‘Tis the season to be jolly, even though this year has been a challenge, to say the least. While some are thinking about end of year reports and others are looking ahead for a hopeful 2021, fraudsters remain active on dark web marketplaces. What is the criminal underground doing this holiday season? Our team investigated major dark web marketplaces and came up with a top 24 Christmas countdown of what fraudsters are buying and selling this year.
1. Thanksgiving special
Fraudsters looking for a treat this holiday season can still benefit from the Thanksgiving special, widely available on dark web marketplaces. The Thanksgiving special includes hundreds of bundles, ranging from templates for bank statements, utility bills, and insurance slips to fake licenses, software to hide hardware configuration, carding methods, and dozens of tutorials. Sellers boast a wide portfolio of products, often at little over USD$30, and guarantee they “can doctor anything.” We see new holiday specials every year, and expect to again see them next year.
2. CERB method
Keeping an eye on major scams? Even though members complain “the method has died,” some scammers are still selling the CERB method. Also known as Canada Emergency Response Benefit, CERB is a taxable benefit launched earlier this year to support Canadians affected by COVID-19. The program registered hundreds of thousands, if not millions, of fraudulent claims within its first three months, according to Financial Post. During the fraudulent CERB application process, fraudsters take over a legitimate CRA (Canada Revenue Agency) account, change bank details, apply for CERB, and then launder the money through cryptocurrencies.
3. Streaming account
Fraudsters resell many types of stolen credentials on online illicit markets. A hot ticket item these days are streaming accounts for Spotify, Netflix, and Disney+. These credentials are stolen through malware infections, phishing sites, and leaked password databases published online. It’s easy for account owners to know if their account has been stolen: in their activity history, they will notice items they have never listened to or watched.
4. Lifetime warranty
When fraudsters purchase stolen credentials, there is always a risk they will be changed or revoked by their true owner. This significantly decreases the selling price of stolen credentials. To counter this, fraudsters offer a lifetime warranty promising to replace any item that no longer works. There is, however, no lifetime warranty on lifetime warranties, so these are not always seen as an effective selling argument.
5. Fullz CVV
Don’t confuse CVV with the three digits at the back of your credit card. In this case, it refers to a credit card record that is for sale. This record is limited to the cardholder’s name, address, card number, expiration date, and the CVV2. In other words, everything a fraudster needs to make an online purchase. Fullz includes the same details, but also the victim’s personal information (mother’s maiden name, date of birth). This extra information can be used to impersonate the victim and authorize a bank transfer.
6. Responsive scam page
Dark web sellers are offering various phishing scam pages for both desktop and mobile use. Aiming to steal personal details and bank and credit card information, or trick the user into authorizing fraudulent wire transfers, scamp pages mostly impersonate major Canadian banks, the government, streaming channels, and popular retailers. Given the high use of mobile these days, scammers are providing an entire arsenal of features to copy official templates down to the smallest detail.
7. Credit report
Credit reports are among the most comprehensive documents holding a person’s financial information. They include your name, current and past addresses, phone numbers, loans, credits cards, employment status, and even your civil status. This is a goldmine for identity theft. Fraudsters can either purchase credit reports built for credit bureaus, find trusted third-parties to purchase the reports from, or hack into the credit bureaus themselves. In 2017, a single hack led to the theft of 143 million credit reports, which included hundreds of thousands of Canadians.
8. Carding method
A type of fraud, carding involves stealing credit card information to then purchase various goods. Carding methods for both online and physical items seem to be in high demand this holiday season, as multiple dark web sellers are rushing to provide exclusive carding packs for sports goods, telecom providers, Amazon, and many others. Most deals come with unlimited live users and credit cards. Malicious actors promise buyers “can’t get burned, it’s all virtual” and they’ll get “super rich.”
9. Hacked database
Hacking forums have always seen an abundance of hacked databases put up for sale at low prices. In high demand, they usually include extensive personal information such as name, date of birth, email, address, passwords, cell phone number, and credit card information. In some cases, they can even contain drug and alcohol habits, income levels, lifestyle interests, family size, birth certificates, and workplace information. Some of the freshly hacked databases this month are mostly related to Quebec, but there are also ads for the U.S. voters database for 2020 and the FBI and DHS employee index.
10. Fully cracked
In a world of cloud services, it’s easy to forget how many applications we have installed and use. To prevent you from installing a software package on multiple computers, their developers use digital rights management code to limit the number of installs. Fraudsters offer fully cracked programs to either install a software package on multiple computers, or use one such as Spotify without needing to register and purchase a subscription. These cracks usually block the connection to the developers’ servers, forcing the software to authorize your use, while waiting to authenticate you – something that will never happen.
11. Bank drop
After purchasing stolen credentials on the dark web, fraudsters use them to open fake accounts in real people’s names for fraudulent activities such as cashing out, money laundering, and scamming. Also known as mule accounts, they are quite common in money laundering operations, because fraudsters are in complete control and can easily hide their footprint. As far as Canada is concerned, sellers are offering bank drop services that allegedly work for most Canadian banks and government cheques, with a “guarantee [of] 20k every drop.”
12. EMT method
EMT (Email Money Transfer) is a popular service in Canada to transfer funds directly from one account to the other, without relying on cash or cheques. Supported by most banks in the country for online and mobile banking, the beneficiary receives an email with an answer to a security question to instantly access the money. Criminals are currently selling services to bypass EMT security to cash out logs, but also EMT method bundles and tutorials for major Canadian banks.
Integrate the world’s easiest to use and most comprehensive cybercrime database into your security program in 30 minutes.
13. (Bank) Log
A log refers to credentials or logins, usually a username and a password. Not all fraudsters are competent at stealing those logs, so they would rather purchase them from online illicit markets. This gives them more time to develop methods to abuse and steal funds using those credentials. A great deal of credentials for sale are for bank logins.
14. Mail drop
When fraudsters steal a victim’s identity, they need to have documents, IDs or credit cards delivered to an address different than that on the victim’s records. Fraudsters have methods to convince companies and governments to change where the documents are delivered, a major red flag for customer service representatives. A common technique is to log in to the victim’s online account and change their address. An alternative is to add an entry in their credit report to make the new delivery address seem more legitimate.
15. SIM swap
SIM swap scams are a popular type of fraud that targets telecom companies and involve hijacking a cell phone number. To do so, fraudsters convince the telecom company to associate a cell phone number to a SIM card they own. This means all calls and SMS messages, commonly used in two-factor authentication (2FA), are sent to a fraudster instead of the owner of the phone number. Once they bypass two-factor authentication, fraudsters wipe out your bank account and max out all credit cards. As if that wasn’t bad enough, they will change your PINs and passwords, and go after email accounts, social media, and any online account linked to your mobile phone.
16. Cash out method
Stealing money from a bank account, or ordering a product with a stolen credit card may seem like any fraudster’s goal, but it is actually not. Fraudsters need to cash out the money and items to launder the funds and use them for their own personal benefit. Popular cash out methods include buying cryptocurrencies like bitcoin, and setting up a fake online shop where fraudsters purchase goods from themselves using stolen credit cards.
17. Profile 700
Everyone living in North America is fully aware they can’t really do anything in life without a good credit score. Fraudsters know that as well, so why not buy profiles with excellent credit scores at only $5? “Profile 700,” referring to user profiles with a credit score of over 700, has been a top desire among Canadian fraudsters. Mostly male profiles, they are available for all provinces and include name, address, city, date of birth, SINs, phone number, occupation, and employer. All credit bureaus are targeted by profile sellers, yet smaller and newer names in the industry are preferred.
18. Quebec / Canada
The internet has brought together people from all over the world. The same is true for fraudsters, but only to some extent. Many of them actually only deal with peers in their own region, or country. Most listings on illicit markets indicate the region and country of the product for sale, to help fraudsters choose victims that are in their vicinity. The criminal underground is vast, but not always international.
19. TO BTC
BTC refers to bitcoin, the most popular anonymous cryptocurrency. Fraudsters need to launder the proceeds of their crime, and bitcoin happens to provide a unique currency to hide their tracks. Grey services, online casinos and exchanges in offshore financial centers facilitate the purchase and conversion of fiat currencies to and from bitcoin. Competing cryptocurrencies like Monero are catching up to bitcoin in the criminal underground, but bitcoin remains the main money laundering tools of fraudsters.
20. PSD Template
A term more common among graphic designers, PSD files and Photshop templates are the foundation of most scams. How else would scammers perfectly impersonate banks, the government, universities, and delivery companies, if not by customizing templates? These design templates are fully editable, and critical for fraudsters looking to create fake birth certificates, utility statements for proof of address, driver’s licenses and passwords, and university degrees. Unsurprisingly, the most popular psd template bought this year is for CERB government cheques.
21. Gift card
Gift cards are a prized commodity in the criminal underground. They are anonymous, can be purchased with stolen funds, and exchanged online, the perfect tool for money laundering or to pay for illicit goods and services. Amazon gift cards are most common, as they give access to the biggest online store. The items bought using gift cards can be resold on eBay and on online classified ads to cash out.
22. Social media followers
Thousands of social media followers and likes can be purchased online for a couple of bucks. This is a common practice among influencers desperate to become famous at any cost, or companies that use dummy or inactive accounts to fake engagement in their community. Sellers vouch for their quality and offer lifetime warranty to anyone interested in expanding their social media reach and follower base. However, Instagram, for instance, has started detecting bots and putting an end to the practice, which, in the end, does not but destroy brand credibility when it comes out.
23. Selfie verification
Biometric security has lately been extensively promoted as the silver bullet that prevents fraud and unauthorized access to systems by analyzing unique biometric characteristics. It looks like fraudsters beg to differ, as high quality selfies are on sale to identify and authenticate individuals. These services come in bundles with driver’s licenses, SIN (Social Insurance Number) or other cards used for identification. Selfie images, however, might not bypass more modern biometric security systems that rely on eye movement to ensure the user is real and awake.
24. How to
This is by far the most common item for sale on online illicit markets. The “how to” items advertise a method to commit some sort of fraud. These are extremely varied both in terms of targets and sophistication. “How tos” can be linked in chains to attack more hardened targets. The fact that fraudsters are willing to sell methods and tutorials demonstrates they belong to a community where knowledge is shared – or sold. It also shows how organized fraudsters are, and the need for companies to organize themselves – both within, and with their peers – to effectively protect their assets and brand against digital risks.