Cyber crime

Financial details sold cheap on the (booming) dark web

Shanna Hall
4 Min
An online underground market for illicit activity

There’s been a rise in users accessing the dark web – that is, the internet’s unindexed underbelly and home to some of the world’s seediest markets.

But there aren’t simply more users. The market for scammer tools is also booming, which includes hacked ChatGPT accounts and a proliferation of stolen data. 

Those are just some of the alarming insights from BDO’s most recent Scam Culture Report, compiled by a team of forensic experts. During the September quarter, daily users on the dark web rose to 2.7 million, up by 200,000 from the same period last year. The most traded items include passports, credit card details, and sensitive corporate data such as user credentials and intellectual property. 

Sometimes going for as little as $38, these assets are a boon for scammers who want to defraud you. Let’s look at what dark web denizens are buying and selling – and what it tells us about the biggest threats to your organisation.

What is the dark web?

The dark web is part of the deep web, which is vastly larger than the everyday internet that you’re probably used to (also called “the surface web”). The deep web is larger by an estimated 400-500 times, encompassing a variety of hidden content. By “hidden,” we don’t necessarily mean “nefarious” – much of this data is just mundane yet unindexed information.

Within this expanse lies the dark web. While it’s a small slice of the deep web, it’s still buzzing – it boasts a substantial 2.7 million daily users, an increase from 2.5 million in 2022. Notably, only about half of the dark web’s activities are illegal, with a significant portion comprising forums, chat rooms and data hosts.

Under (relative) anonymity, users can engage in a wide range of illicit activities, such as trading narcotics or firearms. Many other activities revolve around stolen data, hacking services for hire, malicious software or extremist group content.

An underground marketplace for malicious actors

Scammers were already using the dark web to get a hold of malicious code, stolen financial details and “evil twin” AI tools like WormGPT. But the new BDO report unveils a concerning rise in these activities, notably in the trade of financial and identity details.

The increasing activity includes a bigger trade in corporate data such as user credentials and financial details – in other words, the type of information that makes it easier to carry out attacks like business email compromise (BEC). The report also finds 10,000 compromised ChatGPT accounts available. Australian drivers’ licences and passports (various nationalities) saw a price drop, trading at $465 and $1,399, respectively, down from $545 and $2,800.

The fluctuating prices on the dark web saw a notable hike in the value of social media accounts. Facebook, WhatsApp, Instagram, and Telegram accounts, previously valued at $119 in the June quarter, are now trading for around $310 each. The cost of hacking services has also escalated, with email hacking jumping to $668 from $269.

BDO’s findings also reveal the growing importance of negotiation in dark web transactions, highlighting that trust is a crucial component in this hidden market.

Evolving scam tactics reflect keen understanding of targets’ behaviour

“This is a golden era for scammers – people are using their phones to do their day-to-day admin, business systems are connected to people’s personal devices, and AI is ramping up and giving scammers an opportunity to automate and tailor their approach, meaning they will reach more people with greater ease.”

– Michael Cassidy, BDO National Forensic Services Leader

Additionally, the report notes a shift in scamming tactics, with text messaging now surpassing phone calls as the primary scam method, reflecting changes in public behaviour and the use of screening technologies.

A 4yr comparison of scam delivery methods

While the report found that many scam victims were over 55 years old, it also found evidence that scammers are starting to turn their efforts toward younger generations, who are more likely to conduct day-to-day activities online.

Given their access to critical payment processes, finance and AP professionals are other common targets for scammers. Using tactics like business email compromise and social engineering – often fueled by stolen data obtained on the dark web – scammers now boast unnervingly sophisticated means for getting finance employees to make fraudulent payments.

In fact, the latest annual threat report from the Australian Signals Directorate (ASD) found that the average cost of cybercrime per report has risen by 14% since last year, with more than $80 million lost to self-reported BEC scams in a single reporting period.

Lone figure standing in crowd
Is your data available on the dark web?
Eftsure's data breach checker can tell you whether your data has been exposed or if it may be accessible via the dark web, along with next steps for protecting your information.

Related articles

The new security standard for business payments

End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.