Researchers from the cybersecurity company iProov said they had uncovered a criminal scheme on the darknet. The attackers paid users to provide biometric data and documents, and then used this data to bypass banking security systems.
Cybercriminals collect data sets that include real identity documents and their corresponding biometric data. This combination makes it virtually impossible to detect fraud using traditional verification methods, as all the data provided is authentic.
“What is particularly alarming is the fact that people are voluntarily revealing their personal data for short-term financial gain”, – said Andrew Newell, chief scientific officer at iProov. According to him, by selling their data, users are not only risking their own financial security, but also providing criminals with the tools to commit large-scale fraud.
The group operates in Latin America, but researchers said they have observed similar patterns of activity in Eastern Europe. They sent the collected data to local authorities.
Experts recommend that financial institutions implement a multi-layered protection system that includes document authentication, real-time identity verification, and constant threat monitoring. Users are advised not to sell their biometric data and documents, regardless of the offered reward.