About half of the product listings on the biggest dark web markets are accounted by guides on fraud schemes as aspiring cybercriminals aim to cash into the robust illicit cyber commerce that includes the exploitation of online scams to compromise email accounts.
Nonetheless, even as the trade rages on, it has been discovered that a host of these how-to fraud guides are fake or not dead in the sense that the vulnerability was patched.
The above revelation was made pursuit to the release of a trend report by the leading cybersecurity firm Terbium Labs, which researched on the stolen and fraudulent data posted on three of the most popular dark web platforms.
Specifically, a team of researchers from Terbium labs studied “The Canadian Headquarters”, “Empire Market” and “White House Market” by sorting a plethora of data listings into the following six categories:
- Personal data
- Financial accounts and credentials
- Payment cards
- Nonfinancial accounts and credentials
- Fraud guides
- Fraud tools and templates
The report intimated that fraud guides accounted for 49 percent of the data being traded on dark web platforms.
According to findings of the Terbium trend report, the listings of guides claiming to sell guides and processes accounted for the most frequently sold category of data on the dark web, followed by personal data that accounted for 15.6 percent of sold data.
Nonfinancial accounts and credentials took up 12.2 percent of all data sold via dark web, while financial accounts and credentials accounted for 8.2 percent of the sales. Finally, fraud tools and templates were 8 percent of all categories of data while payment cards registered at 7 percent.
Personal data which, as mentioned above, turned out to be the second most popular class of data posted on the dark web marketplaces, is exposes organizations to untold scales of cyber risks. Personal data theft predisposes users to phishing attacks, business email attacks and account takeovers.
These kinds of actions pose serious economic danger to companies and individuals as they allow cybercriminals to steal identities and orchestrate targeted cyber-attacks with utmost accuracy.
According to research by Terbium labs, the average price attracted by personal data posted on the dark web stands at $8.45 considering that the cost of a single personal record may fall to as low as $1.
However, in some cases, the same price may show a rise number up to the triple figure depending on the quality of data leaked. This reality is especially reflective of instances where the leaked personal credentials to a user’s account have the power to provide criminal access to the victim’s related-but-separate accounts.
In general, Terbium researchers found that the examples of credentials advertised on the dark web marketplaces included site login credentials for services such as email accounts and even the accounts belonging to streaming services.
A Ton of Cyber Risks to Organizations
The availability of fraud and hacking guides on the dark web pose a plethora of risks to private sector companies and government agencies alike. These risks are worsened by the fact that cybercriminals achieve value for their money considering the eventual economic gain they realize after purchasing stolen data.
Unfortunately, most organizations overlook the dangers that are posed by the availability of fraud guides online an aspect that predisposes them to serious digital and commercial risks that are not limited to phishing attacks and account takeovers. Credential to financial accounts listed on dark web marketplaces can potentially accord criminals the direct access to financial accounts, hence the funds therein.
Indeed, the information provided by fraud guides have the power to convert entry-level hackers into the most seasoned cybercriminals that may bring entire organizations to their knees.
You can join the discussion on Dread and Tape forum