We all know hackers sell your data online, but did you know that now they’re selling your selfies on the dark web, too?
That’s the word from Sixgill, an Israeli dark web research company.
Unfortunately, this new development could have dangerous implications as more and more companies move toward what’s being called “selfie pay.”
Consumer warning: Think before you snap
NextWeb spoke with Sixgill’s Alex Karlinsky about a disturbing new trend among criminals on the dark web.
Karlinsky says Sixgill discovered something unusual in a closed-access dark web forum that was largely written in Russian: selfies for sale.
They were part of an identity theft data dump, accompanied by all the usual things a criminal needs to assume your identity and wreak financial havoc in your life.
Let’s be honest: A selfie by itself isn’t of much help to a cyber-criminal.
But coupled with identity credentials, it could allow an unsavory actor to get credit in a victim’s name.
And that’s exactly what Sixgill found — government-issued IDs or passports and proofs of address along with selfies of the victims whose identities had been stolen.
The asking price for such a treasure trove of data? Karlinsky says it was $50,000 for 100,000 documents.
If that’s too rich for your blood, the seller also had a budget offer. This one downsized the data for criminals who were operating on a shoestring budget, and included one individual selfie with the victim’s identity credentials at $70 a pop.
Sixgill believes this is the first instance that’s ever been noted of hackers offering selfies for sale as part of a criminal data dump.
Take these safeguards with your selfies
You might be wondering how a hacker would ever get your selfies. It’s not like you’re sharing them with the rest of the world on social media, right (wink, wink)?
According to Karlinsky, one common point of entry would be a phone infected with malware.
Another way selfies could fall into the wrong hands would be when cloud-storage platforms are inadequately secured. That’s what happened last month when an unsecured server left FedEx customer documents for 100K+ accounts exposed.
So, is this the beginning of the end for the popularity of the selfie? Probably not. Rather, you should educate yourself about “best selfie security practices” in a world where selfie pay is a thing.
But before we go any further, it’s important that you understand “selfie pay” is actually a misnomer.
In reality, it goes beyond simple purchase transactions being done by photo. It also includes letting you verify your identity when opening a bank account and it’s even figuring into the application process for life insurance policies!
So Karlinsky has two key recommendations for people going forward:
- Don’t take selfies with you holding your ID
- Don’t store pictures of your ID on your phone, in case your phone becomes infected with malware
Who is using selfie pay tech and who’s coming on board next?
Selfie pay is primarily being sold to us as a convenient way to shop online without the need to remember difficult passwords.
Other use cases include verifying your identity when you’re opening a new account. That’s accomplished by scanning your photo ID and also sending a selfie as secondary proof of identity.
In some cases, the life insurance industry is even experimenting with you getting an insurance policy via selfie!
Here’s a look at a variety of companies both big and small that let you do certain transactions with them via selfie.
MasterCard and Visa
Back in 2016, MasterCard announced that customers could verify online payments by taking a selfie.
Meanwhile, Visa has also begun experimenting with selfies as a way for you to apply for credit and even pay your credit card bill.
Millennials don’t necessarily like to do things in traditional ways, do they? That’s why a company like SelfieQuote.com has launched.
Using artificial intelligence, this insurer looks at your selfie to estimate your age, gender and body mass index. In doing that, it can shorten the underwriting process to mere minutes, instead of days.
Meanwhile, the software that powers a site like SelfieQuote is similar to a product called Chronos that’s being used by several insurers.
With Chronos technology, you just upload your selfie, answer nine questions and you can have a quote in as little as 10 minutes!
This one is still vaporware — for right now.
Two years ago, Amazon filed a patent application for a pay-by-selfie technology that would allow customers to authenticate transactions by snapping a photo or video of themselves.
We’ll have to wait and see how this one shapes up. But with the torrid pace of innovation at Amazon, it’s likely only a matter of time before this becomes a reality.