With our latest research, Fraud Guides 101: Dark Web Lessons on How to Defraud Companies and Exploit Data, Terbium Labs investigates dark web fraud guides to create a detailed, first-hand account of the illicit educational wing of the dark web.
Following the launch of the infamous Silk Road marketplace in 2013, criminals have been using the dark web as a technological platform to find faster, more creative ways to exploit secure systems, compromise sensitive data, and profit from financial fraud and identity theft. They’ve learned a lot in those years, and they’ve adapted tactics and techniques from previous decades to take advantage of technology’s speed and efficiency.
This information – the how to of digital crime – is preserved in guides and tutorials. These guides are widely available for sale on major dark web markets, alongside the sensitive data and financial details fraudsters need to carry out their schemes.
Fraud guides represent a mass-market record of tactics and techniques that have been proven successful and easy to use. Dark web vendors are in business to make money, and fraud guides cover methods and materials that vendors believe they can market to the fraud community as a whole based on the demand for certain data types or access points.
In this report, Terbium Labs unpacks findings from a set of nearly 30,000 fraud guides to understand what fraudsters are selling, what they’re teaching, and how these guides impact an organization’s understanding of data security, including answers to questions like:
- Do fraudsters prefer personal data or financial data?
- Which financial data types appear most frequently in guides?
- What types of personal information are most popular?
- Which data types have the most intrinsic value for fraudsters?
In answering these questions, Terbium Labs unveils a fraud community with clear preferences and established norms around marketing and exploiting different data types. The tactics and techniques framed in these fraud guides provide vital insight from the front line of criminal communities about how fraudsters view and value data.
Using this insight and the institutional knowledge codified in these guides, companies can partner with Terbium Labs to develop a more robust monitoring system to detect when their sensitive information appears online. Organizations can use this knowledge – the appearance of sensitive data, combined Terbium’s unique context on criminal insight into popular fraud schemes and exploits – to evaluate their existing controls and fraud detection services and keep tabs as new exploit technique emerge.