Terbium Labs, the premier dark web intelligence company, today announced the findings of new research examining the market for fraud guides for sale on the dark web and their impact on data security.  The report titled, “Fraud Guides 101: Dark Web Lessons on How to Defraud Companies and Exploit Data,” analyzed nearly 30,000 guides to determine what fraudsters are selling; what they’re teaching; how these guides impact an organization’s understanding of data security; and countermeasures that can be taken by organizations to minimize data theft and risk from data exposure.

“Fraud guides illustrate the most popular, easy-to-use methods to commit cyber-enabled fraud,” shared Emily Wilson, VP of Research at Terbium Labs. “The guides provide unique insights into how cybercriminals think, talk, and operate on the dark web. By evaluating the contents of these guides, we can better understand the dark web fraud trade and deploy effective strategies and technologies to protect our most critical data.”

The report found that the data most desired by fraudsters, and therefore most at risk, includes:

  • Email Addresses. Terbium researchers found email addresses have the most intrinsic value to fraudsters based on an analysis of which mentions of data types appear in isolation most frequently. They provide fraudsters with a reliable and unique identifier for phishing campaigns, account takeover, and other fraud-enabling attacks.
  • Financial Data. Payment cards are the primary financial data type mentioned in fraud guides, referred to in 36% of the guides examined, followed by bank accounts and payment processor information.  Fraudsters prefer credit cards to debit cards 85% of the time due to the host of limitations that make debit cards less popular for typical carding schemes.
  • Personal Identification Information (PII). While Social Security Numbers (SSN) are incredibly valuable to fraudsters, they appear less frequently than credentials including usernames, passwords and email addresses. This distribution illustrates a fraud community focused on ease of monetization and reliant on the most commonly exposed data types in breaches, as well as the most ubiquitous data types for users operating online accounts.
  • PII vs. Financial Information. On average, personal information keywords appeared more frequently (in 55.7% of guides) than financial information keywords (44.3%).  In most cases, the utility of personal information is its connection to existing financial accounts or as a gateway for fraudsters to open new financial accounts under an assumed identity.

Other notable findings include:

  • Age and Distribution. More guides appear from 2010 than from 2017 and 2018 combined, with 26% of the guides examined being more than a decade old. An overwhelming majority (75%) of materials are duplicates with fraudsters repackaging and reselling the same materials under their own names several times over.
  • Cost. Fraud guides are remarkably affordable.  The average cost per single guide listing was $3.88 and $12.99 for a collection of guides sold under a single listing.  The average price across all listings was $7.80.
  • Materials. Fraud collections focused on identity theft or account creation offered the most supporting materials, including media assets like templates, vector images, official seals or stamps, and examples of legitimate documentation.

The expanding threat landscape and new business innovation has organizations spending more than ever to deal with the cost and consequences of sophisticated attacks. In the Ninth Annual Cost of Cybercrime Study, Accenture and the Ponemon Institute found that the average number of security breaches in the last year grew by 11%, the average cost of cybercrime for an organization increased to $13 million (from $1.4), and the total value at risk globally to grow to $5.2 trillion over the next five years.

At a time of heightened security risks and an ever-evolving digital landscape, fraud guides are particularly salient. Much like how the fraud guides offer would-be criminals steps for exploiting vulnerabilities and wreaking havoc on systems, in this research Terbium Labs provides a systematic approach that combines technical, legal, and procedural guidance to help organizations and security teams make informed decisions and combat existing threats. Organizations can use the knowledge gathered in this report to evaluate their existing controls and fraud detection services and keep tabs as new exploit techniques emerge.

Click here to obtain a copy of the Fraud Guides 101 report