Fraud Guides Top List of Most Frequently Sold Type of Data on Major Dark Web Marketplaces
New research from Terbium Labs details the damaging data being sold by three dark web big box marketplaces and the associated digital risks that can impact corporations
Today, leading Digital Risk Protection company Terbium Labs has released a trend report on the stolen and fraudulent data of three of the largest multi-good dark web marketplaces, which found that fraud guides accounted for nearly half (49%) of the data being sold on the dark web, followed by personal data at 15.6%.
To develop the report, Terbium Labs’ team of researchers surveyed three major dark web marketplaces: “The Canadian HeadQuarters”, “Empire Market” and “White House Market,” sorting all data listings into six categories: personal data, payment cards, financial accounts and credentials, nonfinancial accounts and credentials, fraud guides and fraud tools and templates.
Cybercriminals have transformed the operational structure of these dark web marketplaces over time to mimic the rapid growth of big box retailers, such as Amazon and eBay, complete with search capabilities, ecommerce and seller ratings. These three markets in particular are more likely to stock a higher percentage of damaging data to corporations due to the unique combination of inexpensive personal and financial data as well as straightforward “how-to” type data, allowing cybercriminals to carry out attacks with ease.
Recommended AI News: SeekXR Launches Seek Education To Bring Learning To Life With Augmented Reality
According to the findings, fraud guides – listings claiming to sell guides and processes – were the most frequently sold category of data (49%), followed by personal data (15.6%), nonfinancial accounts and credentials (12.2%), financial accounts and credentials (8.2%), fraud tools and templates (8%) and payment cards (7%).
The risks to businesses are exacerbated by the fact that cybercriminals can get value for their money. The average cost of a single fraud guide is just $3.88, whereas a collection of guides sold under a single listing costs $12.99. The negative impact of fraud guides is often overlooked by organizations, leading to greater digital risks to a business, such as phishing, business email compromise, account takeover, credential harvesting and fraud. The material within fraud guides allows for the most novice cybercriminals to cause damage to individuals and organizations alike, turning commodity data into financial crime.
The second most prevalent type of data found on these marketplaces – personal data – exposes organizations to phishing attacks, business email compromise as well as account takeovers, enabling criminals to target individuals more accurately and impersonate their victims. The average price for a single personal record was $8.45, while the cost of a single personal record can drop as low as $1.00.
Recommended AI News: GoodFirms Latest Survey on SEO to Boost Your SERP Rankings to Adopt New Strategies During COVID-19
“We routinely see stolen data for sale on these markets for surprisingly low prices, considering how expensive the consequences of stolen data can be to an organization,” said Tyler Carbone, Chief Strategy Officer of Terbium Labs. “The missing piece here is the way criminals buy that data and make use of available knowledge and tools to exploit it. It is incredibly important for organizations to detect and respond to stolen data earlier – when it’s at that “raw material” stage – in order to reduce damage and prevent it from ever being used effectively as an instrument for expensive cybercrime.”
Each data category description within the trend report is outlined below.
- Personal Data: Information, such as names, addresses and social security numbers, but does not include account credentials.
- Payment Cards: Information from actual debit/credit cards, which can be used to execute fraudulent transactions.
- Financial Accounts & Credentials: Usernames and passwords for bank/credit card accounts or other online payment platforms (i.e. Stripe, PayPal, Online banking, etc.).
- Nonfinancial Accounts & Credentials: Credentials for non-financial online accounts (i.e. Netflix, Domino’s, CrunchyRoll, etc.).
- Fraud Guides: All listings purporting to sell a process – for example, how to open a fraudulent account at a specific financial institution, or how to reset an account password without knowing the answers to security questions.
- Fraud Tools & Templates: This category includes resources like fake mobile applications or HTML templates that allow criminals to impersonate legitimate sites or applications. Criminals can buy this content rather than needing to build and design phishing sites or content from scratch.
Recommended AI News: New IDC COVID-19 Tech Index Points Towards Declines in IT Spending, but Also Pockets of Opportunity for IT Vendors
Comments are closed, but trackbacks and pingbacks are open.