The dark web and finance: The threat is real

The dark web is home to the fraud economy and criminal communities. It’s the new epicenter of organisational risk and a nightmare for finance departments around the world.

To understand how finance can save itself from the perils of the dark web, you first must understand what it is and how it works.

We spoke to Emily Wilson, vice president of research for Terbium Labs, to find out more about the dark web. She said, “at a fundamental level, the dark web is just another part of the internet. But the technology that supports and underpins the dark web allows for increased anonymity, user obfuscation and all the things that are very good for privacy and security, which also means that they’re very good for criminals.”

Search engines can’t see or index the dark web, which requires an anonymising browser called Tor to be accessed. A King’s College London study classified the contents of more than 2,500 live dark web sites over a five-week period and found that 57% host illicit material.

Things have gotten worse. ‘The number of dark web listings that could harm an enterprise has risen by 20% since 2016. Of all listings (excluding those selling drugs), 60% could potentially harm enterprises’.

A hotbed for bad things — really bad things

Guccione writes, ‘You can buy credit card numbers, all manner of drugs, guns, counterfeit money, stolen subscription credentials, hacked Netflix accounts and software that helps you break into other people’s computers’.

Here are a few examples:

• Login credentials to a $50,000 Bank of America account: $500 on the dark web

• $3,000 in counterfeit $20 bills: $600 on the dark web

• Seven prepaid $2,500 debit cards: $500 on the dark web [express shipping included]

• A lifetime Netflix premium account: $6 on the dark web

How the dark web amplifies fraud risk for finance departments

Wilson says that two types of data could show up on the dark web. The first is financial data — stolen payment cards, credit and debit cards, including personal and corporate cards. The other type is an actual bank account, which are good for laundering money. She goes on to say, ‘If you’re looking for a step-by-step guide on how to open a fake business account and then commit tax fraud, the dark web can help you with that’.

How does finance protect itself?

Wilson adds that the keys to protecting your enterprise’s finances are:

1. Understand the dark web. “Understanding how the dark web works actually strips away one of the biggest things that criminals have going for them, which is confusion, which is an aversion to looking something new and different in the face.”

2. Be able to track the data, and understand what it means in context. ‘Has my information been exposed?’ to ‘What information has been exposed, and where has it been exposed? What does it mean for me if that information has been exposed? What combination of variables puts you at an increased risk for business email compromise?’

This post is adapted from an article/podcast in FM magazine. To learn more about the dark web, what it is and what you can do to protect your organisation from data breaches, listen to part one and part two of our FM dark web podcast.