A finance worker lost $39m to a deepfake scam. Here’s why it’s a warning for your business.
Payment Security 101
Learn about payment fraud and how to prevent it
It’s safe to say the internet is a vast and diverse ecosystem, constantly growing and evolving. A lot of people are shocked to learn the true depth of the internet, which can be broken down into three sections: the surface or visible web, the deep web and the dark web.
It’s complex, technical and due to its ever-evolving nature, it can feel overwhelming and difficult to digest. But, like anything which intimidates or worries us, the first step to removing anxiety is to dive into learning and understanding how these things work. From there, we assess risk levels and consider small changes that can make a big difference.
As of December, 2023, there are currently around 1.1 billion websites in the world. In fact, right now there are about three new websites created every second. (*) The catch, however, is these numbers represent websites residing on the surface web.
To put it simply, the surface web is the portion of the World Wide Web that can be indexed by search engines, such as Google, Yahoo or Bing. These would be your everyday websites – for example, ecommerce sites, government websites, blogs, social media platforms and more.
However large the surface web may seem, it only accounts for about 4% of the internet. (*)
When considering the surface web as the indexed portion of the World Wide Web, the deep web is simply the portion of the internet that cannot be indexed. The deep web is said to account for 90% of the internet, which really puts the size of the internet into perspective when we think about the number of websites accounting for the surface web.
Although you won’t find deep websites through a simple Google search, with the proper URL you can access these pages from your normal internet browser (i.e. Google Chrome, Safari, etc). An example of something on the deep web could be anything from a confidential employee-only intranet to cloud storage to the wedding website created to be shared with close friends and family. Generally, the only people who should land on these sites are those with a unique URL or access code.
Despite users of the dark web needing to be weary before jumping in, the number of people accessing the dark web is continuously snowballing. According to BDO, during Q3 of 2023, daily users of the dark web rose to 2.7 million, up by 200,000 from the same period in 2022.
Although constantly painted with a reputation for illicit and illegal activities, the dark web isn’t all bad news. In fact, the earliest usage of the dark web dates back to the late 1990s, where two research organisations in the US Department of Defence looked for new ways of secret and secure communication not traceable by foreign enemies. (*)
Though it wasn’t necessarily intended for illicit purposes, there’s no denying its true potential wasn’t fully realised until much later.
Originally titled The Onion Routing Project, now called Tor Project for short, is an anonymous private network used to brows the dark web. As a continuation to the history behind the dark web, Tor was originally created and used by the US Navy before becoming free for anyone to use as an open-source network in 2002. (*)
Leveraging the onion as an analogy, Tor has several layers and techniques for transmitting data. When users are browsing Tor, unlike the surface web where information is directed from the user directly to the site, using Tor the data is completely decentralised. Data will be routed and bounced through several different computers and relay points, making it completely and utterly impossible to trace. (*)
Although the Tor software is a free download and it’s completely legal to use (it’s important to note the Tor web is not designed or intended for illegal activity), it’s important to know where you want Tor to take you – and what could be lurking when you get there. When it comes to the dark web, users should be prepared to confront a mix of the good, the bad, and the ugly.
Let’s start by recognising the dark web has a diverse range of users with a diverse list of uses – not all of them nefarious.
Government agencies: as a nod to its original purpose, the dark web is still used today by government agencies for communication, to investigate criminal activity or to gather intelligence.
Whistleblowers and activists: people who want to report illegal or sensitive information with journalists or proper authorities – or those who are trying to evade oppressive governments – may turn to the dark web as a way to guarantee identity protection.
Journalists, privacy advocates and researchers: in a professional capacity, these individuals may turn to the dark web to seek out opportunities to interview anonymous witnesses, sources of information or whistleblowers, seek out information on illegal markets and/or to publish their work.
Cryptocurrency investors: much of cryptocurrency was born out of the dark web audience, therefore it’s no surprise you’ll find many investors and advocates on the dark web for discussions, research and trading in some capacity.
Criminals: and then, for every good group, you’ll often find a bad apple. And, unfortunately the criminals of the dark web are what have given the space an extremely negative reputation. There’s a laundry list of uses for criminals on the dark web, including access to stolen data, selling drugs, hacking, and more. We detail this further, later in the article.
Despite its sinister reputation, Tor and the dark web infrastructure weren’t created with ill intentions. Here’s a few of the top legal uses for the dark web which exist today, as sourced on MOU:
On the flip side, it’s no surprise there’s plenty of illegal activity happening on the dark web. And, unfortunately, it can be incredibly hard if not impossible to stop. These are some of the top illegal activities on the dark web, which are often highlighted in news and research today:
According to Privacy Affairs Dark Web Price Index 2023, the dark web markets continue to grow as we head into the new year. To highlight a few from their list:
The list is quite lengthy, but this gives a pretty good idea of how much can be purchased from the Dark Web.
Once again referencing Privacy Affairs, during the later part of 2022, law enforcement started taking further action to shut down a number of illegal operations. However, unfortunately this didn’t have a massive impact, as many new operations and websites were created within a day.
It’s not all doom and gloom, though. Stories such as this one from May 2023 highlight authorities in the US and Europe arrested +300 people in seizing a dark web drug trafficking marketplace. The article mentions over $53 million were also confiscated in the process.
As the authorities continuously try to track and stop illegal dark web activities, internet giants such as Google are also trying to spread awareness and encourage protective measures for consumers. In May 2023, they announced a new tool for Gmail users which will allow account owners to see if their email is being used on the dark web.
Legal consequences: if you access the dark web with the intent to purchase or sell any of the items listed earlier in this article, you could face severe consequences. This includes potentially facing legal consequences, even if you only stumbled onto a website by mistake.
Malware or hacking: without proper security in place, by accessing the dark web you become highly vulnerable to potential cybercriminals accessing your device. Scammers are also known to scam other criminals by creating counterfeit, malware-riddled versions of popular downloads like WormGPT. There is a high risk for your device to become infected by malware or viruses.
Lack of surveillance: venturing into the dark web can mean venturing into the unknown, and because of the nature of the dark web and the risks assumed by accessing it, there’s very little action you can take if someone targets or scams you.
Well, like anything, the first step to preparedness is awareness. A recent article by Statista states 70% of adults worldwide are said to be unfamiliar with the dark web – a glaring statistic when we consider the level of risk and activity going on beyond the surface web.
AI cyber scams are on the rise. Here’s what finance professionals need to be on the lookout for.
A new invoice swapper tool makes it easy to seamlessly switch real documents with fraudulent details.
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.