Fraud guides accounted for nearly half (49%) of the data being sold on the dark web, followed by personal data at 15.6%, according to Terbium Labs.
Researchers surveyed three major dark web marketplaces: “The Canadian HeadQuarters”, “Empire Market” and “White House Market,” sorting all data listings into six categories: personal data, payment cards, financial accounts and credentials, non-financial accounts and credentials, fraud guides and fraud tools and templates.
Dark web marketplaces mimic big box retailers
Cybercriminals have transformed the operational structure of these dark web marketplaces over time to mimic the rapid growth of big box retailers, such as Amazon and eBay, complete with search capabilities, e-commerce and seller ratings.
These three markets in particular are more likely to stock a higher percentage of damaging data to corporations due to the unique combination of inexpensive personal and financial data as well as straightforward “how-to” type data, allowing cybercriminals to carry out attacks with ease.
According to the findings, fraud guides – listings claiming to sell guides and processes – were the most frequently sold category of data (49%), followed by personal data (15.6%), non-financial accounts and credentials (12.2%), financial accounts and credentials (8.2%), fraud tools and templates (8%) and payment cards (7%).
Fraud guides negative impact often overlooked
The risks to businesses are exacerbated by the fact that cybercriminals can get value for their money. The average cost of a single fraud guide is just $3.88, whereas a collection of guides sold under a single listing costs $12.99.
The negative impact of fraud guides is often overlooked by organizations, leading to greater digital risks to a business, such as phishing, business email compromise, account takeover, credential harvesting and fraud.
The material within fraud guides allows for the most novice cybercriminals to cause damage to individuals and organizations alike, turning commodity data into financial crime.
The value of personal data
The second most prevalent type of data found on these marketplaces – personal data – exposes organizations to phishing attacks, business email compromise as well as account takeovers, enabling criminals to target individuals more accurately and impersonate their victims.
The average price for a single personal record was $8.45, while the cost of a single personal record can drop as low as $1.00.
“We routinely see stolen data for sale on these markets for surprisingly low prices, considering how expensive the consequences of stolen data can be to an organization,” said Tyler Carbone, Chief Strategy Officer of Terbium Labs.
“The missing piece here is the way criminals buy that data and make use of available knowledge and tools to exploit it. It is incredibly important for organizations to detect and respond to stolen data earlier – when it’s at that “raw material” stage – in order to reduce damage and prevent it from ever being used effectively as an instrument for expensive cybercrime.”