Financial details sold cheap on the (booming) dark web

What is the dark web?

The dark web is part of the deep web, which is vastly larger than the everyday internet that you’re probably used to (also called “the surface web”). The deep web is larger by an estimated 400-500 times, encompassing a variety of hidden content. By “hidden,” we don’t necessarily mean “nefarious” – much of this data is just mundane yet unindexed information.

Within this expanse lies the dark web. While it’s a small slice of the deep web, it’s still buzzing – it boasts a substantial 2.7 million daily users, an increase from 2.5 million in 2022. Notably, only about half of the dark web’s activities are illegal, with a significant portion comprising forums, chat rooms and data hosts.

Under (relative) anonymity, users can engage in a wide range of illicit activities, such as trading narcotics or firearms. Many other activities revolve around stolen data, hacking services for hire, malicious software or extremist group content.

An underground marketplace for malicious actors

Scammers were already using the dark web to get a hold of malicious code, stolen financial details and “evil twin” AI tools like WormGPT. But the new BDO report unveils a concerning rise in these activities, notably in the trade of financial and identity details.

The increasing activity includes a bigger trade in corporate data such as user credentials and financial details – in other words, the type of information that makes it easier to carry out attacks like business email compromise (BEC). The report also finds 10,000 compromised ChatGPT accounts available. Australian drivers’ licences and passports (various nationalities) saw a price drop, trading at $465 and $1,399, respectively, down from $545 and $2,800.

The fluctuating prices on the dark web saw a notable hike in the value of social media accounts. Facebook, WhatsApp, Instagram, and Telegram accounts, previously valued at $119 in the June quarter, are now trading for around $310 each. The cost of hacking services has also escalated, with email hacking jumping to $668 from $269.

BDO’s findings also reveal the growing importance of negotiation in dark web transactions, highlighting that trust is a crucial component in this hidden market.

Evolving scam tactics reflect keen understanding of targets’ behaviour

“This is a golden era for scammers – people are using their phones to do their day-to-day admin, business systems are connected to people’s personal devices, and AI is ramping up and giving scammers an opportunity to automate and tailor their approach, meaning they will reach more people with greater ease.”

– Michael Cassidy, BDO National Forensic Services Leader

Additionally, the report notes a shift in scamming tactics, with text messaging now surpassing phone calls as the primary scam method, reflecting changes in public behaviour and the use of screening technologies.

While the report found that many scam victims were over 55 years old, it also found evidence that scammers are starting to turn their efforts toward younger generations, who are more likely to conduct day-to-day activities online.

Given their access to critical payment processes, finance and AP professionals are other common targets for scammers. Using tactics like business email compromise and social engineering – often fueled by stolen data obtained on the dark web – scammers now boast unnervingly sophisticated means for getting finance employees to make fraudulent payments.

In fact, the latest annual threat report from the Australian Signals Directorate (ASD) found that the average cost of cybercrime per report has risen by 14% since last year, with more than $80 million lost to self-reported BEC scams in a single reporting period.