Passport scans are commonly used in fraudulent schemes to defraud cryptocurrency exchanges, payment systems, and betting sites. There are two generally accepted methods of identification: proof of identity and proof of address. To confirm your identity, you need passport or driver’s license data, and to confirm your address, you need utility bill data or bank statements.
With a scan of a Belgian passport worth $10.39, for example, you can verify your identity in such systems as Paypal, Skrill, Neteller, Payoneer, LocalBitcoins, ePayments, Entropay, William Hill, Bet365 and Plus 100s More.
Some banks require the remote provision of data of only two documents to open an account.
For example, it can be opened with someone else’s passport and driver’s license, which will allow fraudsters to receive bonuses due to newly registered newcomers, or use the account as a “mule” for illegal transactions. Comparitech came to the conclusion that such schemes require scans of real passports, not Photoshop templates.
In addition, passport scans are on many resources a means of confirming identity when restoring an account, which can be used to capture this account. For example, a fraudster by social engineering learned the user’s password from an account on a cryptocurrency exchange. However, he cannot log into this account, because two—factor authentication is installed there – in addition to entering a password, you need to confirm the login using the code that came to the phone.
Having a scan of the victim’s passport in his hands, the attacker enters the password and then declares on her behalf about the loss of the phone. The exchange suggests sending him a scan of his passport or a selfie with this passport to confirm his identity — that’s why such selfies are more expensive on the Darknet. Having fulfilled this requirement, the attacker gains access to the victim’s account and accounts.