News

5 Billion Unique Credentials Circulating on Darknet

Oliver Smith
July 13, 2020
2 minutes read
602

According to the report released by security firm Digital Shadows, a total of 15 billion user credentials are circulating on the darknet forums. Among those, 5 billion are unique that do not have any repeated username and password pair. Cybercriminals are selling access to online bank accounts and domain administrator rights to corporate networks.

A threat researcher at Digital Shadows, Kacey Clark says, “More often than not, credentials that are exposed are reposts or amalgamations of previously exposed credentials,”

“Security teams that monitor for these types of issues, therefore, may well have already remediated the risk. Unique credentials, however, represent a higher risk and so are likely of greater concern for security teams.”

#Govtech #security via @GovInfoSecurity: 5 Billion Unique Credentials Circulating on Darknet https://t.co/cVKP3JRJZA @drjdrooghaag @fabriziobustama @antgrasso @sallyeaves @mikko @archonsec @yuhelenyu @1davidclarke

— Bill Mew #DigitalEthics #TrustinTech #BLM (@BillMew) July 12, 2020

The cyber crimes are increasing and the number of stolen credentials advertising on the underground forums has increased by 300% since 2018. Extensive research of 18 months done by Digital Shadows shows that nearly 10,000 data breaches have taken place in two years in which credentials are compromised.

Creator of the HaveIBeenPwned breach notification service, Troy Hunt tells Information Security Media Group,

“I’m not overly surprised by the numbers,”

He added, “Anecdotally, I’ve noticed a lot more credential stuffing lists in circulation recently, and just like the [COVID-19] pandemic itself, they seem to be replicating at a fierce rate.”

Disclaimer: No warranty is herein provided that the information contained in this document is accurate, up-to-date, and/or complete. In no circumstance(s), does such information constitute legal or any other advice. Any person who intends to use, rely, pass-on, or re-publish the information contained herein in any way is solely responsible for the same. We suggest to verify the information and/or obtain expert advice independently if required.

Latest News

News
Legal Challenges Against TikTok for Breaching Child Privacy Policy
TikTok, the most trending social media application in the present times is facing legal actions for violating the UK’s child protection policies. They have been sued by a 12-year old girl from the UK. The girl, whose identity remains anonymous, has been given Anee Longfeild’s support, who is England’s commissioner for child protection. According to the commissioner, the app violates the UK and EU laws.

The girl has been granted anonymity by the court to avoid cyberbullying by the influencers or users of the app. BBC reports that it is hoped the case will be taken to the court which will result in improved data privacy policies of the minor by the app. The case will require the deleting of the application’s data of the minors.

TikTok collects data for the purpose of advertisement. However, the majority of the user base of the app is of teenagers. According to a report by The New York Times, one-third of the TikTok users are 14-year-old minors. This is not the first time the app has been penalized for violating data protection policy. In 2019, FTC fined $5.7 million for violating the privacy laws of the USA regarding minor protection. After this lawsuit, the app was forced to take down the videos of children under the age of 13. A separate section was created for the use of minors only.

TikTok has been under strict scrutiny by the US and a ban has been proposed by the presidential body which is yet to materialize. TikTok’s privacy policy states that they only ask for limited information like name, username, password, and birthday. However, the rest of the data can be collected from the device including the IP address, country-level location, ID, and app activity etc.

The app’s privacy policy has changed in January 2020 which states in detail how the user data will be shared. Enza Iannopollo, privacy analyst at Forrester said, “When you have a child accessing a digital tool, there are unique concerns for the data to be actually stored and tracked, different regions might define children’s age differently. Some countries will say 16, others will say 13.”

She also added that whatever the age of the child is, parental or guardian consent must be required to use the application.

Recent Posts

Blog
Multi-Tier Security - Another Line of Defense Against Bank Account Scammers
The banking sector has been witnessing a significant rise in criminal activities is a major concern of security authorities these days. The latest reports revealed that banks have been violating KYC and AML regulations and there were skyrocketing penalties in 2020. Protecting banks and customers is necessary and identity verification is one of the best ways of doing so. However, conventional methods like manual document verification do not suffice for the needs. There must be more robust and automated systems like digital identity verification and video KYC that can enhance the efficiency of the process.

A single line of defence does not work when it comes to technologically advanced fraudsters. There must be layers of security to filter them no matter how hard they try to surpass ID checks. Hence, multi-tier security is what the banking sector needs. Multiple layers of security checks and identity verification methodologies will make it impossible for fraudsters to enter banks.

What is Multi-Tier Security?

Multi-tier security refers to multiple layers of identity verification to enhance security in organisations. Fraudsters are developing sophisticated ways of fulfilling their malicious intent and a single layer of security cannot help companies. Therefore, there must be multiple layers of ID verification that can prevent fraudsters from entering the business.
A Summary of Bank Scams and Frauds

Over time, many different types of frauds and scams have struck the banking industry. Due to advanced technology, not only banks are streamlining their processes, but criminals have also figured out techniques to execute their plans. Many new breeds of scams have surprised organisations, especially banks. Let’s take a look at some of the fraudulent activities.

Account Takeover Fraud

Account takeover (ATO) refers to the fraud in which criminals get illegal access to bank accounts and use them for illicit activities like money laundering and chargebacks. As technology advances, fraudsters have also become sophisticated in committing account takeover fraud. There was a 43 per cent increase in account takeover fraud during the global lockdown in 2020. The numbers are expected to increase this year as well due to rapid digitisation.

New Account Fraud

A new breed of frauds struck the world a few years ago by the name new account fraud. With time, the rate of this fraud has increased and defeated all other kinds of scams. For a new account fraud, fraudsters use stolen, forged, or synthetic identities to open a new bank account, get a new credit/debit card, or loan money from the bank. According to Javelin Strategy, 3.2 million customers were affected by this fraud alone in 2018.

Identity Theft

Identity theft has been a threat to businesses for a very long time. The numbers are continuously increasing and banks are the primary target. Unfortunately, identity theft has taken various forms as well, including child identity theft, medical identity theft, and social identity theft. This enables criminals in making purchases, opening new bank accounts, and enjoying numerous other benefits with false names.

Data Breach

Data breach is a social engineering technique that fraudsters use to acquire customer information. The stolen data is later used for bank account scams, identity theft, and numerous other illegal activities. The identities stolen from a data breach are also used for new account fraud. Around 8,000 data breaches were reported in 2019. In the first half of 2020, 540 data breaches were reported only in the United States according to Statista.

Biometric Authentication – The Additional Security Layer

Biometric authentication is the additional layer of security that not only enhances the level of security, but it is also a rigid measure that fraudsters cannot dodge. Fooling biometrics is not a piece of cake for criminals because biometric authentication requires the live presence of the individual for identity verification. Voice, face, palm, iris, pupil, and retina are some of the biometric traits of an individual that are required for biometric verification.

Biometric verification employs various artificial intelligence models and the following techniques are used for authentication:

3D depth analysis

Micro-expression analysis

Skin texture analysis

Liveness detection

All these techniques ensure the live presence of individuals and any spoof attacks or deepfakes can be identified within seconds.

How will Multi-Tier Security Help Your Bank?

Digital identity verification is a multi-tier security measure that your bank needs. This system has multiple methods of verifying identities that prevent fraudsters from entering the business. Here is how the process of multi-tier security works:

First, the individual has to register on your bank’s website for the identity verification process

Along with the registration details, government-issued ID documents are also submitted

Then, the information submitted is verified with the government-issued ID document

Once the documents are verified, biometric authentication comes in action and face verification checks are performed

Customers have to submit their selfie or video during verification which is matched with the image on the ID document

Lastly, consent verification checks are also performed in which the customer has to submit a handwritten or typed consent note

Conclusion

All in all, verifying identities with the manual method is not an adequate option in the digital world. Digital identity verification is an automated process of verifying identities with layers of security to increase the efficacy of the process. One of the strongest layers in this method is biometric authentication that ensures the live presence of the customer for verification. Fraudsters cannot bypass these checks through any of their techniques. Due to the robustness of this technique, bank account scammers fear from the additional layers of security to verify identities and transactions. Identity theft, account takeover fraud, new account fraud, and data breaches are some of the criminal activities that have increased over time. Now, banks need a multi-tier security system to ensure the security of the customers as well as the organisation.

Get in touch with our experts and learn more about the digital ID verification system and biometric authentication.

Talk to us

5 Billion Unique Credentials Circulating on Darknet

A Summary of Bank Scams and Frauds

Account Takeover Fraud

New Account Fraud

Identity Theft

Data Breach

Biometric Authentication – The Additional Security Layer

How will Multi-Tier Security Help Your Bank?

Conclusion

Let’s prove your

customer’s identity

with Shuftipro.

Let’s prove your customer’s

identity with Shuftipro.

Sweden

Cyprus

United Kingdom

Dubai

Бесплатный 15-дневный
тестовый доступ

5 Billion Unique Credentials Circulating on Darknet

What is Multi-Tier Security?

A Summary of Bank Scams and Frauds

Account Takeover Fraud

New Account Fraud

Identity Theft

Data Breach

Biometric Authentication – The Additional Security Layer

How will Multi-Tier Security Help Your Bank?

Conclusion

Let’s prove your

customer’s identity

with Shuftipro.

Let’s prove your customer’s

identity with Shuftipro.