Dark web data intelligence provider Terbium Labs released the findings from its new research report, “Inside the Dark Web: Fraud Guides.” The report takes an in-depth look at content from more than 1,000 fraud guides available for sale on the dark web. Terbium analysts found that while the majority of these guides are useless (74%), as many as 20 percent have the potential to cause financial harm to individuals and organizations by instructing readers how to exploit legitimate policies and processes or use malicious code against an organization’s systems. Those organizations most at risk include retail and financial services companies.
On the heels of its industry-first research, The Truth About the Dark Web, Terbium sought to provide an equally transparent, objective, and fact-driven look at dark web tradecraft. While Terbium’s past research found that the majority of content on the dark web is legal (51%), that does not mean that it is safe. At a time of heightened security risks and widespread access to encrypted communications, fraud guides are particularly salient. The goal of this research was to gain a better understanding of the information available in fraud guides, to test their validity, identify potential threats to organizations, and to allow for appropriate countermeasures to be taken.
“The industry tends to be reactive when dealing with dark web threats,” said Emily Wilson, Director of Analysis at Terbium Labs and an author of the report. “We wanted to get in front of these fraud guides to offer security teams a method of exploring sources of threats before they manifest. Much like how the fraud guides offer would-be criminals steps for exploiting vulnerabilities and wreaking havoc on systems, in this research Terbium provides a systematic approach that combines technical, legal and procedural guidance to help companies make informed decisions and combat existing threats.”
For the purpose of this research, fraud guides are defined as those dark web guides that provide instructions on exploiting processes, products, and people for profit. While there are tens of thousands of dark web guides available for sale, Terbium purchased 1,102 guides for its research sample. Hundreds were found to be duplicates, leaving 851 unique guides to be reviewed and analyzed. Terbium analysts classified 629 of these to be illegitimate, or not capable of helping an individual harm another individual or organization. However, of the 222 legitimate guides remaining, 89 percent were also actionable — meaning they featured content that could enable others to scam, defraud, or otherwise harm an individual or organization.
Fraud guides targeting the finance and retail industries are the most prevalent. Together, they accounted for 59 percent of the targeted industries in legitimate, actionable guides. These guides presented readers with opportunities to exploit and subvert legitimate business processes under a cloak of anonymity and often with little prior knowledge required. For example, the Bank Drop Creation Guide provides in-depth instruction on creating bank drops (“anonymous” bank accounts created with stolen and/or fraudulent information) for nine separate financial institutions. The guide walks readers through every step, from at-home setup to at-bank withdrawal. The content requires no prior knowledge from the reader and could realistically lead them to execute the steps successfully — its thoroughness was unparalleled in any other guide Terbium purchased.
Unsurprisingly, businesses with lax procedures are targeted the most often. When one criminal finds success, the method is refined, sold and shared with others. These deceptive methods present real harm to those organizations that neglect to guard against these crooked handbooks. Targeted organizations and industries should take the concepts presented in legitimate and actionable guides seriously.
This report focuses on fraud guides that were listed for sale on two of the major dark web markets: AlphaBay and Hansa. Terbium Labs relied on listing titles, product descriptions, and customer reviews to collect a representative sample of dark web guides with an emphasis on obtaining guides targeting the finance, retail, technology, and media industries, as well as government. To view a complete overview of the methodology used and explanation of findings, download the full report here: https://terbiumlabs.com/fraudguidestudy.html