Fraudsters use the dark web as a training ground for scam techniques

Tuesday, 23 April, 2019

The Dark Web is the go-to source for unscrupulous people trading in stolen data, hacking tools and illicit information. It also is a source for fraud guides to assist the hacker in stealing from you and me. Web intelligence company Terbium Labs has analysed 30,000 such guides to offer valuable insights into the criminals’ minds.

Fraud guides illustrate the most popular, easy-to-use methods to commit cyber-enabled fraud. The guides provide unique insights into how cybercriminals think, talk, and operate on the Dark Web.

By evaluating the contents of these guides, we can better understand the Dark Web fraud trade and employ effective strategies and technologies to protect our most critical data.

- Emily Wilson: VP of Research, Terbium Labs

Terbium found that these guides are cheap. The average cost was just $3.38, while a collection of such guides retailed at $12.99. They found one report costing $58 which taught hackers how to build synthetic identities, while the cheapest at just 99 cents was a brief tutorial on how to hack home wifi passwords.

The guides revealed that of all the types of data the hackers target, email addresses are the most looked-for. Terbium found them mentioned in more than 5,000 guides. Emails give a cybercriminal a reliable and unique means of identifying us especially for phishing campaigns and account takeovers.

Other forms of data found to be in high demand were the obvious such as passwords, dates of birth and payment card data.

Many of the guides showed means and methods of hacking passwords such as brute-force attempts, password resets and how to bypass certain controls to gain access. And criminals are not stupid. They know we tend to reuse the same passwords over and over again and they exploit this to their advantage.

Payment cards were mentioned in almost 38% of all guides studied and they are the primary source of financial data for the cybercriminal. Terbium found that the hackers tend to favour credit cards to debit because debit cards have certain limitation, making them less useful for typical card fraud schemes.

It’s clear from Terbium’s findings that cybercriminals do their homework. Unfortunately, that means we each need to be doing homework of our own. Though we might all be tempted to fall for offers that we know deep down are too good to be true, a little investigation will invariably prove them false. And of course we are all responsible for our own passwords – make them strong, don’t recycle them, and don’t ever enter them on any web page linked from an email asking you to log in!

Tim Bamford author picture


Tim is a veteran freelance journalist writing extensively on internet news and cybersecurity.