Scammers are buying SA passports, bank cards & e-mails 'cheap, cheap'

This is according to a study by cybersecurity company NordVPN, which analysed the dark web market valued at $17.3m (R270.4m). Among the items found were passports and personal IDs, payment card data, online accounts, bank account logins and crypto accounts, as well as other personal data from more than 50 countries.

A SA passport or ID card can be purchased for as little as R156, the fourth cheapest in the world.

Researchers also discovered SA payment card data sold on the market with an average price of R143.

SA personal e-mail data costs R156 per batch — also among the lowest in the world.

Crypto wallets and investment accounts cost more than bank accounts. With an average price of R6,158, the most expensive crypto account data is from Binance, followed by Kraken (R6,001) and Crypto.com (R5,470), according to the report.

The researchers explained: “In some ways a dark web market is much like any other. Criminals who buy products on these criminal markets expect to make their money back and then some — the same way a tradesman might buy a tool at a hardware store.

“The only problem is they make their money by stealing it from innocent people.”

The most commonly found item in the overall dark web market was payment card data.

Copies of passports were the most expensive item at about $600 (about R9,189) on average. However, prices varied greatly between countries, with Argentinian passports being the cheapest at $9 (about R137.84) and Czech, Slovakian and Lithuanian passports tied for most expensive at $3,800 (about R58,202).

Batches of e-mail addresses bought in large quantities are used to launch broad scams and hacks. The EU had the most expensive personal and business addresses.

Tips to stay secure

• Make sites and services earn your trust: Hackers get lots of data by targeting the websites and services you share your data with. You can’t personally secure the servers that store your data, but you can “vote with your wallet/feet”. Make your data security a priority. If a site or a service asks you for sensitive data, ask them tough questions about how they secure it and what they’ll do if they’re breached.
• Monitor your accounts: Request weekly bank statements or activate transaction notifications on your app. Turn up the security settings on all your accounts so you know when login attempts are made from suspicious devices. Make use of tools offered by the sites or services you use (a password manager, for example, offers a data breach scanner that will tell you if your password is present in any breaches).
• Stay vigilant: One side of the coin is knowing how to protect your data and the other is knowing how to react quickly and effectively when your sensitive data is used.
• Use strong and unique passwords: If your password is long, it’ll probably be hard to guess. If it’s unique, then even if one of your accounts is breached, the rest will stay safe. With a collection of strong and unique passwords you’ll stay more secure longer.

TimesLIVE