How much are your personal documents worth to cybercriminals?
A recent article written by Miklos Zoltan, founder of Privacy Affairs, details a 2023 pricing index for personal information available on the dark web. For example:
Cloned credit cards and cardholder data range from $10 to $240 each.
Stolen online payment accounts such as PayPal are so abundant they sell for as little as $10 each.
$150 will buy you a cryptocurrency account such as a hacked Robinhood account.
Entertainment accounts like Hulu, HBO, and Disney Plus average just $2 each.
The article also highlights a thriving category of illicit goods and services sold on the dark web which are personal documents. Zoltan states that these documents are used to impersonate people on the internet and can be used to open online accounts in their names using a collection of fake authentic-looking documentation. Some examples of personal documents sold on the dark web are:
A USA selfie holding an ID sells for $110.
Utility bills can be purchased for $15.
A USA passport scan goes for $50.
Drivers licenses can be had for about $22 each.
Other personal documents available on the dark web are email database dumps which are cheap and readily available. Hundreds-of-thousands to millions of emails can be purchased for as little as $100.
Why have personal documents become such an attractive target for cybercriminals? Here are 7 reasons why your personal documents are in such demand:
Personal documents tell a story
Unlike database breaches that contain a wealth of valuable but random information such as names, addresses, social security numbers, etc., personal documents present that information in context that tells a story about you such as the details behind a financial transaction. This is critical to those involved in identity theft who may need to engage directly with a financial institution in a convincing manner in order to open accounts or transfer funds.
Personal documents are information rich
Electronic documents typically contain a broad array of valuable information. They may include personal and financial data, intellectual property, trade secrets, sensitive business information, customer information, login credentials, and much more. This information can be used for a wide range of malicious purposes, such as identity theft, financial fraud, corporate espionage, or targeted attacks.
Personal documents are easily accessible
Electronic documents can be easily accessed, manipulated, and transferred over digital networks. It is well known that electronic documents (aka ‘unstructured data’) exist all across the enterprise and are poorly managed and less secure than database data (aka 'structured data’). They exist on file shares, hard drives, cloud storage, and countless point-solutions such as Sharepoint and other document management products and repositories that have been licensed or are often in-house developed.. Hackers can remotely infiltrate computer systems, bypass security measures, and easily gain unauthorized access to documents stored across these locations and devices. This convenience makes electronic documents an increasingly attractive target.
Personal documents offer quantity and diversity
With the increasing digitization of information, there is a vast amount of electronic documents maintained by organizations and individuals. Hackers can potentially access a large volume of documents from a single breach, exponentially increasing the potential value of their illicit activities.
Personal documents offer monetization opportunities
Stolen electronic documents can be monetized in various ways. As Zoltan demonstrates, hackers can sell the information on the dark web to interested parties, such as identity thieves or competitors. They can also exploit the data themselves by conducting fraudulent transactions, blackmailing individuals or organizations, or conducting targeted phishing attacks using the obtained information.
Personal documents provide longevity for fraudulent activity
Electronic documents can have a long lifespan. Unlike physical documents, which may degrade over time or require physical access, electronic documents can persist indefinitely in digital form. This provides hackers with an extended timeframe to exploit the stolen information, increasing its value.
Personal documents lack visibility
Due to the poor management and security oversight of personal documents, organizations may not be aware that their documents have been compromised until it is too late. Hackers can operate stealthily, leaving little to no trace of their activities. This gives them an advantage, as they can continue to exploit the stolen information without detection, amplifying their potential impact.
These seven factors demonstrate why hackers see personal documents as valuable targets. They see the potential for financial gain, opportunities for exploitation, and the relative ease of accessing and manipulating digital information. It is crucial for individuals and organizations to implement robust security measures to protect their electronic documents from such threats.
Yet, despite countless millions being spent on perimeter security defenses, data breaches continue to occur almost on a daily basis. It is clearly time for a new approach to securing sensitive information. Individuals who maintain and distribute personal electronic documents as well as enterprises to whom such documents have been entrusted, need to evolve their thinking when it comes to protecting this information.
At Confidencial Inc, we believe the solution is to protect the document itself, not simply attempting, and continually failing, to secure unauthorized access to that document. As countless examples have shown, once those perimeter defenses are breached, then all the information contained within that perimeter is compromised.
With Confidencial, individuals and enterprises can secure the information directly within the document, making it useless to cybercriminals who may gain access to it. Regardless if that access is gained through intentional and illicit means, or that information was accidentally exposed through unintentional and accidental acts, the information remains secure and only visible to those who have been specifically authorized to view it.
With Confidencial, the entire document can be secured with a simple point and click, or subsections of the document can be secured and only viewable to those you authorize, directly from within your common desktop applications. In addition, Confidencial provides a detailed tracking dashboard that provides real-time visibility into the movement and access to your secure documents.
As Zoltan points out, the overall message is evident. Cybercriminals value your data and stealing your identity or exploiting you is inexpensive. As the availability of personal information increases, the price of that information on the dark web goes down, resulting in a higher likelihood your accounts will be compromised.
We invite you to visit www.confidencial.io to learn more about our solution to securing sensitive documents, and to sign up for a free 6-month trial.