Cyber-criminals are doing a roaring trade in “how-to” fraud guides for their fellow scammers, although many are out-of-date and incomplete, according to new dark web research from Terbium Labs.
The cyber-intelligence firm analyzed nearly 30,000 of these guides to compile its latest report, Fraud Guides 101: Dark Web Lessons on How to Defraud Companies and Exploit Data.
These online documents typically include instructions on specific fraud capabilities such as account takeover, phishing, cashing out, doxing, synthetic fraud, account creation and so on.
They could feature instructions, personal notes from the author on their experiences of what works and what doesn’t, social engineering and technical advice, and more.
However, while it appears to be an ominously thriving industry, it’s unclear exactly how much value these guides are offering to the typical fraudster.
According to Terbium Labs, over a quarter (26%) of guides are more than a decade old, and there are more out there from 2010 than 2017 and 2018 combined.
“Any guidance or information from within a few years is bound to still be helpful for criminals looking to get started, but once we get five or 10 years out, the value certainly decreases,” Terbium Labs VP of research, Emily Wilson, told Infosecurity.
“If buyers think they’re getting the most up-to-date methods in these major fraud collections, they’re going to be surprised and disappointed. These collections represent the information gathered over a couple of decades, rather than a highly curated group of the most recent materials.”
What’s more, three-quarters (75%) of those analyzed were found to be duplicates which have simply been repackaged and resold, at an average of £6 each.
“What we see here is a criminal community gathering information over time, and then doing what vendors do best: repackaging it and reselling it under their own name, looking for a new way to turn a profit,” Wilson continued.
“These guides require little work to gather, and even less work to throw into a zip file and market under your own brand. They’re in business to make money, and what better way to make money than to repackage someone else’s work and pass it off as your own?”
In addition, some 11% of fraud guide purchases the researchers attempted to make on the dark web turned out to be scams, the report revealed.
However, despite all the scams and the old and incomplete data found in many guides, the info gathered by the dark web intelligence vendor could still be useful for organizations trying to get inside the fraudster’s head. It could even be used by risk teams to help evaluate current fraud controls and detection services, for example.
Terbium Labs also ran a check on the appearance of personal and financial information in the guides to see what was of greatest interest to fraudsters.
Surprisingly, email addresses came out top, ahead of payment card data and other PII, according to the report.