Dark web fraud guides reveal potential threats to orgs

An in-depth look at content from more than 1,000 fraud guides available for sale on the dark web revealed that the majority of these guides are useless. Still, as many as 20 percent have the potential to cause financial harm to individuals and organizations by instructing readers how to exploit legitimate policies and processes or use malicious code against an organization’s systems.

“We wanted to get in front of these fraud guides to offer security teams a method of exploring sources of threats before they manifest,” said Emily Wilson, Director of Analysis at Terbium Labs.

Guides for sale on major dark web markets primarily fall into the following categories: drugs, fraud, hacking, security & anonymity, social engineering, and other.

For the purpose of this research, fraud guides are defined as those dark web guides that provide instructions on exploiting processes, products, and people for profit.

While there are tens of thousands of dark web guides available for sale on AlphaBay and Hansa, two of the major dark web markets, Terbium purchased 1,102 guides for its research sample.

Hundreds were found to be duplicates, leaving 851 unique guides to be reviewed and analyzed. The analysts classified 629 of these to be illegitimate, or not capable of helping an individual harm another individual or organization.

However, of the 222 legitimate guides remaining, 89 percent were also actionable – meaning they featured content that could enable others to scam, defraud, or otherwise harm an individual or organization.

Fraud guides targeting the finance and retail industries are the most prevalent

Together, they accounted for 59 percent of the targeted industries in legitimate, actionable guides. These guides presented readers with opportunities to exploit and subvert legitimate business processes under a cloak of anonymity and often with little prior knowledge required.

For example, the Bank Drop Creation Guide provides in-depth instruction on creating bank drops (“anonymous” bank accounts created with stolen and/or fraudulent information) for nine separate financial institutions. The guide walks readers through every step, from at-home setup to at-bank withdrawal. The content requires no prior knowledge from the reader and could realistically lead them to execute the steps successfully – its thoroughness was unparalleled in any other guide the analysts purchased.

Unsurprisingly, businesses with lax procedures are targeted the most often. When one criminal finds success, the method is refined, sold and shared with others. These deceptive methods present real harm to those organizations that neglect to guard against these crooked handbooks. Targeted organizations and industries should take the concepts presented in legitimate and actionable guides seriously.

While Terbium’s past research found that the majority of content on the dark web is legal (51%), that does not mean that it is safe. At a time of heightened security risks and widespread access to encrypted communications, fraud guides are particularly salient.