How financial crimes are hidden in the dark web

The internet can sometimes be a murky place. It is a vast, decentralised network that has revolutionised the way we live in both positive and negative ways. Many people will be familiar with cyber-crime and the risk of having credit card information or your identity stolen, but are perhaps not as familiar with the darker recesses of the internet. There are places that exist beneath the surface of the ordinary web which are inaccessible to the majority.

These places are collectively known as the dark web and are where criminals can anonymously exchange goods and information outside the reach of police and security services. The dark web has inspired thousands of headlines on drugs and explicit images, but the truth is maybe a little different. Ignoring the hype, we take a look at exactly what the dark web is and the risks it creates.

What are the dark web and deep web?

Firstly, it is important to understand the different layers of the web – the surface web, the deep web, and the dark web. The surface web is any content that can be catalogued by search engines. These include the types of website we all use every day, which search engines like Google ‘index’ by following hyperlinks and tracking keywords.

Content in the deep web is not necessarily completely hidden or anonymous, but it cannot be indexed in the same way as the surface web. This includes content that is behind firewalls, paywalls and other types of protection, or things like a website’s internal search results.

The dark web is a section of the deep web that is deliberately hidden and cannot be accessed with regular web browsers. The dark web came about as a result of the US government developing software known as Tor in the mid-nineties. It was a way of allowing intelligence to be shared around the world without fear of interception. It works by encrypting a user’s location and the information they send and receive, ensuring privacy and anonymity. Inevitably a community of users grew that exploited this security for illicit means – giving rise to ‘the dark web.’

What size is the dark web, and how do fraudsters use it?

The size and nature of the dark web may be overhyped or misunderstood. It may be the case that people confuse the deep web with the dark web (which is a smaller subsection of the deep web), or that the salacious headlines about places like Silk Road create the idea of a digital Wild West.

You might not think it, but the size of the deep web dwarfs the sites we can access day to day on the ‘normal’ internet. The internet contains at least 4.5 billion websites that have been indexed by search engines; the deep web is 400-500 larger than the internet we use every day.

The dark web is much smaller. It’s estimated that the amount of live sites makes up less than 0.005% of about 200 million surface domains. Researchers crawled 260,000 dark web pages to work out how many pages were working; of 55,828 domains, only 8,400 were live sites.

When it comes to selling personal data, email addresses, passwords and usernames are in the most demand. The dark web is an important tool for criminals looking to compromise or abuse personal financial details, such as credit card numbers or bank log-in details, to be able to engage in credit card fraud.

The types of data available to buy on the dark web often come in packages. Some may contain basic pieces of data like a credit card number, name and CVV2 code, while others can have a ‘dump’ of the data that is stored on the magnetic strip of a card, allowing it to be cloned.

Certain websites will even offer a package containing the full financial information of a victim – allowing the criminal to open false bank accounts where they can transfer and store their illegal gains. Such details can often change hands for as little as £5 - £10 per card and it is often more profitable to sell financial information than to use it for fraud.

How do thieves steal financial information from the dark web?

Financial details can be obtained in several different ways, common methods include ‘phishing’, ‘skimming’, malware or data leaks. Phishing will usually involve a fake email or website that entices a user into entering their credit card details in good faith. Skimming is the use of a device mounted to a card reader – either in a store or at a cashpoint that stores the card’s information when swiped.

Malware is software that is secretly installed on your computer when you visit an unsafe website or download an infected file – it will search for data stored on your computer and track when you enter information into forms.

Data leaks are when a website or company that stores a large number of card details gets hacked.

How to protect your information from being sold on the dark web

There are simple steps you can take to lower the risk of being a victim of financial fraud which mainly involve being vigilant when sharing any personal details online. It is also a good idea to check your bank’s policy when it comes to requesting personal data – most will never ask for a password or pin over the phone for example – so that you can spot unusual requests more easily.

Learn more about online identity protection in our articles on avoiding scams and best practices for avoiding identity theft.

If you are worried about the security of your personal data, your Equifax Credit Report & Score – free for the first 30 days then £14.95 monthly – comes with WebDetect, which alerts you if it discovers your financial details have been shared on websites used by fraudsters, helping you to respond quickly to potential threats. You also get unlimited access to your credit report online and alerts of any significant changes to your report.