The online marketplace where your bank details are on sale for £ 12
Imagine an online world where you are completely anonymous. Every click, website visited and item ordered is hidden and cannot be traced back to you.
Welcome to the “Dark Web”, a paradise for criminals, where crooks can trade drugs and weapons, stolen credit card details and counterfeit goods.
And because activity in this underground Internet cannot be traced, they can operate undetected by the police.
Surfing the Dark Web: Journalist Amelia with Independent Cyber Security Expert Chris Underhill
For years, experts have warned that fraudsters use the Dark Web to buy and sell our personal data, which they can then exploit to defraud victims with their savings.
So I came to Devon to meet Chris Underhill, an independent cybersecurity expert, to see for myself what is going on in this part of the internet.
It may come as a surprise to some, but you don’t need a complicated computer system and endless encrypted passwords to access the Dark Web. We are seated in Mr. Underhill’s very civilized home office in front of his personal computer.
For obvious reasons, I won’t say exactly how we did it – but after just a few seconds, we’re in it. At first glance, nothing seems terribly wrong.
We’re taken to a homepage that besides being purple looks like any other search engine with a space to type in what you’re looking for.
The only clue that we are somewhere suspicious is the slogan: “Explore. In private. You are ready for the world’s most private browsing experience. ‘
The Dark Web was created in the 1990s by the US Navy to keep defense plans confidential, Mr. Underhill explains.
Considered 5% of the total Internet and roughly the same size as the Surface Web, the standard Internet used to access sites like Google and Amazon, it’s not that bad.
Going Cheap: A Dark Web Marketplace offering credit card and Paypal account details for prices starting under US $ 8
“It was not built for malicious purposes,” he says. “Legitimate organizations like Facebook and The New York Times have versions of their sites for the Dark Web for users to avoid censorship and give a voice to those living in suppressed regimes. But, as in any city, there are areas where criminals work.
The problem is, it’s too easy for criminals to get to the wrong parts.
Mr. Underhill shows me the Global Marketplace website, which he compares to the illegal shopping eBay.
The categories are listed on the side and include 12,711 drug lists, 3,787 for fraud and 647 for counterfeit products.
When we click on fraud, we cycle through subcategories such as stolen credit card information (including names, card numbers and addresses) from £ 12 and online banking details. There are also lists called “dumps” and “drops”.
“Dumps” is the word used by fraudsters to refer to raw information stolen from a bank card’s magnetic stripe which is placed on a fake card, Mr. Underhill said. “Drops” is slang for physical addresses used to send illegal or stolen goods.
Users can also buy fake High Street bank website templates for just £ 22. These are often used for “phishing scams”.
This is where customers receive an email or text claiming to be from their bank asking them to log into their account and update their details.
Scammer Supplies: 100 mobile number sets for NatWest customers on sale for £ 33. Seller claims they were collected from bank logs and other sources of stolen information
But the link takes them to a knockoff website, where the crooks then steal their details and money.
A seller has announced several kits, including one listed as ‘Santander UK 2021 last scam page’.
This turned out to be a nearly identical model of Santander’s online banking page, along with some of its customer details, including banking and security information.
The same user also sold pages for Nationwide, HSBC, Halifax, Lloyds and Amazon for £ 36 each.
Sets of 100 mobile numbers for NatWest customers were on sale for $ 45 (£ 33). The seller claimed they came from bank logs and other sources of stolen information.
Scammers who buy these numbers can target customers pretending to be NatWest. The additional customer information then helps the crooks to appear more legitimate.
In a scam, victims are tricked into thinking that their account is at risk and into transferring their money to a “secure account”.
The fraudster then runs away with the money as soon as he lands. These so-called “identity theft scams” involving bogus police and bank staff accounted for 14% of all wire transfer scams last year.
About £ 96.6million has been stolen – a fifth of all money lost to bank scams, according to the UK Finance trading organization.
Just over half was reimbursed by banks under a new code of conduct that promises fairer treatment of victims, but thousands of people were not so lucky.
Money Mail has revealed how some banks neglect victims of fraud by failing to reimburse them, with the worst offenders reimbursing customers in full in just 1% and 3% of cases.
PayPal accounts with balances between £ 725 and £ 1,088 were on sale for £ 5, with one seller offering a ‘buy two, get two free’ offer.
Forged documents: Dark website selling fake UK passports for £ 1,000 and UK bank accounts for £ 700 – which could be used to siphon off stolen funds
Scammers could also get Equifax credit reports with a score over 800 for a cost of £ 22. These can help fraudsters with identity theft, which involves taking out loans and credit cards on behalf of the victims.
Mr Underhill said: “The people who sell stolen information on sites like these are probably not large-scale hackers.
“These criminals would trade in private as quickly as possible. Those we see here are more likely to be a disgruntled worker at a bank or small credit reference agency.
There were also websites purporting to sell access to computers owned by businesses and individuals.
If someone could log into your laptop or tablet, they could install software that tracks everything you type, including account passwords and online banking information. Or they could lock down the system, demanding a ransom.
The services of “Black Hat hackers”, offering to access online accounts with malicious intent, were also available.
Another site called “Stock Insiders” welcomed users to the “dark side of Wall Street” and offered up to £ 18,029 for advice on secret company acquisitions to take advantage of low stock prices.
Others have sold counterfeit money, fake passports for £ 1,000 and UK bank accounts for £ 700, which could siphon stolen funds.
Most of the scammers advertising on the Dark Web request payments in cryptocurrency such as Bitcoin because it makes it more difficult to track, with prices listed in US dollars.
After a few hours, my head is spinning. It seems unfathomable that this information is so readily available.
The only thing that seemed to slow down the crooks was the speed of the internet. I’m told these sites run 50% slower than regular websites due to the encryption needed to hide the user’s location.
Government agencies are working to crack down on criminal activity on the Dark Web, but this is difficult because users are anonymous and difficult to trace.
“It’s like a mole. Once you delete one site, another one appears, ”adds Underhill.
Banks are believed to have teams of experts scouring the Dark Web for suspicious activity.
HSBC and Nationwide say they work with specialist third parties to prevent fraud, while NatWest has a range of security measures to protect customers.
Santander adds that he uses a variety of tools to monitor the Dark Web for anything criminals might be using to target customers.
Lloyds says it proactively identifies and removes information sold on the Dark Web.
And PayPal says its dedicated security teams are closely monitoring and taking action to prevent malicious activity from occurring.
But for all of their security measures, tougher action is clearly needed. Fraudsters cannot be allowed to exchange our data with such impunity.
Some links in this article may be affiliate links. If you click on it, we may earn a small commission. This helps us fund This Is Money and keep it free to use. We do not write articles to promote products. We do not allow any commercial relationship to affect our editorial independence.