Dark Web cybercriminals are buying up ID to bypass KYC methods

News
By
published

Security researchers uncovered "sophisticated approach to compromising identity verification systems"

Image credit: Shutterstock (Image credit: Image credit: Shutterstock)
  • Researchers from iProov found a group buying up ID data from consumers
  • The data is being used to bypass KYC processes
  • Companies will need to go for a multi-layered approach, iProov says

Hackers have found an easy and simple way to grab people’s sensitive information, and then use it to bypass Know Your Customer (KYC) processes - buying the information directly from the victims.

New research from identity verification and fraud prevention firm iProov uncovered a “sophisticated approach to compromising identity verification systems” through a “systematic collection of genuine identity documents and images.”

iProov said it uncovered a dark web group engaged in mass collection of identity documents and corresponding facial images, which actually compensates the victims for the information. It wasn’t said how much money they were giving for one set of data.

Multi-layered approach

The group operates in the Latin American region, but the researchers said they observed similar operational patterns in Eastern Europe, as well, and shared its findings with the local authorities.

Commenting on the findings, Andrew Newell, Chief Scientific Officer at iProov warned against selling personally identifiable information to anyone.

"When people sell their identity documents and biometric data, they're not just risking their own financial security - they're providing criminals with complete, genuine identity packages that can be used for sophisticated impersonation fraud," he noted. "These identities are particularly dangerous because they include both real documents and matching biometric data, making them extremely difficult to detect through traditional verification methods.”

iProof hinted in the near future, organizations will have to implement a multi-layered verification approach, since current identity verification systems could be easily spoofed. This approach would require people to first confirm that they’re human, then that they’re the right person, and it all should be done in real-time.

“This multi-layered approach makes it exponentially more difficult for attackers to successfully spoof identity verification systems, regardless of their level of sophistication,” iProov concluded.

“Even advanced attacks struggle to simultaneously defeat all these security measures while maintaining the natural characteristics of genuine human interaction.”

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Biometrics
Like selling your virtual soul: Researchers uncover extraordinary identity farming operation where the culprits are the victims
Concept image of a person having their face scanned, indicating the risk of identity theft.
Identity fraud attacks using AI are fooling biometric security systems
An illustration of a hooded hacker with an obscured face holding a large fingerprint against a red background.
ID theft – what happens when someone steals your identity
Someone holding a passport with two boarding passes inside it
Top digital loan firm security slip-up puts data of 36 million users at risk
Concept art representing cybersecurity principles
Cybercriminals cashing in on holiday sales rush
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
A top online gift card store may have exposed private data on hundreds of thousands of users
Latest in Security
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
Major ransomware attack sees Tata Technologies hit - 1.4TB dataset with over 730,000 files allegedly stolen
Security
Broadcom releases fixes for multiple VMware security flaws
A graphic showing fleet tracking locations over a city.
Lost & Found tracking site hit by major data breach - over 800,000 could be affected
US President Donald Trump speaks to the press as he signs an executive order to create a US sovereign wealth fund, in the Oval Office of the White House on February 3, 2025, in Washington, DC.
US set to pause cyber-offensive operations against Russia - but CISA says it won't stop
Web DDoS attacks see major surge as AI allows more powerful attacks
Polish space agency says it was hit by a cyberattack
Latest in News
Microsoft UK CEO Darren Hardman AI Tour London 2025
Microsoft - UK can help drive the global AI future, but only with the proper buy-in
Asus Prime OC RTX 5070 graphics card with three fans, shown at an angle
Asus reveals Nvidia RTX 5070 launch pricing, and while one model is at MSRP – thankfully – the others make me want to give up my search for a next-gen GPU
Philips Hue lights being dimmed
Got Philips Hue lights? A free app update delivers these 3 improvements
iPad Air M3
The new iPad Air M3 is good value – but I’d still buy this iPad Pro model instead
Samsung Galaxy Z Fold 6
Samsung shows off a creaseless folding phone display – and it improves on the Galaxy Z Fold 6 design in 3 key ways
A piece of paper with the words 'an HBO Original film' on it next to a pile of snow
Jesse Armstrong’s next HBO Original sounds like another Succession-style satire starring Steve Carrell and Jason Schwartzman
More about security
Security

Broadcom releases fixes for multiple VMware security flaws
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."

Major ransomware attack sees Tata Technologies hit - 1.4TB dataset with over 730,000 files allegedly stolen
Google Chrome logo on a mobile phone's screen

Google asks US government to drop breakup plan over national security fears
See more latest
Most Popular
Google Chrome logo on a mobile phone's screen
Google asks US government to drop breakup plan over national security fears
Activo Volcano IEMs
These more affordable audiophile wired earbuds from a brand I love could knock Sennheiser off its perch
Asus Prime OC RTX 5070 graphics card with three fans, shown at an angle
Asus reveals Nvidia RTX 5070 launch pricing, and while one model is at MSRP – thankfully – the others make me want to give up my search for a next-gen GPU
Microsoft UK CEO Darren Hardman AI Tour London 2025
Microsoft - UK can help drive the global AI future, but only with the proper buy-in
Samsung Galaxy Z Fold 6
Samsung shows off a creaseless folding phone display – and it improves on the Galaxy Z Fold 6 design in 3 key ways
Business software
Microsoft unveils even more AI agents - this time to help you clinch that big sale
Philips Hue lights being dimmed
Got Philips Hue lights? A free app update delivers these 3 improvements
iPad Air M3
The new iPad Air M3 is good value – but I’d still buy this iPad Pro model instead
A piece of paper with the words 'an HBO Original film' on it next to a pile of snow
Jesse Armstrong’s next HBO Original sounds like another Succession-style satire starring Steve Carrell and Jason Schwartzman
A collage image of Foggy Nelson sitting at a table and a close-up of Muse in Daredevil: Born Again
Daredevil: Born Again viewers have two wild fan theories about Foggy Nelson and Muse after the Marvel TV show's debut, but I think there's only one that might be right