Financial Fraud: What Financial Crimes Do People Commit on the Dark Web? [Examples]
Financial fraud, the ancient act of depriving people of their money or capital by deceptive or illegal means, is flourishing on the deep and dark web. Whether in hidden corners of dark web marketplaces and encrypted chat apps or in plain sight on open web platforms, criminals are finding new fertile grounds to defraud, steal and launder money generated from their illicit activity. Some cyber fraudsters started communities where they publish illicit tutorials and services that help other criminals carry out financial fraud.
Our cyber analysts have explored our data feeds from deep and dark web platforms and identified 3 main types of financial fraud:
- Theft – Criminals are unlawful obtaining personal financial information, such as credit card numbers, CVVs or bank account numbers, bank login details, banknotes and others to illegally withdraw money from an account.
- Investment Fraud – Threat actors mislead investors by making false promises and hiding facts when selling investments or securities.
- Money laundering – Money launderers use platforms on the dark web to sell or transfer items purchased with laundered funds.
We see financial data entities sold on various different sources daily, which proves just how easy it is for criminals to carry out financial fraud. Credit cards, BIN numbers, CVVs, Paypal accounts, crypto wallets, bank logs, bank notes, fake money, etc. are illegally traded and sold on dark web marketplaces, data stores (marketplaces for stolen data like login credentials, cookies, PIIs, etc.), hacking forums, paste sites and chat applications.
What financial fraud and money laundering activities can found in dark web?
Crypto mixing
A common method for criminals on the dark web who abuse legal services and sites for fraud activity.
For example, SmartMixer or Dark Wallet are cryptocurrency mixing sites that can be manipulated for money laundering. A coin mixing system combines the transaction of a user with the transaction of other random users who happen to be making separate transactions through the system at the same time. It blends the bitcoins belonging to two or more users so that they appear to be coming from the same source.
Payments to the seller can be made in chunks based on the original price or at a delayed date, making it nearly impossible to figure out who made a particular transaction. Cryptocoin mixing has also led to crypto mixing scams, in which criminals pay a service only to discover it has no value.
Stolen crypto wallets
In the image below, we show an example of stolen BTC addresses offered for sale on a dark web marketplace for stolen Bitcoin cryptocurrency wallets, called BTC WALLETS. The complexity of cracking crypto wallet addresses and tokens makes this kind of financial hacking highly skillful. See an example of such a list below:
Stolen credit cards on dark web platforms
The sale of credit cards on dark web marketplaces and data stores is a well-known phenomenon, but it’s as common on Telegram and ICQ too. We index thousands of credit cards every month from such platforms where they are offered for sale. Here are a few examples:
Credit cards for sale on the dark web marketplace Clone CC Crew
Credit cards for sale on popular data store Russian Market
This data store also sells Paypal accounts and full dumps of financial PII (see in the image below).
Credit cards for sale on Telegram
ICQ and Telegram are very common among financial fraud actors, and we witness leaked credit cards and credit card information for sale posted on these platforms on a daily basis. The term ‘Fullz’ refers to the dumping of the full information about a credit card (the full card number, CVV number, and expiration date). Here’s an example of an active Telegram channel, on a daily basis, where a threat actor sells credit card information:
Stolen bank details
Some threat actors sell bank logins and bank statements on Telegram and ICQ. Below is an example of two threat actors selling bank details (bank logins and credit cards) on a popular Telegram carding group, which currently has 5,747 members.
Stolen/fake/counterfeit money
Counterfeit and stolen money is an entire field of financial fraud, which can be found in the dark web as well. Here’s an example of counterfeit money being offered for sale on the dark web forum ECHO OR ID.
Crypto scamming
This type of fraud involves tricking people into buying fictitious crypto funds and scamming them.
Below is an example of a crypto wallet address that was attached to two different posts on two different dark web sites. In case #1, the scammer is offering to double your Bitcoins. In case #2, they offer “new Bitcoins” for half the price.
Case #1, paypal pdu, paypalpdu3n7qpcg.onion Case #2, DeepPaste, 4m6omb3gmrmnwzxi.onion
Case #1 | Case #2 | |
Description | A dark web site offers tracing crypto across the dark web, to what seems like a scam. | A dark web site offers Bitcoin for half the price, in exchange for Bitcoin. |
Site/Network | Paypal pdu | DeepPaste |
Title of group/post/thread | How to double your Bitcoins in one day? Pay min $200 today, get $350 tomorrow | Buy Bitcoin Half Price Profit |
Common Wallet ID | 3R1hBCHURkquAjFUv1eH5u2gXqooJkjg4B | 3R1hBCHURkquAjFUv1eH5u2gXqooJkjg4B |
Prepaid Cards
Prepaid cards are attractive to criminals due to their accessibility. There are a number of legal retail stores where criminals can purchase prepaid credit cards in an open loop while remaining anonymous. The next stage is when they launder money in a method that is called “smurfing”, in which offenders load hundreds of prepaid cards, while avoiding identification procedures, but still meeting the KYC threshold. Then they claim to sell the loaded cards but their buyers unknowingly purchase an empty prepaid debit card.
Financial fraud has become an accessible and easy way of making “quick money”, therefore scams and fraud activity have become widespread on the entire web, making it nearly impossible to avoid.
Leading anti-money laundering, identity theft protection and payment card companies track these activities in the dark web to prevent fraud and protect brands, financial assets, accounts and investments from cyber criminals.