You don’t have to dig too far into the dark web before you find something that is both appalling and fascinating in equal measure.

And this is precisely what some researchers have unearthed; a thriving market offering access to business email addresses to crooks who then attempt to carry out fraud.
  • For as little as $150, dark web sellers are offering to hack into whichever corporate email account a fraudster wants to gain access to. 
  • Many promise access within a week. 
  • In some instances, the sellers say they'll only take the payment after they've proved the target has been compromised.

Researchers examined dark web forums and found a large amount of these services on offer:
  • Some users are asking for specific accounts to be hacked. 
  • Others are offering their account-hacking services in exchange for a fee.

One attacker offered a 20 percent commission if the hacker could break into some specified email addresses.
It’s clear that some fraudsters are keener on targeting particular organisations rather than snapping up batches of random emails and passwords. Many of the email addresses are targeting belong to accounts departments of large organisations.

The aim of the fraudsters is to carry our phishing and social engineering attacks in an effort to trick corporate accounts departments into transferring them a large sum of money.

Some fraudsters s were offering $5,000 up front for access to hacked company email addresses, with accounts departments in high demand.

It might seem a lot to pay for some email addresses, but for those with the knowledge of how to exploit them, there's a lot of money to be made.

As part of this con, fraudsters could use business bank account numbers and routing numbers to get an accounts department to transfer funds, as an alternative to wire payments.

BullGuard discovers business accounts and routing numbers for sale

Interestingly, the BullGuard blog was able to find hacked business accounts and routing numbers for sale for $25.
  • This enables fraudsters to transfer and access stolen funds via ACH payments. 
  • The ACH network allows an initiator to make a direct deposit or direct payment transaction within one day for debit payments and two days for credit payments so the fraudsters could make off with their ill-gotten gains quickly. 
  • A wire is a real-time method of transferring immediate funds and supporting information between two financial institutions and is relatively expensive to use. An ACH is similar to a wire transfer only it uses batch- processing to send and receive payments.

Alongside these stolen account and routing numbers was the usual plethora of credit cards for sale, fake watches and fake gold, drugs, UK passports for a £1,000 and PayPal accounts, one of which had $3,000 in it and was being offered for a mere $15.

It all goes on in the dark web which is why we should never become complacent about our cyber security.
One of the best ways to ensure stolen data doesn’t end up on the dark web for sale is BullGuard Premium Protection. This comprehensive security suite includes 24/7 identity protection. It scans the web for all the information you want to protect and should any of your information ends up in dark web hacker forum or underground shop you receive and immediate alert so you can take remedial steps.

We’re not suggesting that you’re remiss with your data but organisations that hold our information, such as email addresses and payment card numbers are always falling victim to major hacks.

You can find out more about BullGuard Premium Protection here.