American’s Stolen Identities Only Worth $8 Per Record on the Dark Web

Like many of us, you’ve probably worried about what it would be like to get your identity or private information stolen. You’re careful with your credit card information, your social security number, and other sensitive information. But have you ever wondered what you’re worth if your information were successfully stolen?

After completing a successful phishing campaign or data breach, cybercriminals sell stolen personal information on the black markets (i.e., the dark web). Researchers from Comparitech analyzed over forty web marketplaces to learn how much PayPal, SSN, and credit card information are worth to cybercriminals looking to sell the information. The researchers analyzed prices based on the following criteria: account balance, country, credit limit, and the information included in each listing.

What’s your initial guess of what this type of information might be worth? We’ll venture to say your guess is much higher than reality. You may be surprised to find out how little your data is worth. Let’s dive deeper into the topic.

Key findings of Comparitech researcher analysis:

• Prices for stolen credit cards ranged from $0.11 to $986
• American’s full credentials are worth the least- averaging $8.
• Japan and UAE full credentials are worth the most- averaging $25.
• The highest percentage of stolen credit cards = US and UK. 
• Compromised PayPal accounts ranged from $5 to $1,767.
• The median credit limit on a stolen credit card = 24x the price of the card.
• Median account balance of a hacked PayPal account = 32x the price on the dark web.

Other key takeaways…

National ID numbers (i.e., social security numbers) are not particularly valuable to cybercriminals on their own–they need to be accompanied by other key information like name, date of birth, etc. The full bundle of key information is called “fullz,” short for “full credentials”. Fullz is the actual hot ticket money-maker on the dark web.

Perhaps surprisingly, PayPal information is worth more than credit card information on the dark web. Why? For starters, credit card prices vary significantly by country–PayPal not so much. An additional important factor for credit card prices on the dark web: quantity of information. For credit card “information” to be of the highest value, it needs to include CVV code, zip code, and name on the card. PayPal information does not require these additional pieces of information to carry its highest price tag.

Account balances and credit card limits play into the value of stolen credit cards on the dark web. It makes sense. The lower the account balance and the higher the credit card limit, the more a stolen credit card is worth.

So now that you know all of this, how can you keep your data safe?

Most of this stolen data is captured through credential stuffing, phishing, card skimmers, and data breaches. How can you avoid being a victim of these attacks? 

Here are a few tips:

1. Minimize your digital footprint whenever possible — register for as few online accounts as possible. 
2. Beware of card skimmers at points of sale. Gas stations are a particular hotspot.
3. Educate yourself on identifying phishing emails and other suspect messages that may lead to a data breach.
4. Use strong and unique passwords on all of your online accounts–this will help avoid credential stuffing. Do not auto-save passwords in web browsers. 

Questions about how to keep your personal or business data safe and secure? PK Tech can help. Contact us here.