Web accounts

Dark web market price index

Our personal information has real value on the dark web, as it can be used fraudulently in various ways to make a profit at your expense. Some of the most common scams are listed below, organized by type of account hacked.

Communication

Hacked Skype accounts have already been used to spam people with phishing links that mimic LinkedIn and Baidu messages.[3]

Another common scam involves exploiting mobile carriers to bypass two-factor authentication and gain access to bank accounts.[4]

Delivery

Fraudsters have been caught setting up complex schemes involving stolen PayPal and eBay accounts that they use to buy expensive electronics.[5] A hacked DHL account could be the missing piece of the puzzle that allows them to get their hands on the goods, which would usually be resold.

Entertainment

Logins for everyday services like Netflix and Spotify primarily provide a pathway for potential identity theft, as it’s very common for people to reuse their passwords.

By obtaining a set of valid credentials, hackers use software to automate verification of this login against thousands of other online services. This is called “credential stuffing”. The results will either be used for identity theft or sold on the dark web for profit.

An added benefit is that opportunistic criminals can also stream TV shows, movies, and music for free, at least until the real owner notices that their account has been compromised.[6]

pirate Spotify accounts can also be used in click fraud. A Bulgarian scammer notoriously played the Spotify royalty scheme in 2017 to pocket $1 million,[7] however, there is evidence that similar systems continue to operate using compromised Spotify accounts.[8]

Food

These services have an added attraction for hackers: in addition to the opportunities for identity theft and scanning of stored credit card details, they can also take advantage of costly blasts, often with high-end alcohol that drives up the bill, at someone else’s expense.[9]

Health

Accounts for services like Fitbit are a potential treasure trove of intimate personal information and health data downloaded from users’ wearable devices.[10] Compromised account owners even become vulnerable to burglary or home invasion once criminals gain access to live and historical GPS location data.

Identity documents

Authentic physical identity documents, such as passports and driver’s licenses, are extremely valuable for identity theft. Typically, this means fraudulently opening lucrative lines of credit in the passport holder’s name, which are then quickly exhausted, leaving the unwitting victim with a huge debt.

Stolen documents of this nature – intercepted in the mail, for example, or stolen and sold to criminals by corrupt officials – fetch very high prices.

Passport scans only sell for a fraction of the price due to their digital nature and greater risk of not being accepted.

Shopping online

Accounts from brands like Amazon and Bestbuy are popular with scammers due to the prevalence of multiple stored payment methods, typically credit and debit cards. Not only can they buy a huge range of big ticket items to resell, but also high value gift cards to redeem on their own accounts.

The scale and impersonal nature of Amazon and big box store operations also make them attractive to scams.

Hacked eBay accounts are also particularly attractive because they not only allow criminals to trick buyers into sending them money for fake listings, but also to buy expensive goods with the account owner’s funds to intercept and resell them.[11]

Fraudsters also purchase eBay accounts in the hope of gaining access to associated PayPal accounts.

Personal finance

Stolen credit and debit card data, as well as online bank and payment account details, have long been the most popular items for sale on dark web markets. The allure of high account balances to cash in and access to new lines of credit naturally allow these items to always command the highest prices.

A concerning new trend is bundling hacked debit card data for high balance accounts with SIM cards and cryptocurrency accounts. These all-in-one fraud packages allow scammers to hack the account by SIM card [12] and drain funds into the intermediate crypto account, where stolen money is easily laundered.

Paypal has long been a favorite of scammers. High balance accounts can be hijacked directly, but since PayPal accounts are also often connected to multiple cards and bank accounts, thieves can gain access to much larger funds as well.[13] This feature also means that PayPal accounts are also commonly used as “go-between” accounts to facilitate all sorts of online scams.

Fraudsters with a hacked PayPal account can also try to double their money by using the account funds to run various well-established chargeback scams on merchants that accept PayPal.

social media

Hacked Facebook accounts offer three avenues of profit for cybercriminals. First, they are an incredibly rich source of personal information that can be used to facilitate identity theft, helping criminals answer security questions for example.

Compromised accounts can also provide access to stored payment information used for transactions on Facebook games and marketplaces.

Finally, as with most online accounts, fraudsters are banking on the fact that many people still reuse passwords across multiple accounts, especially ones they use often like Facebook.

Travel

Compromised Airbnb accounts can be used to create reservations for homes that criminals then rob,[14] while hacked hosts on the same app can be used for phishing.[15]

There have also been reports of hackers altering hosts’ payment details in order to steal their earnings.[16]

There have been numerous reports of scammers using hacked Uber accounts for expensive trips, set up as far away as Russia and Arizona.[17][18] This brazen scam is made easy with the requirements of storing a credit card or PayPal account in the account.

Access to other travel accounts, such as Booking.com, gives criminals the ability to send fake emails tricking people into making high-value payments related to their travel arrangements, as well as to steal their credit card details.[19]