I never did an ico kyc.. Come on, maybe you could send an ID card or a passport, but who stupid send selfie? I think this seller is a cheater. or any other possibility that's more likely; This vendor is the employee of an exchange. He hacked a Exchange KYC datas....
Well , even if you do not send the selfie, sending only the documents NIC is very risky because these are just original documents that can be used anywhere. I think we should not send our KYC to ICO sites which can be a real threat for us if they misuse it.
They can even sell this private information on darknet and get good money out of it too.