This blog post will detail five ways cyber criminals use credentials and personal information they purchased on the dark web.
Looking for a basic intro to identity theft? Start here.
5 Uses for Personal Info Theft
1. Gaining Social Media Followers
Identity theft is more closely linked to pop culture than you might think. Celebrities, influencers, and companies need followers, likes and comments. A large number of followers builds their brand, raises their value in the social media influencing market, and boosts their visibility.
It’s much quicker to purchase followers than to organically grow them. Purchasing lists is easy and inexpensive, despite the fact that it’s against the guidelines of the social media giants like Instagram, Facebook and YouTube. These lists comprise fake automated accounts and real-hacked accounts, which, you guessed it, are based on identity theft.
2. Financial Fraud
Stolen credit card data, ID scans, utility bills, stock-trading accounts, details of compromised bank accounts, and access to e-commerce sites can all be exploited for financial gain. Cyber criminals can use these credentials to open requests for loans or unemployment, purchase goods online, or straight out transfer money to their accounts.
Another way to financially exploit personal data is through blackmail. Bad actors steal personal information, and demand a ransom for giving the data back. Otherwise, they threaten, they will sell it to an adversary with malintent.
3. Botnets, Brute Force Attacks, and Account Takeovers
Data breaches and large scale attacks result in bulk databases of credentials that are sold online. These credentials can be used to orchestrate more attacks, like credential stuffing. Botnets, a service also sold on the dark web, can use these credentials to automatically attack any site that has online users.
This means that even seemingly non-valuable credentials can be used for identity theft and compromising user’s safety. So, if you are a company that holds basic user credentials, you should also prioritize user protection. Your customers’ credentials could be stolen through a vulnerability on your systems, and be used to attack them through a different company.
Sometimes, stolen PII is used by criminals or immigrants to impersonate a real person and enjoy their benefits. Medical identity theft provides medical insurance and prescriptions. Criminal identity theft enables the real perpetrators to avoid criminal charges and could result in the false accusation of the victim. In the case of illegal immigrants, they can take advantage of the civil rights of the citizens they are impersonating, like being able to find a job and a house.
5. Phishing Scams
Once the identity theft is out in the open and known to the victims, they will actively change their credentials and passwords, issue new identity certificates and notify the affected institutions, like insurance companies and banks. Scammers might take advantage of the situation and reach out to the victims while disguising themselves as these institutions, asking for more PII, as a phishing scam. Thus, they gain access to more valuable PII than what they originally had, like bank accounts or credit card numbers.
Identity Theft Protection for Your Users with SecureNative
There’s no 100% guaranteed way to prevent identity theft. But you can protect your users by identifying perpetrator actions and blocking them. SecureNative automatically identifies changes and anomalies in user and behavioral patterns, enabling you to prevent malicious activity that causes damage. Try our free plan by signing up here.