• 1311
  • 0

Selfie with ID: The New Scam You Haven’t Heard About

Michelle Wilson - May 21, 2022

Selfie with ID: The New Scam You Haven't Heard About

Some services require verification before the account is active when registering for an account online. These online services will ask you to confirm your identity by taking a selfie of yourself and your government-issued identification. It’s a simple and easy way to prove who you are. These verifications eliminate traveling to a physical office and verifying your account. With online verification, simply take a photo, upload it, and wait for an employee to approve the account.

Selfie verification is also becoming quite popular among phishers hoping to score your information. Unfortunately, this online verification method isn’t just used by legitimate websites with a decent reputation. Here’s everything you need to know about why they’re after your photos with ID cards and how to avoid falling victim to their plan to understand the scam better.

Verification of Your Identity

Most standard business scenarios include an email from your bank, social network, or payment system informing the individual of a security issue with the account. Most of these emails will require the user to submit additional identification to confirm their identity online.

The attachment is frequently a page with a generated form, requiring users to submit the account credentials, address, telephone number, payment information, and a selfie with a visible ID card or document. Although these emails may seem legitimate, it’s always crucial to establish the risk of theft before submitting these documents online.

Why Cybercriminals Want Selfies with ID

A few online services will require the user’s identification to be verified before registration is validated. Should you send a selfie to scammers online, they can effortlessly create accounts online in your name, including a cryptocurrency exchange. Malicious actors will use these accounts for illegal activities like fraud or money laundering. Unfortunately, these activities can land unsuspecting victims in hot water with local authorities.

The black market fetches a far heftier payment than just an ID scan. If a criminal secures your identification with your selfie attached, they can take the photo and turn it into a highly profitable venture online.

Frequent Signs of Online Fraud

Thankfully, online fraud isn’t a perfect art, leaving many criminals sloppy and identifiable. Closely inspecting the phishing email online, especially with the website, can save you time and energy to recover your identity later. It would be best to watch for a few things before submitting your identification online.

Regular Typos and Errors in Communication

Cybercriminals’ email or data entry form is likely riddled with spelling or grammatical errors. These errors may include misspelled words, capitalization issues, or other syntax issues. A reputable business is going to ensure its communication is professional and high-quality.

Suspicious Sender Email Address

Many email addresses with phishing attempts will use generic or free email services to communicate with victims online. Alternatively, a scam artist will use a similar sounding domain with no affiliation with the actual business name. Carefully review any email you receive against the standard domain. If it doesn’t match, there’s a strong probability the email is trying to steal your information.

The Domain Name Doesn’t Match

A sender’s email address may seem legitimate, but if the phishing form’s site isn’t related, there’s a good chance it’s a scam. Take a careful look at the link in the email, comparing it to the genuine domain name of the company. The address may be similar but often have minimal changes (like a zero instead of the letter o). Reputable companies wanting to confirm identification won’t use third-party platforms like Dropbox or Google to create their verification system.

Time Sensitive Issue

Many authors of phishing emails will do their best to create a sense of urgency and deadlines with the victim. Many will claim link expiry after 24-hours or threaten to restrict access to accounts without the form. This false sense of urgency will cause many victims to act without thinking, especially for essential services. A reputable company will never rush their customer with unrealistic deadlines or catastrophic outcomes.

Duplicate Requests for Information

If you’ve already submitted information to a company online, there is no reason to resubmit these details in an online validation. For example, emails and phone numbers are supplied during the registration process. Most reputable companies aren’t going to demand further confirmation for the sake of “extra security.”

Online resources will offer advanced features, including additional security-related details. These offers and requests will typically stem from the user’s online account (when signed in to the website), not through email. Most offers allow the individual an opt-out function on the screen, while a phishing email suggests the activity is mandatory. For example, many cybercriminals will only include one button on the attachment, indicating there is no option available but to upload a selfie to the account. 

No Information About the Verification on the Official Website

While there are times an account holder will need to verify their ID to continue accessing services, these attempts are very infrequent. Anything requiring further information for the account will be available directly through the website. If you’re not sure, google the business name and visit the official company website.

Never hand out ID Card Selfies

To safeguard your information, always remain cautious with requests for personal data, especially when your documents are at risk. Be suspicious of any demands for identity if you’ve been using the service for a while. When in doubt, visit the official website online to confirm the account verification request. Remember to evaluate the quality of the text in the email, especially grammatical issues, missing words, or spelling mistakes. Authentic corporate communications are unlikely to hold such errors.

Before responding to any email or link, confirm where the message originated. A company will always send communications from the official domain. The company’s website would thoroughly explain any exception to this rule on the official domain. Many login forms, surveys, or other official pages are cited in official resources online. Take note of any extreme or unrealistic deadlines to submit account verification. If a company starts demanding action by a specific time, it should ring alarm bells. It’s better to miss a deadline than accidentally send your data to a criminal. Finally, contact the company by phone if you’re unsure. Avoid the telephone number in the questionable email, googling the direct contact.

Conclusion

Although confirming your identification with a selfie-and government-issued ID isn’t unheard of, it potentially opens the door for more sinister activities online. With cybercriminals preying on unsuspecting victims daily, it’s critical to protect our information and limit the probability of it ending up in the wrong hands. For many, this simply means careful evaluation before sending our confidential details into cyberspace because an email demands it. Whether handing over our personal information or sending a digital photo of government-issued identification, being mindful of how the information is used can be critical. With small but deliberate assessments, we can all lower our risk of becoming a victim.

Related Posts