There have been numerous estimates over the years about how much a patient’s information sells for on dark web marketplaces. But what about a doctor’s information? If you had the necessary documentation on a physician who could bill electronically for their services, how much could you make by sending fraudulent bills to Medicare or insurers? And what would it cost you to get those documents?
According to a listing on a dark web marketplace, if you’re an experienced fraudster, you could make more than $1 million a year. And the records you need to support your lucrative fraud operations will cost you (only) $500.
I didn’t recognize the seller’s username when I came across the listing, but my research indicated that they are likely to be the same seller who had called themself “PikachuPacket” on WallStreet Market. From the registration date, it appears that when WSM shuttered, “PikachuPacket”simply moved over to this other marketplace and started selling under a new username. While many sellers would use the same username they had used elsewhere so their old customers could find them again, PikachuPacket did not have particularly high ratings on WSM and a name change on a new marketplace may have seemed a good way to start to build a better reputation.
DataBreaches.net is not naming the marketplace or providing the seller’s new username.
The listing was a bit unusual because the seller’s listing linked to two FBI wanted posters that have not really drawn media attention. If you’re trying to sell information to use for fraud, would you link to wanted posters of fraudsters? But this seller seems to have decided that the wanted posters validated the value of fraud that could be committed by what he was selling:
Some fraudsters who know very well what this info is worth (But obviously wern’t as careful as they could have been):
The FBI’s wanted poster for the male suspect states:
The unknown suspect and a female accomplice are alleged to have stolen the identities of at least 19 medical professionals from across the United States. The suspects have then allegedly used these identities to submit fraudulent claims to Medicare for high-end surgeries. These claims have been paid electronically into more than 30 bank accounts that were opened using false or stolen identities. The unknown suspects allegedly use these accounts to launder the money from one account to another, then obtain the fraudulent funds through ATM withdrawals.
Referring to those posters, the seller wrote:
This is a new and extremely valuble scheme and I’m not selling info on how to to it, only the details needed to cary out the scam.
To give you the rundown, you can use these identities to submit fraudulent claims to Medicare and Insurance for high-end surgeries and have the funds sent to a drop.
And what can you get for your $500? If you purchase from this seller, you supposedly get high-quality color scans that include a:
Bachelor Medical Technology
Malpractice Insurance Document
Medical Diploma & Board Recommendations
Medical Doctor License
Medical Technologist Certification (ASCP)
New Mexico MD License
Driving License Scan
As of today, there haven’t been any sales.
And as a color-me-curious side note: I wonder how this threat actor knew about those wanted posters. Is the doctors’ information for sale in this listing part of the data that the two wanted suspects had stolen? You’d think that insurers would have flags up on the names of the professionals whose information had been stolen, but was any warning or PIN ever sent to health insurers about these 19 sets of compromised credentials that had been used for insurance fraud?