U.S. federal law enforcement recently announced shutting down a marketplace selling stolen personally identifiable information (PII). The SSNDOB marketplace had made $19M selling information on roughly 24 million individuals in the U.S. The pilfered information included names, dates of birth, SSNs, and credit card numbers.
Compromised PII makes it easier for criminals to perpetrate identity fraud by opening accounts with the compromised information. These third-party or “true name” fraud attempts may pass some credit and identity checks because the stolen information is valid, even though it is in the wrong hands. Socure Sigma Identity Fraud is able to identify and stop these sorts of fraud attempts, using machine learning that evaluates every dimension of consumer identity—name, email, phone, address, date of birth, SSN, IP, device, velocity, network and behavioral intelligence, and more—delivered in a single machine learning (ML) model.
SSNDOB was a well-organized illicit business that operated for over a decade. As the U.S. Department of Justice (DOJ) described:
“The SSNDOB administrators created advertisements on darkweb criminal forums for the Marketplace’s services, provided customer support functions, and regularly monitored the activities of the sites, including monitoring when purchasers deposited money into their accounts. The administrators also employed various techniques to protect their anonymity and to thwart detection of their activities, including using online monikers that were distinct from their true identities, strategically maintaining servers in various countries, and requiring buyers to use digital payment methods, such as bitcoin.”
Where did the compromised data come from? As an Ars Technica news article explained, “SSNDOB operators got their data in part by infiltrating LexisNexis, Dun & Bradstreet, and Kroll Background America. Hackers used data from SSNDOB to gain control of Xbox Live accounts held by some Microsoft employees, according to another Krebs report in 2013.”
Fraud Rings: Well-armed Adversaries
The SSNDOB episode also highlights that criminal adversaries are frequently well-organized fraud rings. While the DOJ estimated that the illicit marketplace had made $19M in revenue, Chainalysis, a blockchain analysis company, reported that the marketplace has received nearly $22M worth of Bitcoin from over 100,000 transactions since 2015. Fraud can be a lucrative business, and fraudsters are buying PII in bulk to help them commit their crimes.
While PII can be found on the dark web, as shown by the SSNDOB episode, criminals also use more direct means to compromise accounts. Fraudsters regularly use social engineering via email, text, or a direct phone call to get victims to provide their banking credentials, and the inquiry will look legitimate to an unsuspecting victim. Your fraud countermeasures need to stop attacks irrespective of whether the attack uses dark web data or data from bamboozled customers.
The law enforcement takedown of SSNDOB is good news for fraud fighters everywhere, but fraudsters are clever. The dark web already holds a wealth of compromised data, and you can expect that future illicit marketplaces will fulfill the demand for tools to defraud enterprises and consumers.
How to Improve Your Identity Verification Strategy
The ideal way to combat fraud is to ensure that your fraud countermeasures provide optimal performance and to streamline your identity verification funnel wherever possible. Complex fraud decision logic involving multiple point solutions is difficult to maintain and results in the compounding of false positives as you combine solutions. Pruning your fraud-solution stack and leveraging integrated identity verification platforms like Socure’s ID+ can help avoid complexity, provide more accurate decisions, and generate fewer false positives.
Socure’s industry-leading ID+ is driven by ML models that are trained with feedback data from a consortium of more than 1,000 of the largest enterprises.That means our models are constantly evolving to counter the latest fraudster threats.
Socure’s Sigma Identity Fraud models are the most accurate in the industry and help you to auto-approve more good customers while deflecting fraud and minimizing manual reviews. Connect with one of our fraud experts and learn more about applying AI/ML to verify good identities and stop identity fraud.
Todd is Senior Director for Product Marketing at Socure, where he manages marketing for Socure’s Fraud suite of offerings. Prior to Socure, Todd worked in cybersecurity and identity at companies including Arctic Wolf Networks, Nok Nok Labs, Vormetric/Thales, and Trend Micro.
An Open Letter to the IRS: You Can...
Dear Internal Revenue Service, It’s time to look for root causes....
2022 Identity Fraud Prevention: What You Need to...
Identity fraud has never been more rampant. Fraudsters are exploiting open...