Data Breach Threats

Social Engineering on the Dark Web: A Hacker’s Toolkit

Social Engineering on the Dark Web: A Hacker’s Toolkit

Social engineering attacks pose a serious threat to organizations worldwide as they involve cybercriminals using psychological manipulation techniques to exploit human weaknesses to obtain sensitive information. Threat actors also use social engineering as the vector for executing malicious attacks. In fact, the global average cost for a data breach arising from social engineering techniques is more than $4.55 million per a recent IBM Security report

With these serious consequences in mind, we used Lunar, our dark web monitoring and data breach detection tool, to search for trending discussions around social engineering tools and techniques. This article highlights the results of that search and threat actor tactics companies should focus on when updating their security strategies.

The rising trend of phishing discussions on the dark web showcased by using the enriched "phishing" category on Lunar.
The rising trend of phishing discussions on the dark web showcased by using the enriched “phishing” category on Lunar

Social engineering tactics recently discussed on the dark web

Cybercriminals talk about many different tactics for employing social engineering attacks. With Lunar, we discovered the most discussed social engineering tactics on the dark web at this time:

Phishing

Phishing remains one of the most used social engineering tactics. Cybercriminals leverage various forms of communication — e.g., email, website, SMS, social media — to trick individuals into divulging sensitive information, such as login credentials or financial details. These communications typically include one or more malicious links where victims download infected files or enter sensitive information into a fake form. As the cyber world evolves, so do phishing methods, sprouting new tactics such as vishing, smishing, and crypto phishing.

Pretexting

A social engineering technique that often involves impersonation and fabricating realistic scenarios or pretexts to manipulate individuals into divulging sensitive information. For example, a threat actor might impersonate a member of law enforcement or a tax official, telling the victim if they don’t pay back due taxes immediately, they will go to jail. The criminal would scare the victim into divulging account numbers and financial details.

Business email compromise

Business email compromise (BEC) is a targeted form of social engineering that relies heavily on pretexting. A threat actor creates a scenario involving a high-level executive or a company representative who has authority over the targeted victim. The criminal might ask the target via email to transfer funds to a fraudulent account, pay a fake invoice, or reveal sensitive information. The fraudster spoofs the email or hacks the executive’s account to make the email look genuine.

Screenshot of an email sent by a threat actor to an employee of an organization pretending to be the CEO and asking for personal information
Screenshot of an email sent by a threat actor to an employee of an organization pretending to be the CEO and asking for personal information

Baiting

Baiting is a deceptive social engineering tactic where an attacker entices individuals with false promises to lure them into giving up sensitive information or infecting their system with malware. Baiting scams often include free downloads, like games, music, or movies. Some threat actors might entice the victim with offers for free phone upgrades or deceptive online ads. If successful, the threat actor can sell the stolen information on dark web marketplaces.

How hackers use the dark web to launch social engineering attacks

Hackers utilize designated sections within hacking forums on the dark web that focus on social engineering. They use information from these forums to mastermind social engineering attacks. These forums act as hubs for cybercriminals to exchange tactics and refine strategies, enhancing their ability to manipulate individuals. Some of the ways bad actors use the dark web for social engineering attacks include:

Phishing kits

A phishing kit contains tools that allow bad actors to quickly create a large amount of fake web pages or emails that look authentic. Many cybercriminals sell ready-to-use phishing kits on dark web forums. These kits typically include code and scripts, email templates, and fake login pages. 

Multiple actors selling phishing kits with components to imitate different websites, found on Lunar
Multiple actors selling phishing kits with components to imitate different websites, found on Lunar

Purchasing specialized services

Less experienced cybercriminals turn to specialized services sold on dark web forums and marketplaces to help them conduct their attacks. These services range from developing malware and hacking tools to crafting persuasive phishing and pretexting campaigns.

Listings of Social Engineering services being sold on the dark web marketplace Nemesis
Listings of social engineering services being sold on the dark web marketplace Nemesis

Recruiting accomplices

Hacking communities on the dark web serve as a hub for threat actors to connect. Individuals with malicious intent can seek assistance from members of encrypted forums and underground communities, recruiting accomplices for their social engineering attacks. 

Screenshot of a post from the "Exploit" hacking forum, in which the poster asks for assistance in producing a "Celebrity Cloning" scam
Screenshot of a post from the “Exploit” hacking forum, in which the poster asks for assistance in producing a “celebrity cloning” scam

Why you should track social engineering activities on the dark web

Social engineering attacks are exceptionally dangerous for companies and organizations as they exploit human vulnerabilities, bypassing even the most advanced technical defenses. By regularly monitoring the tactics newly emerging within the shadows of the dark web, organizations can develop effective countermeasures and mitigate potential risks that lead to significant monetary losses. Webz.io’s dark web monitoring tool Lunar helps cyber analysts and security teams stay ahead of the game.

Spread the News

Not subscribed to our Dark Web Pulse updates?

By submitting you agree to Webz.io's Privacy Policy and further marketing communications.

Feed Your Machines the Data They Need

Feed Your Machines the Data They Need

GET STARTED

Don't be the last one to know!

Chances are your compromised data is already traded on the dark web.
Ready to discover them and protect your business?

Subscribe to our newsletter for more news and updates!

Ready to Explore Web Data at Scale?

Speak with a data expert to learn more about Webz.io’s solutions
Create your API account and get instant access to millions of web sources