Ai Editorial: Be it for how fraudsters run their respective businesses to what and how the same is being sold on the dark web, the functioning of this marketplace is fascinating to say the least.
Originally published on 17th March, 2021
Trading for stolen loyalty currency, data etc. on the dark web is quite similar to any online marketplace, with options varying from shopping categories to what’s available within various categories to the profile of the fraudster and criminal gang, and lot more.
The modus operandi is quite sophisticated and it is reflected in what and how fraudsters run their respective accounts.
“Fraudsters need to show they do legitimate business, sell authentic data and work on their reputation…even offer the option of refund,” mentioned Tobias Wieloch from Europol (European Cybercrime Centre or 3C), during a webinar conducted by the Loyalty Security Association’s (LSA) last year.
The fraudsters also stipulate refund and replacement policy. Wieloch added that the majority of attacks rely on existing modus operandi and benefit from known vulnerabilities.
How to shop on the dark web?
As for how fraudsters buy information on the dark web, Sift’s Kevin Lee, presenting at LSA’s webinar last month, explained the entire process. It goes as follows: set up TOR + VPN, find a marketplace of choice (Tochka, SlilPP etc.), create an account, start shopping and pay with alt-coin. Among the used software, Tor browser is the most common one, which lets people browse anonymously.
There are messages, chats etc. that one can across, featuring sellers.
For instance, a room called BBC LIVE has close to 1700 members. A member recently posted a picture of a hotel room and under the title, “Hotel Booking Method”, the description is as follows:
100% private method and guide for booking hotels such as Marriott, Hilton and more.
Also including the flight method.
This method doesn’t come cheap.
Serious inquiries only.
In another room, a member highlighted a flight booking method. “I (have) got a flight booking method that really works, not Expedia. I charge $100 for it…you will be able to fly anywhere for as long as the ticket is under $800. I only fly off this method,” wrote a member. The parting message: “My method I didn’t buy it from anyone else.”
The problem of account takeover (ATO)
Account takeover (ATO) is an industry agnostic problem and overall the fraud ecosystem is a well-connected engine, asserted Sift’s Lee.
Lee provided a comprehensive insight into how fraudsters access and run forums and dark web marketplaces, and what’s up for sale during the webinar.
Sharing real examples, Lee mentioned that currently Domino’s Pizza 1.3 million user accounts are for sale. In the travel sector, Choice Hotels’ 171k user accounts were being made available. The list also featured several other established hotel and airline brands, including Accor, British Airways, AirAsia etc. Each account is being sold at a different price, and the marketplace is active and witnesses action just like any e-commerce platform. Certain accounts up for grabs that were shown in the webinar were posted recently on the darkweb.
“There is a thriving marketplace on the darkweb (that supports such malicious activity),” said Lee.
What can merchants do?
Lee stated that as a merchant one should deem that all the accounts have been breached.
“It is imperative to deploy solutions that detect account takeover in real-time,” recommended Lee. Also, the time has come when one must strategically verify risky logins and activity via dynamic friction.
By Ritesh Gupta
Ai’s upcoming events: https://www.aiconnects.us/events/upcoming-events/