A list of hacker-related items has recently been posted on a Russian-based website that appears to be selling credit reports. The prices are based on the victims’ credit scores.
According to msnbc.com, hackers have turned what most people believe to be the most important weapon against identity theft into a liability by using it against them. Hackers use boldly displayed sites that provide consumers access to view their credit reports to steal personal information.
A report’s price varies depending on the victim’s credit score. Report information may cost $80 for individuals with excellent credit scores in the 750s, and reports from victims with terrible credit ratings might sell for around half of that, according to “for sale” pages.
The cost shows how those with excellent credit and a solid financial portfolio have become targets.
The most disturbing element of these hacking markets is the ease with which credit reports may be obtained. Hackers are bragged about how simple it is to compromise sites such as AnnualCreditReport.com or CreditReport.com. However – many hosted in the .su domain, which stands for the now-defunct Soviet Union.
“I’m selling super-prime credit reports and scores which include all three bureaus and other information,” brags one advertisement on one site.
According to the story, they went through hundreds of credit reports on CreditReport.com and found that most had “Credit Report” written across the top page. Others, however, saw indications that they were stolen from AnnualCreditReport.com or Equifax.com. In addition, CreditKarma.com and other credit reports and score providers were breached as well.
Nobody knows how many reports have been utilized or offered for sale in the ‘libraries.’
The credit report industry demonstrates how even minor credit card fraud, long regarded a low-risk type of identity theft, can quickly become a full-scale identity catastrophe. Using the data gathered about the victim, criminals with stolen cards may use background reports, credit reports, and ultimately open new accounts.
A hacker wrote about one of their brute-force attacks to gain access on a bulletin board. The majority of these sites feature “problem” questions like, “Which bank holds the mortgage on your property?” There’s a major flaw in this thinking, according to the hacker:
“Normally, all … of them will ask you the same question,” the hacker wrote.
Because the sites employ only a few options, he claims it’s simple to use elimination and determine the correct answers. The hacker wrote that it is simple to open numerous credit report websites and try various answers until one works.
The directions are very thorough, including helpful hints such as, “Take a shot of screen to recall what answers you gave to the questions. After doing that, click the submit button and see what it says.”
A bulletin board post on msnbc.com, intentionally left incomplete by the hacker, talks about how he claims to have hacked credit report website security.
The would-be credit report thief will require further information to obtain access to the victim’s credit report, however this may usually be obtained by ordering background checks using the stolen credit card. On the site, reports stolen from Intellius.com and BeenVerified.com, which provided previous addresses and a variety of other cherished information, were discovered.
According to the article, one person whose credit report was on the website told msnbc.com that she discovered fraudulent charges on her accounts around the time the data theft was made public. She now pays to maintain a credit freeze on her credit reports, which is a nuisance since purchasing anything with borrowed money necessitates a credit check. It might take
“You hear about this kind of event all the time, but you do not once think it will ever happen to you,” acdording the victim, who requested their identity be concealed. “And when it happens, you think, ‘Great. Now what do I do?’”
For years, it has been recommended that consumers get their Annual credit report from AnnualCreditReport.com at least once a year to check their credit reports. Now, experts advise that you obtain one credit report each quarter to keep a closer eye on your credit history. The site is maintained by the three largest consumer credit agencies in the United States – Experian, Equifax, and Trans Union – as required by federal law.
That is still sound advice – looking at your credit report is the best method to detect identity theft. But now, the site is both an ally and a foe. Furthermore, the Federal Government passed a law dictating that a person has only 60 days to dispute an incorrect debt, whether they are aware of it or not. Because of this, you’ll need a credit monitoring service that checks all three credit bureaus, at the very least.
The FTC will not comment on the hackers’ use of the site of AnnualCreditReport.com.
In the past, the FTC has sued companies for inadvertently selling credit report data to hackers, however. In 2011, the agency settled with Settlement one Credit Corp., ACRAnet Inc., and Fajilan Associates after those firms unintentionally sold reports to crooks. The firms were ordered to submit to 20 years’ worth of security audits.
These organizations produce reports for automobile dealerships and other credit providers. It’s even more audacious to attack consumer websites like AnnualCreditReport.com.
AnnualCreditReport.com and CreditReport.com are both run by Experian and provide consumers with credit reports.
“Experian is fully aware of schemes such as this to gang access reports illegally, and we have taken measures within our systems to mitigate the issue,” said Experian. “We are continually evolving our systems to prevent fraud and criminal activity, but do not comment publicly on the specifics of our fraud prevention methods.” Still, despite these setbacks, Experian has continued to have data breaches that have harmed millions of individuals. They then prompted people to join the Identity Monitoring program, which is a hard-sell; why would anyone pay someone to secure and monitor their credit information if the company had experienced the largest data breach in 2015?
CreditKarma.com’s Kenneth Lin announced that the company had acquired “a handful” of reports about breached accounts and worked fast to disable access. “Our credit checking software, CreditKarma, does not store any personal information and only shows the consumer’s credit score,” said Lin. “Thus, the security danger of an impostor obtaining a victim’s score is minor.”
It’s no simple task to fix the problem of consumers’ credit reports being stolen on internet sites. One paradox of the hackers’ ability to easily break such sites is that many people find AnnualCreditReport.com difficult to use. The pass questions are frequently so complicated – for example, “Which bank handled your previous automobile finance?” – that genuine customers can’t answer them readily.
But before you can, anyone who does a little bit of study will be able to figure out the answers. In other words, it’s too easy for criminals to acquire credit reports, but it’s too difficult for customers.
“You currently can’t stop the Hackers scam because the ‘soft inquiry’ of a consumer pulling their report doesn’t record in the majority of credit files.” This is because no consumer would be aware if their credit report was illegally obtained. “Unfortunately, this allows the bad guys, by impersonating you, to download your credit file and leave no tracks.” If you don’t have the industry’s best Identity Theft solution, you’ll spend hundreds of hours and dollars repairing everything that is damaged as a result of Identity theft.
Financial, Medical, Driver’s License, Synthetic, Insurance, Criminal, Social Security, and Children Identity Theft are just a few of the different types of identity theft we’ll discuss.
Contact me for more information about our service.
Clayton Biewer