Online ‘classes’ in how to commit card fraud are available on the dark web, making it easier for novices to find ways of committing financial crime.
Online tutorials were exposed by UK-based Featurespace, a provider of behavioral analytics technology, which showed how fraudsters could learn the basics of using stolen credit card details – which are also readily available to buy.
Guides for sale
Meanwhile network security specialist Terbium Labs produced a report this year called ‘Fraud Guides 101: dark web lessons on how to defraud companies and exploit data’, which studied the huge numbers of fraud guides being offered for sale. Some 30,000 were examined to see what guidance criminals are passing on and which types of data are viewed as most valuable. It was shown email addresses in particular are sought after since these can be used for phishing, account takeovers and to track down an individual’s banking details and other potentially useful information such as what retailers are used
as well as social media accounts. Guides also include tips on bypassing and resetting passwords.
It was pointed out that guides are low cost – typically under $4 – to set out the basics, while a more complex one on building a synthetic identity cost $58. Further, cyber security firm Sixgill reported over 23 million credit and debit card details were for sale in underground forums in the first half of 2019 and of these, two out of three originated in the US, and in second place came the UK, even if this was just over 7% of the total.
Too often it is believed that cyber criminals are virtually impossible to apprehend, but some arrests are being made, including one last month following an operation run by the Metropolitan Police’s Cyber Crime Unit. It was announced that five women and three men from an organized crime group based in London had been arrested for activities connected to the sale of stolen bank account and credit card data on the dark web. This was obtained via spoof retail sites which harvested personal financial information and it was said the number of victims may amount to tens of thousands.
Detective Sergeant Rick Nolan said:
“This was a sophisticated fraud, where the victims were duped into creating accounts and entering their personal details onto what they believed were genuine online shopping sites.”
Authorities such as the FBI have also acted by shutting down sites that sell drugs and arms such as AlphaBay, although it has been proven that criminals migrate and set up others.
Given the scale of stolen card data, there are no quick fixes. Certainly, financial services providers must ensure their security professionals are monitoring the dark web, that they seek to educate their customers in keeping details safe, including using different passwords, and that they invest in the best anti-malware systems.
The dark web is not going to disappear and indeed, its purposes can be positive as well as negative – for example, it is used by those where free speech is repressed, for example, and also by whistleblowers. Analysis of the dark web can help with spotting trends and seeing if there are patterns in where stolen data is coming from.
For financial services firms in particular, using intelligence – both traditional and artificial – and having the strongest defenses has to be the order of the day, with financial data being such a highly prized commodity for criminals.