How financial crimes are hidden in the dark web

The internet can sometimes be a murky place. It is a vast, decentralised network that has revolutionised the way we live in both positive and negative ways. Many people will be familiar with cyber-crime and the risk of having credit card information or your identity stolen, but are perhaps not as familiar with the darker recesses of the internet. There are places that exist beneath the surface of the ordinary web which are inaccessible to the majority.

These places are collectively known as the dark web and are where criminals can anonymously exchange goods and information outside the reach of police and security services. The dark web has inspired thousands of headlines on drugs and explicit images, but the truth is maybe a little different. Ignoring the hype, we take a look at exactly what the dark web is and the risks it creates.

What are the dark web and deep web?

Firstly, it is important to understand the different layers of the web – the surface web, the deep web, and the dark web. The surface web is any content that can be catalogued by search engines, these include the types of website we all use every day, which search engines like Google ‘index’ by following hyperlinks and tracking keywords.

Content in the deep web is not necessarily completely hidden or anonymous, but it cannot be indexed in the same way as the surface web. This includes content that is behind firewalls, paywalls and other types of protection, or things like a website’s internal search results.

The dark web is a section of the deep web that is deliberately hidden and cannot be accessed with regular web browsers. The dark web came about as a result of the US government developing software known as Tor in the mid-nineties. It was a way of allowing intelligence to be shared around the world without fear of interception. It works by encrypting a user’s location and the information they send and receive, ensuring privacy and anonymity. Inevitably a community of users grew that exploited this security for illicit means – giving rise to ‘the dark web.’

Financial fraud and the dark web?

However, the size and nature of this layer of the web may be overhyped or misunderstood. It may be the case that people confuse the huge deep web with the dark web (which is a subsection of the deep web), or that the salacious headlines about places like Silk Road create the idea of a digital Wild West. Whatever the reason, research from Intelliagg shows that the dark web is made up of only about 30,000 websites and that 48% of the content could be deemed illegal.

Interestingly, 40% of this illegal activity was categorised as ‘leaked data’ or ‘financial fraud’ – indicating that the dark web is an important tool for criminals looking to compromise or abuse personal financial details, such as credit card numbers or bank log-in details. Considering there were 5.1 million incidents of online fraud in England and Wales in 2014-15, the potential growth in the use of anonymous marketplaces and forums to sell financial data is huge.

The types of data available to buy on the dark web often come in packages. Some may contain basic pieces of data like a credit card number, name and CVV2 code, while others can have a ‘dump’ of the data that is stored on the magnetic strip of a card, allowing it to be cloned.

Certain websites will even offer a package containing the full financial information of a victim – allowing the criminal to open false bank accounts where they can transfer and store their illegal gains. Such details can often change hands for as little as £5 - £10 per card and it is often more profitable to sell financial information than to use it for fraud.

How thieves steal financial information

Financial details can be obtained in several different ways, common methods include ‘phishing’, ‘skimming’, malware or data leaks. Phishing will usually involve a fake email or website that entices a user into entering their credit card details in good faith. Skimming is the use of a device mounted to a card reader – either in a store or at a cashpoint that stores the card’s information when swiped.

Malware is software that is secretly installed on your computer when you visit an unsafe website or download an infected file – it will search for data stored on your computer and track when you enter information into forms.

Data leaks are when a website or company that stores a large number of card details gets hacked – such as in 2015 when Carphone Warehouse suffered a breach that exposed the personal data of 2.4 million customers including the credit card details of up to 90,000 people.

Protect yourself

There are simple steps you can take to lower the risk of being a victim of financial fraud which mainly involve being vigilant when sharing any personal details online. It is also a good idea to check your bank’s policy when it comes to requesting personal data – most will never ask for a password or pin over the phone for example – so that you can spot unusual requests more easily.

Learn more about online identity protection in our articles on avoiding scams and best practices for avoiding identity theft.