Fraud as a Service: subscription fraud

When we think about online safety we think about being mindful on public Wi-Fi, not posting any personal information and keeping our online profiles private and secure. While that is all very important, it may surprise you how many other ways fraudsters are purchasing your data on the deep web.

Your data is gold

Our report Wolves of the Internet: Where do fraudsters hunt for data online? reveals the dark truth around how personal data is being compromised online. It has a number of key findings, including that, despite the higher risk to criminals, personal data is frequently sold on the surface web, alongside being sold on the less risky dark web.

The web is split up between the surface web and the deep web. The surface web is available to the general public and accounts of only 4% of web activity. The deep web covers the other 96%, including a small portion called the dark web. The deep web is a section of the internet that is not visible to search engines, while the dark web allows users to mask their identity such as hiding their IP addresses. This makes cybercriminals nearly impossible to identify and allows fraudsters to operate undetected while committing crimes such as identity theft.

Fraudsters often refer to personal data as ‘Fullz’. This data is the most valuable data sold on the dark web as it is all of an individual’s personal data, and can be sold for around £750. Fullz data includes first name, last name, current and previous addresses, city, county/postcode, mobile/home numbers, work number, National Insurance number, date of birth, mother’s maiden name and credit card number(s). It has been discovered that a major way the fraudsters are gathering this type of information is through leaked medical records. A recent breach in 2017 left 26 million NHS patients at risk. This information in the wrong hands is very dangerous as fraudsters can conduct identity fraud, opening new bank accounts and apply for new credit cards.

Reward programs and subscriptions leaving you at risk

We are all worried about fraudsters getting hold of our personal and banking details, however, it is not just your these particular details they want. These days’ fraudsters are able to purchase a wide variety of different data from other fraudsters, most commonly data from rewards programs and subscription services. Below outlines how much your data is going for:

• Apple ID profiles = £10;
• Full social media details (Facebook, Instagram, Twitter and Pinterest) = £17;
• Amazon Prime = £9.80;
• Airbnb = £10.90;
• Netflix = £8.20;
• Gmail = £2.50; and the list goes on

It is scary to see how little your data can sell for and how costly it can be to individuals who have money taken from their bank, purchases made through their shopping accounts and even their entire identities stolen for criminal use.

Avoid becoming a victim

Never click a link in an email unless you know and trust the source. Even then, you should be wary because scammers could take control of an email address and send links out to their contacts. We saw this recently with the CEO scam, where an email looked like it came directly from your organisations CEO.

Review privacy settings on all subscription and social media accounts. It may take time, but it is worth it to keep your personal information safe. This includes staying cautious about who you’re connecting with.

Never make transactions across public connections unless you are 100% certain they are secure. Don’t send money to people you have never met face to face.

If you receive an offer over the internet which looks too good to be true, the chances are it probably is.