How valuable is your data to scammers?

Man using phone

As the world becomes increasingly connected, we are all having to become savvier about the risks of data theft. What we don’t always understand is what exactly happens to that data once it’s been stolen, how valuable it can be and how criminals trade it to push their profits higher and higher.

Doing so takes us into a shadowy underworld in which data is currency and the returns can be enormous. Knowing what happens in the aftermath of online fraud can be crucial in helping you to avoid falling victim to a scam in the future.

What Criminals Want

According to recent reports, data has overtaken oil as being the most valuable global resource. It’s a prized commodity to companies who use it to improve their services, market their products and increase the amount each customer spends, but the people who really value it are criminals. Increasingly, data is becoming the currency of choice in the underworld.

Identity thieves are always on the lookout for ways to steal personal data. This is all the information about you which is held in the public and private domain, such as your credit history, bank details, national insurance numbers and phone records. The more of this information they can get their hands on the more damage criminals can do and the more people will pay for it.

The value of the data depends on how fresh it is, how much data has been compiled about each individual and who that individual is. For example, the data of a top executive or an important government official could be much more valuable than most of the rest of us. Partial data records may only be worth pennies while more complete files could net savvy cybercriminals a bigger payday.

What Do Scammers Do With Your Data?

Once data has been harvested, thieves have to sort it out into sellable chunks. There is a thriving online black market for personal information and using a range of malicious methods they are able to turn data you take for granted into cold, hard cash.

Here’s the checklist that scammers and data thieves will run through.

  • Take Stock: The first thing they do is take an inventory of the data they have. They will look for personal information like names and addresses as well as financial information such as bank account numbers, credit cards or credit reports.
  • Sell Personal Information: They will package all that personal information together and sell it off in bulk. Depending on the individual and amount of data they have, the information can prove to be extremely valuable.
  • Offload Financial Data: They will then offload the information about cards and finances. A broker will normally buy the card information and sell this on to a ‘carder’. They will often take a few steps to make it difficult for them to be identified such as encrypted messengers and VPN software. Once anonymity is assured, they can use this information to spend as much of your money as possible before their activity is flagged causing them (and by extension the victim) to be cut off.
  • Sell the Remainder in Bulk: All data has a sell-by date and, after a few months, most of the information they have stolen may be more or less worthless. Even so, by packaging it with large quantities of other less valuable data from other victims they may still be able to get some money for it.

Once they have run through this process, the end users of this data have many further uses for your information.

The Consequences

Spammers might use personal data such as your email address to spam inboxes with advertisements. They make money for every person who clicks on the harmful links contained in each message. This can hit close to home if a friend or family member opens an email saying that its from you but instead opens them up to the same data loss you have experienced.

Although most people will send these emails to their junk folders there will be enough who click on the email to make it worth their while.

Others will use the details to send phishing emails containing viruses or scams to trick people into giving up their bank details. These could include anything from basic and easy-to-spot emails to well-designed plausible messages which look much more convincing such as an urgent message from a bank. These could look and feel like the real thing and many people will click on the links without thinking.

The amount of information fraudsters need to start inflicting damage is tiny. At the most basic level they only need your email address. Then they can start flooding your inbox with spam making it more likely that you will eventually fall for one of their scam messages, potentially opening yourself up to more serious consequences like financial and identity fraud.

The more details they have, the more damage they can do. If they access your national insurance number, bank account details or passwords, they can steal your entire identity, take loans out in your name and turn your life upside down.

The Dark Web Marketplace

When cybercriminals are ready to sell their ill-gotten data gains, they will often head onto the dark web. This is a shadowy part of the internet where the criminal world can operate out of sight. It requires special browser software to operate and activity here is often extremely hard to track.

The dark web is commonly used by online scammers and other criminal groups who would rather keep their browsing secret.

Operated on the Tor Network which is a system of relays which obscure the IP addresses of people operating here, the dark web is a haven for scammers. The way it has been set up prevents anyone who is watching your internet connection working out what sites you have visited and your physical location.

Hackers will use the dark web to sell off their information to the highest bidder which could include anyone from identity thieves to organised gangs, spammers and botnet operators. For those who prefer a more direct approach to buying data second-hand, dark web marketplaces supply the tools to go out and commit data fraud yourself complete with how-to guides.

With a vast network of marketplaces for criminals to browse, it makes stealing data as simple and convenient as purchasing your groceries online. If you have ever had data stolen, the likelihood is that it has ended up on one of the many store pages buried in the dark web.

How Much Is Your Data Worth?

The value of data on these marketplaces varies greatly but as a general guide here are the types of pricing you’ll see based on a recent study:

  • Online banking details are available for, on average, £200.
  • Grocery shopping account user data for sites like Tesco sell for as little as £3.
  • Full Apple ID profiles are being sold for just over £10.
  • Criminals could buy full user details for profiles on Facebook, Instagram, Twitter and Pinterest for £17.
  • Your entire online data profile could be available for less than £750.

It may be surprising to see how little your data can sell for. Especially as, if it falls into the wrong hands, the information can prove incredibly costly to individuals who have money taken from their bank, purchases made through their shopping accounts and even their entire identities stolen for criminal use.

The ONS found that 25% of fraud cases in the UK cost victims £500-£40,000. That’s good enough odds for someone who can spend less than £750 to gain all the information they need to make much larger returns.

Lessons To Learn

So, now you know how the scammers operate. You know why your information is valuable, how much it might be worth and how they use it. This knowledge should help you avoid becoming a victim in the first place.

You should never open a link in an email unless you know and trust the source. Even then, you should be wary because scammers could take control of an email address and send links out to their contacts.

Never make transactions across connections unless you are 100% certain they are secure and don’t send money to people you have never met face to face. If you receive an offer over the internet which looks too good to be true, the chances are it probably is.

Many of these lessons should be intuitive. By now, we should all know that you can never be certain who is contacting you over the web and if you can trust them or not. Instinctively we tend to underestimate the chances of something bad happening to ourselves as opposed to others. This is an aspect of our psyche that fraudsters play on. They want you to leave your common sense at the door – and to forget everything you have learned.