Recent investigations by security researchers at Resecurity have revealed a significant rise in dark web activity related to stolen identity information from Singaporean citizens.
Cybercriminals are increasingly selling these stolen documents, which are then used for various fraudulent activities, identity theft, impersonation scams, and to bypass Know Your Customer (KYC) protocols.
According to Resecurity, there has been a 230 percent increase in the number of underground vendors offering stolen identity data from Singaporeans compared to the previous year. The surge is largely attributed to a rise in data breaches affecting numerous online platforms that store consumer information. Particularly in April 2024, there was a noticeable increase in data dumps on the dark web, with thousands of records becoming available for sale.
These records often contain biometric data, such as fingerprints and facial information, which are then used for illegal activities like creating deepfakes. To make matters worse, nation-state actors and foreign operatives are highly interested in this data for intelligence purposes.
Resecurity’s analysis found that a significant portion of the stolen data was discovered on XSS, a prominent underground forum. The analysis indicates that many breaches remain undisclosed by the affected organizations, leaving victims unaware and unable to replace their compromised documents. This situation is worsened by cybercriminals also selling templates for forged documents, making them particularly convincing with advanced security features like holograms.
SingPass accounts, which allow access to various government and private sector services in Singapore, have also been found for sale on the dark web. Cybercriminals use these accounts for scams, money laundering, and identity theft. Despite the implementation of two-factor authentication, vulnerabilities in KYC processes are exploited, often with insider collusion.
In June 2024 alone, Resecurity identified over 2,377 compromised SingPass accounts and notified the affected individuals. To mitigate these risks, individuals are advised to report stolen SingPass accounts immediately, enable 2FA, change passwords, and monitor account activities closely.
Source: Infosecurity Magazine
–
July 3, 2024 – by Ali Nassar-Smith
Related News
Brits Get Police Tech Funding and a Pre-Holiday Warning – Identity News Digest
AI Update: Funding Flows into AI Development and Security
Over 15 Billion Credentials Available For Sale via Criminal Channels: Report
Sumsub Finds AI-driven ‘Democratization of Fraud’ in New Report
White House Proposes Rules to Limit Transfer of Biometric Data to Adversary Nations
DHS Extends RFI Deadline for Biometric Identity Research and Development Project
Follow Us