British “identity packages”, including an ID scan, a selfie, and a dossier of personal data, can be purchased by criminals on the dark web for as little as £30, new research suggests. As identity theft continues to rise, experts have discovered the sale of national identity documents, driving licences, credit card details and UK “frequent traveller” passports for £2,000.
The information can be exploited in multiple ways and used to apply for credit cards, mortgages, car loans, or to open bank accounts. AMLTRIX, a group of anti-money laundering experts, analysed 25 active dark web marketplaces in early December last year, uncovering the many ways in which Britons’ stolen data is being used.
Its co-founder, Gabrielius Erikas Bilkstys, said: “A full identity pack with ID scan and selfie is now cheap enough and accessible for criminals to buy in bulk, and if that is not enough, the dark web offers other, more reliable, although more expensive options. That reflects how often the same personal data is stolen and resold, and how industrialised this market has become.”
Some of the highest-value items were KYC-verified UK business bank accounts, ranging from £900 to £2,000. Accounts at major banks such as NatWest and Barclays were at the upper end of this range, according to AMLTRIX. A NatWest spokesperson said: “We take protecting our customers from financial crime extremely seriously, which is why we operate robust fraud and security systems and work with partners across the wider digital ecosystem.”
The research also found hacked UK Amazon accounts listed at an average of £15, while login details for subscription services such as Netflix were going for around £10. Counterfeit Bank of England banknotes were also being sold, typically going for around 25 to 35 per cent of their face value. Some vendors claimed that their notes pass UV light checks and offered low-value sample orders as proof of quality.
UK fraud prevention service Cifas found that there were more than 118,000 cases of identity fraud recorded between January and June last year. David Wall, a cyber crime expert at the University of Leeds, said: “The problem exists at two levels. [Firstly], data of the individual who can fall victim to financial loss, this happens through account takeover, or more likely being defrauded via a phone call pretending to be from the victim’s own bank. The other level accesses data at the organisational level.”
