Much of what you’ll find on the dark web gives it its shadowy reputation; the majority of dark websites are used for criminal activities, primarily drugs and finance.
Shopping for illicit material is very different to popping down to your local high-street. Besides the illegality, there isn’t a typical price list for stolen credentials and the like.
How much something is worth depends entirely on the value to the buyer, but how much would your information be worth on the dark web?
Below is a list of all the topics we will cover in this article. Go ahead and click on any of these links, and you’ll be taken to that specific section.
What is the Dark Web?
The Dark Web is a hidden portion of the internet which is not indexed by search engines and as such, cannot be accessed by them. It is associated with illegal activity such as trading with drugs, weapons, explosives, pornography, and data.
The dark web was created by the US government to allow spies to exchange information completely anonymously. US military researchers developed the technology, known as Tor (The Onion Router) in the mid-1990s and released it into the public domain for everyone to use.
To access the dark web you need to use an anonymous browser. The Tor browser routes your web page requests through a series of proxy servers operated by thousands of volunteers around the globe, rendering your IP address unidentifiable and untraceable. For example, if a user in Singapore is trying to connect to a website in London, that request on a TOR browser could be routed from Singapore to New York to Sydney to Capetown to, finally, London.
Tor makes both the information distributor and its receiver difficult to trace. Around 2.5 million people access the dark web every day but not everything is illegal, the dark web also has a legitimate side. Using the dark web is not a crime in itself.
The Value of Data
From names and addresses to payment information, customer data is routinely bought and sold on the dark web. But what determines the value of customer information and how much do criminals pay for it?
Researchers at Privacy Affairs have scanned dark-web marketplaces, forums, and websites, to create the price index for a range of products and services relating to personal data, counterfeit documents, and social media.
The Dark Web Price Index 2020 is Privacy Affairs’ deep-dive into the various kinds of stolen personal information available. Amongst an extensive price list, it shows that online banking logins cost an average of $25, a person’s full credit card details including associated data costs between $12-20 and a full range of documents and account details allowing identity theft can be obtained for $1,275.
When it comes to forms of payment, a cloned American Express card with PIN tops the card menu at $35 a pop, while credit card details generally sell for as little as $12-20. As for payment processing services, PayPal accounts are by far the most commonly listed items.
Stolen account details typically ‘retail’ for lower prices than actual transfers from compromised accounts. This is most likely because it poses a far lower risk buying and selling information than actually trying to extract value from it. It’s also an instant giveaway if a customer notices a fraudulent transaction in their account.
Offers to hack social media accounts aren’t a commonly listed item according to the report, which attributed this to bolstered security measures by social media platforms, as well as a low demand. Meanwhile, Gmail accounts command a relatively high price at an average of $156. This may be because a lot of people use single sign-in options, which means a compromised email account could open up a treasure trove of data and access to various other services.
Professional criminals are also offering their services for hire. Potential buyers can shop around for cyberattacks with prices depending its size and duration, starting at $10 and going up to over $800. Hackers also offer various forms of malware for sale with prices starting from $70 and going all the way up to $6,000 depending on various factors.
How We Can Help
Our leading solution to mitigate the risk of impersonation fraud, FraudWeb searches over 600 million records on the Dark Web for your customers’ information to prevent fraud from taking place.
When opening an account, a customer is asked to provide their personal information and the solution takes care of the rest:
- Process – Once a customer has created an account, a single API is used to pass customer data through the FraudWeb engine.
- Checks – FraudWeb checks the dark web for PII and any unique customer data, including identity, personal or financial data.
- Results – The result is then returned to show whether there are any matches (partial or a full match) of your customer’s details found.
FraudWeb provides an extra level of security by searching and monitoring customer PII against compromised data on the Dark Web.
Download our FraudWeb product guide below, or click here to book a demo.