Skip to content
 

Data Breaches Fuel Financial Fraud

With billions of identifiers up for grabs, good cybersecurity is a must

menacing guy hiding his identity pushed a shopping cart full of stolen identities

John Ritter

En español

If there were an electricity that powers the fraud industry, it would be information. Without names, email addresses, Social Security numbers, passwords, credit card info or other personal data, a scammer cannot reach you or pretend to be you. 

And so a massive illegal, international underground economy has emerged to serve the needs of scammers. The wares? More than 15 billion pieces of stolen personal data, say law enforcement and cybersecurity experts with the firm Digital Shadows. Which sounds like a lot of data, but it isn’t. The average person logs in to nearly 200 sites that require passwords or other information, Digital Shadows estimates. Sitting in your computer are endless amounts of personal data that may be useful to a scammer. And so another illegal industry is constantly at work: data stealing. There were a record 1,862 publicly reported breaches of large-organization customer databases last year, according to the Identity Theft Resource Center. Most of that data ends up in this dark web marketplace, being bought and sold.

If this info marketplace were an actual mall, the people you’d find there primarily would be hackers who steal the information and sell it in bulk, malicious code writers who help those hackers gain access to your computer by infecting it with malware, and vendors who buy the stolen data, repackage it and sell it to the “end users”—the people actually trying to ensnare you in a scam.

AARP Membership -Join AARP for just $12 for your first year when you enroll in automatic renewal

Join today and save 25% off the standard annual rate. Get instant access to discounts, programs, services, and the information you need to benefit every area of your life. 


How much is your personal identifiable information (PII) worth to scam artists? While many people think a nine-digit Social Security number is their most valuable identifier, “it’s actually worth about $2,” says James E. Lee, chief operating officer of the nonprofit Identity Theft Resource Center in San Diego.

If a Social Security number comes with a name and date of birth, it’s $4 or $5, or about “the cost of a caramel macchiato,” says Brian Krebs, a cybersecurity expert who runs the website KrebsOnSecurity.com.

A person’s credit card information is worth more, about $25 to $35, Lee says. A hacked Facebook account can bring $65, and a selfie photo with a U.S. driver’s license, $100.

Who’s buying this information?

“There are hundreds of thousands of serious ‘threat actors’ throughout the world,” says Robert Villanueva, a retired U.S. Secret Service supervisor who’s now executive vice president of Q6 Cyber in Hollywood, Florida.

This personal data is sold in digital “shops” on the dark web as well as in more exclusive online “forums” accessible to more sophisticated cybercriminals, Villanueva adds.

Malware, or malicious software, is critical to their crimes, because if a computer is compromised with what’s called a keylogger, every letter a person types is revealed to the bad guys, who can grab banking and email credentials and take over these accounts.

Your smartphone is also targeted. “Threat actors are really going after people’s phone numbers to hijack their digital lives, because that’s the weakest link,” Krebs says.

How to stay safe

  • Set up your digital accounts to require multifactor authentication.

  • Freeze your credit at the three major credit bureaus. Do the same for your dependents’ credit. That helps prevent a scammer with your info from making any major transaction in your name or the name of a dependent.

  •  Do not save credit card numbers online with merchants or service providers.

  • Activate biometric locks (facial recognition or fingerprints) on your mobile device to safeguard data if the device is lost or stolen.

  • Use antivirus software and perform recommended cybersecurity updates on your devices.
  • Because your phone number increasingly is being used to identify you, remove it from as many online accounts as possible. You may need to use your number to open some accounts, but go back and remove it later.

Katherine Skiba covers scams and fraud for AARP. Previously she was a reporter with the Chicago Tribune, U.S. News & World Report, and the Milwaukee Journal Sentinel. She was a recipient of Harvard University's Nieman Fellowship and is the author of the book, Sister in the Band of Brothers: Embedded with the 101st Airborne in Iraq.

AARP’s Fraud Watch Network can help you spot and avoid scams. Sign up for free Watchdog Alerts, review our scam-tracking map, or call our toll-free fraud helpline at 877-908-3360 if you or a loved one suspect you’ve been a victim.