Cybercriminals are capitalising on the availability of “how-to” scam guides for sale on the Dark Web, yet some fraudsters could find themselves being scammed while attempting to purchase them.
In a report titled “Fraud Guides 101: Dark Web Lessons on How to Defraud Companies and Exploit Data”, researchers at Terbium Labs analysed nearly 30,000 fraud guides – which include information on how to carry out specific forms of cyber attacks such as phishing scams, doxing and synthetic fraud.
The report found that data most desired by fraudsters includes email addresses, which have the most ‘intrinsic value to fraudsters’. How-to guides focusing on this area provide fraudsters with a “reliable and unique identifier” for phishing campaigns, account takeover and other fraud-enabling attacks, the report found.
Payment cards were identified as the primary financial data type mentioned in fraud guides, – referred to in 36% of the guides examined.
Information on payment cards was followed closely by bank account details and payment processor information. Fraudsters typically prefer credit cards to debit cards, researchers at Terbium also found, due to the “host of limitations that make debit cards less popular for typical carding schemes.”
Commenting on the study, Terbium Labs’ VP of Research Emily Wilson said: “Fraud guides illustrate the most popular, easy-to-use methods to commit cyber-enabled fraud. The guides provide unique insights into how cybercriminals think, talk, and operate on the dark web.
“By evaluating the contents of these guides, we can better understand the dark web fraud trade and deploy effective strategies and technologies to protect our most critical data.”
Interestingly, Terbium Labs found that older guides appear to be the most popular go-to resources for fraudsters. More than one-quarter (26%) of guides are more than a decade old, while there are more guides from 2010 available than from 2017 and 2018 combined.
An overwhelming majority of guides (75%) also appear to be duplicated, with fraudsters essentially repackaging and reselling the same materials under their own name “several times over”.
Additionally, roughly 11% of fraud guides that researchers attempted to purchase on the dark web turned out to be scams.
Despite rampant duplication, these guides are “remarkably affordable”, with the average cost of a single guide being just shy of four dollars. A collection of guides sold under a single listing could also expect to sell for an average price of £12.99.