The Dark Web is the go-to source for unscrupulous people trading in stolen data, hacking tools and illicit information. It also is a source for fraud guides to assist the hacker in stealing from you and me. Web intelligence company Terbium Labs has analysed 30,000 such guides to offer valuable insights into the criminals’ minds.
Terbium found that these guides are cheap. The average cost was just $3.38, while a collection of such guides retailed at $12.99. They found one report costing $58 which taught hackers how to build synthetic identities, while the cheapest at just 99 cents was a brief tutorial on how to hack home wifi passwords.
The guides revealed that of all the types of data the hackers target, email addresses are the most looked-for. Terbium found them mentioned in more than 5,000 guides. Emails give a cybercriminal a reliable and unique means of identifying us especially for phishing campaigns and account takeovers.
Other forms of data found to be in high demand were the obvious such as passwords, dates of birth and payment card data.
Many of the guides showed means and methods of hacking passwords such as brute-force attempts, password resets and how to bypass certain controls to gain access. And criminals are not stupid. They know we tend to reuse the same passwords over and over again and they exploit this to their advantage.
Payment cards were mentioned in almost 38% of all guides studied and they are the primary source of financial data for the cybercriminal. Terbium found that the hackers tend to favour credit cards to debit because debit cards have certain limitation, making them less useful for typical card fraud schemes.
It’s clear from Terbium’s findings that cybercriminals do their homework. Unfortunately, that means we each need to be doing homework of our own. Though we might all be tempted to fall for offers that we know deep down are too good to be true, a little investigation will invariably prove them false. And of course we are all responsible for our own passwords – make them strong, don’t recycle them, and don’t ever enter them on any web page linked from an email asking you to log in!