As developers of a fraud prevention tool, we have to know what we’re up against. It’s not enough to create a platform that reduces fraud by detecting patterns: we have to understand exactly how fraudsters operate.
This is why we went deep on the Dark Web to find answers. Since an increasing amount of clients in the travel industry are impacted by fraud, it’s the the vertical we decided to investigate. So what did we find exactly? The results of our search were astonishing. But first, a quick refresher:
What Exactly is The Dark Web?
The Dark Web also known as Darknet or Deep Web, is content that uses the Internet but needs to be accessed via specific software. The most common one is Tor browser, which lets people browse anonymously. It is what we used to access some addresses (that of course you can’t find by using search engines like Google). Note that the terms Darknet, Dark Web and Deep Web aren’t exactly interchangeable, but the differences are pretty technical. You can find more info about it here.
How Easy Was it to Access it and Start Buying?
Very easy. All you need is to download a specific browser (we used Tor) and know where to look. There are enough step by step guides available on the Clearnet (the Internet we use everyday) to get started.
One thing to note is that the Dark Web is fueled by cryptocurrencies. Being anonymous (or at least very hard to track to a physical address) bitcoins, litecoins and other cryptos are the preferred method of payment for fraudsters and cybercriminals.
What Exactly Could We Buy?
This is the scary part. Within minutes, we were able to access certain Dark Web forums where sellers offered their wares. One anonymous user in particular gave the following price list:
- Airline flights sold at 30% of their retail value
- Hotel bookings sold at 35% of their retail value
- Car rental at 30% of retail value
- Tours and activities at 30% of retail value
The forum users were impressed with this seller’s’ ability to deliver flights bought with stolen credit cards. With over 200 sales, they only had 5 star reviews, some of which included the comments: “Customer service was superb. Delivered promptly and flights went smooth. Nothing else to ask for in a vendor. Will be using them from here out.
Another seller also offered flights, hotel and car rental packages at 30% of the retail value. Except they added an extra income stream in the form of illegal drugs.
But the Dark Net is not just for buying products. You can also kickstart your own fraudster career by acquiring knowledge. For instance, you can purchase:
- A guide on how to book flights with stolen credit card information ($150)
- Hotel carding beginners guide ($150)
- 15 chapters ebook on how to use stolen credit cards, including a chapter dedicated to flight tickets
Finally, it’s worth noting that wannabe cybercriminals don’t even need to go as far as joining the Dark Net to find their information. Some Clearnet sites also sell stolen account credentials for online websites, including:
- Login details for major airline operators, hotel booking websites and travel agencies, starting at $0,2 – $1,55 per account.
These vendors show you when the credentials were stolen, and the low price lets you know some of them might not work. In fact, there is a whole second hand market of fraudsters selling accounts that do not work as a scam. However, the chances that your customers are at risk from an account takeover attack (ATO) are still multiplied if their credentials happen to be part of the stolen lot.
So What can Fraud Managers Do?
Sadly, the Dark Web is not going away. Even if all fraud managers in the world united, you can’t take it down. Similarly, hackers, fraudsters and cybercriminals will always find a way to sell their tutorials and services. Being on the attack only seems to help them create new channels and avenues.
But in terms of defense, companies benefit from large resources that can really make a dent in their earnings. For instance, machine-learning has shown time and time again that advanced technology can detect patterns that fraudsters aren’t aware of. In short, you can’t make them go away, but you can surely make their life harder.
We focused on the travel industry, but could have easily written an article about other verticals. The point is that fraudsters are everywhere, and they are multiplying. Freedom and low cost of information means those who want to launch their cybercriminal careers have plenty of resources at their disposal.
What fraud managers have, however, is the ability to extract patterns through data analysis. Using artificial intelligence, clever trend identification and tools like machine learning, they can truly make a difference. Yes, it means staying on top of what’s happening in the criminal underbelly, but it’s worth it to reduce fraud damages to your company (and maybe book your own holiday with complete peace of mind).