Terbium Labs, an information security company specializing in protecting companies against attempts to steal their proprietary data, has released a new report about eCommerce fraud on the dark web.
The report, ‘Fraud Guides 101: Dark Web Lessons on How to Defraud Companies and Exploit Data,’ presents the findings of Terbium Labs’ review of almost 30,000 different ‘how to’ fraud guides available on the dark web to teach cyber criminals how to more effectively steal data from unsuspecting people and merchants.
“Fraud guides represent a mass-market record of tactics and techniques that have been proven successful and easy to use,” the company said in a statement.
“Dark web vendors are in business to make money, and fraud guides cover methods and materials that vendors believe they can market to the fraud community as a whole based on the demand for certain data types or access points.”
Specifically, the report answers questions that can help merchants understand how fraudsters think, so they can better understand the data security risks they face. These questions include:
- Do fraudsters prefer personal data or financial data?
- Which financial data types appear most frequently in guides?
- What types of personal information are most popular?
- Which data types have the most intrinsic value for fraudsters?
In answering these questions, the report finds that the most common data fraudsters target is related to payment cards, with credit cards being preferred over debit cards.
Additionally, fraudsters show a marked preference for personal data over financial information; the report suggests this is because personal data can be used to access current accounts or create new ones, as opposed to financial data which can only be used for a single account.
Beyond the statistical findings, the guide offers a window into the tactics fraudsters use to take stolen data and turn it into profit.
“Dark web vendors are in business to make money, and fraud guides cover methods and materials that vendors believe they can market to the fraud community as a whole based on the demand for certain data types or access points”, the company said.
Sources: