How your data falls into the network to shadow sellers: There are several ways your data could have fallen into the wrong hands.
First option. You uploaded scans or photos of your documents to register on some site or to identify yourself on some service. Then there was leakage of data due to database hacking by some hacker. After that, all scans and photos of documents fall into the hands of shadow sellers who sell them on various sites, especially a lot of them in the darknet. Such sites are easy to google and buy data from some unknown person can almost anyone.
The second option. It may also have happened that you simply uploaded photo documents to a fake site and therefore you have provided the fraudsters with your personal data.
Three option. It’s unlikely, but still. their documents can be merged by unscrupulous government officials who have access either to the database or to the documents themselves. Unknown persons bribe them and get all the necessary data. It may also happen that special people get a job in public institutions and already have access to the data of the people themselves.
Find sites to sell documents is not too difficult even with Google, and the darknet of such sellers in general full.
Sold different sets and different documents, the minimum is a copy or scan of the passport.
What an intruder can do, having photos or scans of different documents
The first, and probably the most banal and harmless, is to go through the identification of the person on the site or get VIP access to any service without giving out your personal data. Often identification is quite simple, the user appends photo documents and that’s all, it is identified by the system. The same is done by an intruder, on your behalf he registers in the system and performs any actions.
Second. He can register an electronic wallet for his shadow transactions. QIWI wallet will gladly help in this. With the help of your documents, it will pass the identification, which in QIWI is the same as I described above, and register a purse in your name.
Drinking. Microloans. That must be what many of you were afraid to see. But even this can be done, although, among other things, this requires a good combination of circumstances. I will tell you right away, I have not tried this scheme in the case (otherwise I would not have written this article), and all the actions described by me are based on personal knowledge as well as simple logic. If you have seen an inaccuracy or something like that, do not fool around in the comments that the author is a fool, knows nothing and tells other nonsense. You know something more in this area – write without insulting. It’s impossible to know everything in every field.
That’s what an attacker will need to do in order to take out a micro loan on your behalf. Microloans are issued only for nominal bank details (virtual microloans will not be issued), so in addition to passport details, he will need access to the victim’s bank account in order to transfer the money to himself.
If we have already dealt with the passport data and other documents, the question remains: “How to access the victim’s bank account?
The easiest way to do this is to apply social engineering and dump the malware file that the victim will install on his computer (only the skills of the attacker play). Either start communicating with the victim, gain trust and dump the malware file under some pretext. With its help, the attacker will be able to monitor everything that happens on the computer and sooner or later will learn the bank details, logins and passwords from personal accounts, thus gaining access to the bank account.