The dark web is kind of like the last season of Game of Thrones; it’s not all good, but it’s not all bad either. In her session today, Emily Wilson, CFE, VP of Research at Terbium Labs, discussed the dark web fraud economy thriving just below the accessible search engines we visit every day.

According to Wilson, the dark web is not found through a Google search and it requires special technology called TOR for access. The technology is used to encrypt a user’s IP address and browsing history to give you an anonymous presence while you search. The dark web lives below the clear web and the deep web, and is booming with activity. But, Wilson emphasized that it isn’t a place anti-fraud professionals should fear or see as only a cesspool of crime. She said multiple times, to ensure attendees heard, “The dark web isn’t criminal; it’s just another part of the internet.”

So if it’s not all made up of cybercriminals selling the social security cards of all of my nieces and nephews, then what exactly is on the dark web? It is made up of legal activities like Facebook and The New York Times, as well as communities and discussion forums. The only difference between the content found on the dark web versus the content we access on the clear web is that a user’s viewing and search are protected by the encryption TOR technology. As Wilson said before, it’s important to remember that the dark web is just another part of the internet and the same risks that apply to the clear web apply to the dark web.

And, as anti-fraud professionals, it is vital to understand those risks and how they are illustrated on the dark web fraud economy. Wilson outlined five categories that content on the dark web can be segmented into:

1. Personal information: this includes information like credentials, physical addresses and an extended personal history (also knowns as “doxing”, which is a targeted release of a vast amount of personal information from a highly motivated individual)

2. Financial information: including items like payment cards, gift cards, bank account information, and processor accounts like PayPal, Venmo and Western Union payments

3. Corporate data: this is data like employee personal identifiable information (PII), W2s, tax records, invoicing and intellectual property

4. Guides and tutorials: these are actual manuals on how to commit crime and fraud courses

5. Services and tools: including tools like exploit kits, ATM skimmers and spam/harassment-as-a-service resources

“The dark web fraud economy includes all the raw materials, resources and services a cybercriminal needs,” Wilson said. “Fraudsters value data based on its potential for monetization. They are thinking about three things: 1) Can I make money from it? 2) How much money can I make from it? And 3) Can I use it again?

Wilson closed with an optimistic and proactive idea about what anti-fraud professionals and investigators can do in the future regarding credit card theft. “It’s not magic; it’s methodology,” she said. “Let’s ask a ‘what if’ question about credit card fraud. What if we could somehow flag the cards after they get posted, but before they get sold and used on the dark web? What if when the criminals try to use the stolen information, it is always deactivated?”

Wilson said she is working with other organizations on how this could be implemented and encouraged attendees to think about those “what ifs” and their potential to countering the health of the dark web fraud economy.