Fraud Guides 101: How Dark Web Fraudsters Steal Financial Data

Email addresses have the most fundamental value to hackers and monetary Information is the prime financial data type mentioned in fraud guides, according to new research from Baltimore based Terbium Labs.

Terbium Labs, a dark web intelligence company, shared its findings from new research, “Fraud Guides 101: Dark Web Lessons on How to Defraud Companies and Exploit Data.” In this report, Terbium Labs unpacked findings from almost 30,000 fraud guides (and more than 15,000 supporting files), to understand what fraudsters are selling, what they’re teaching, and how these guides impact an organization’s understanding of data security; and countermeasures available to organizations to minimize data theft and risk from data exposure.

These guides and tutorials, which preserve the lessons of digital crimes, are widely available for sale on major dark web markets, alongside the sensitive data and financial details fraudsters need to carry out their schemes. “Following the launch of the infamous Silk Road marketplace in 2013, criminals have been using the dark web as a technological platform to find faster, more creative ways to exploit secure systems, compromise sensitive data, and profit from financial fraud and identity theft,” the report revealed.

Emily Wilson, vice president of Research at Terbium Labs, said, “Fraud guides illustrate the most popular, easy-to-use methods to commit cyber-enabled fraud. The guides provide unique insights into how cybercriminals think, talk, and operate on the dark web. By evaluating the contents of these guides, we can better understand the dark web fraud trade and deploy effective strategies and technologies to protect our most critical data.”

The report found data most desired by fraudsters, and therefore most at risk, included:

• Email addresses. Researchers found email addresses have the most intrinsic value to fraudsters based on an analysis of which mentions of data types appear in isolation most frequently. They provide fraudsters with a reliable and unique identifier for phishing campaigns, account takeover, and other fraud-enabling attacks.
• Financial data. Payment cards are the primary financial data type mentioned in fraud guides, (referred to in 36% of the guides examined), followed by bank accounts and payment processor information. Fraudsters prefer credit cards to debit cards 85% of the time due to the host of limitations that make debit cards less popular for typical carding schemes.
• Personal Identification Information. While Social Security numbers are valuable to fraudsters, they appear less frequently than credentials including usernames, passwords and email addresses.
• PII versus financial information. On average, personal information keywords appeared more frequently (in 55.7% of guides) than financial information keywords (44.3%). In most cases, the utility of personal information is its connection to existing financial accounts or as a gateway for fraudsters to open new financial accounts under an assumed identity.

Additionally, the research discovered fraud guides are remarkably affordable. The average cost per single guide listing was $3.88 and $12.99 for a collection of guides sold under a single listing. The average price across all listings was $7.80. Fraud collections focused on identity theft or account creation offered the most supporting materials, including media assets like templates, vector images, official seals or stamps, and examples of legitimate documentation.

From the Fraud Guides 101: “The dark web fraud economy runs on compromised data. For every major breach that makes headlines, a dozen smaller data leaks circulate in the criminal underground with little notice. This data, bought and sold year after year, fuels the fraud schemes and cyberattacks organizations battle every day: phishing, account takeover, business email compromise, and various forms of financial fraud. These markets mirror the commercial economy: steady demand, ready supply, and vendors competing for market share.”

Terbium in its research also suggested just as cybercriminals use industry information to expand their fraud schemes, organizations can use the dark web guides to augment their security efforts. Terbium noted fraud guides may not always represent the most cutting-edge tactics, or cover all possible edge cases, but they provide organizations with insight into the most common schemes and techniques. “Organizations can use this knowledge to evaluate their existing controls and fraud detection services and keep tabs as new exploit technique emerge.”