The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at

The Online Black Market – How It Works – Part 1 – BullGuard


Ever wondered what would happen to your precious data and online credentials if they got stolen? Well, either cybercriminals would use them to their benefit or sell them on the online black market.


Just like the underground economy in the real world, the “under-online” economy in the virtual world rests on illegal activities and exploits holes in online regulations. To what end? Compromise and breach users’ internet security and privacy, to get hold of their credit card details, online credentials and valuable data. Then, sell it and launder the money on the black market.



The online black market overview


The online black market or the cybercrime market is, as its name suggests, a pool of cybercriminals who seek to make lots of dirty money out of deceiving unknowing web users. It’s made up of malicious networks that, although they’re already filled with cybercriminals’ interaction, they sometimes interact between them as well. Now, who drives it exactly? Well, any cyber-pro with malicious intentions, who wants to breach your internet security.


In short, as with any other market, the online black market includes activities like: production (of malware), “logistics” – delivering malware to web users and catching their online data –, sales (of users’ data to other cybercriminals), marketing and promotion of cyber-products obtained illegally.



Cybercriminal professions


So what are the most common professions held by cybercriminals that contribute to compromising your internet security?


  • programmers – who develop malware;
  • web designers – who create malicious sites;
  • tech experts – who maintain the criminal infrastructure (servers, databases etc.);
  • hackers – who exploit system vulnerabilities and break into computer networks;
  • fraudsters – the classic con artists who devise social engineering schemes (phishing, spam etc.);
  • intermediaries – this category is actually broader, but in general, these are crooks who collect data stolen from users, advertise it to other cybercrooks, sell or exchange it for money or other illegal actions.



Cybercrime commodities


What do cybercrooks exchange on the black market?


The most common commodities internet security breachers deal in are: credit card numbers; access to hacked servers; e-mail address lists; online credentials to social media, bank and payment service accounts; counterfeit currency; physical credit cards; credit card “clones”; design of malicious websites or fake online stores; cashing checks. Some cybercrooks can place requests for renting bots or other complex infrastructure that help them in their internet security scams.


The mechanism of the online black market


Now, how does this market work?



Phase 1. Malware creation to breach users’ internet security


Behind every Trojan, virus, worm, bot and other malware there’s business. Heads of criminal networks contact programmers to develop malware, hackers to break into networks or other scammers and fraudsters to devise spam and phishing attacks. The victims are usually Windows users and web users tricked while browsing for specific information, banking, socializing.


If you fall for one of their internet security scams, your data may get stored onto servers that hackers can access. They can use it to enter your accounts and steal money and your identity, or trade it on the online black market.



Phase 2. Promotions of illegal online commodities


Just like legal commodity markets, the online black market is very competitive. And in order to be profitable, cybercriminals have to promote their “goods” to fellow-criminals. They come up with promotions, demos, service guarantees, even discounts for large “purchases” all advertised on underground forums and sometimes on social media.



Phase 3. The sales process


A cybercrook gets interested in another cybercrook’s offer. How does the sales process work?


  • Contact the client/vendor via private chat or e-mail using generic addresses and negotiate
  • Use existing underground online stores to distribute the products
  • Establish the method of payment, which is always one that everybody uses, like Western Union
  • Ask for customer support if the product is not working – e.g. if a credit card number is not valid, they will change it for one that is.



Phase 4. Money laundering


This phase applies to cybercrooks who steal money from users’ bank accounts via bank transfers. As you can imagine this is dirty money that needs to be laundered in order to be used on legal markets. This is where other victims enter the process: money mules attracted by cybercrooks through false job offers. They are promised high commissions just for receiving the stolen money in their bank accounts and then send it to foreign accounts – cybercrooks’ accounts. These victims not only get their internet security compromised, but also their physical security.



Want to avoid having your data taken to the online black market? Here are some tips:


  • Stay well informed about internet security scams and apply common sense when you surf the web, bank, shop or socialize online.
  • If you receive unsolicited e-mails or SMSs from your bank, credit card company, phone, internet or any other service provider, asking you for your credentials, don’t answer them or contact their support team by phone – otherwise you might become the victim of an internet security fraud.
  • If you receive a job offer that seems too good to be true, then it probably is.  If you’re asked to use your own account for transactions, as part of a job description, turn it down – it’s a money mule scam.
  • Get an effective Antiphishing tool on your computer. BullGuard Internet Security 12 comes with such a feature.
  • Make sure the websites that ask for your credentials (passwords, credit card details, usernames) are secured; look at their urls – they must start with https and not http.
  • After completing an online transaction, delete the history and cookies from your browser. This way, cybercrooks that exploit browser vulnerabilities can’t get hold of the login data stored in cookies. Also use a Vulnerability Scanner, like the one in BullGuard Internet Security 12 to detect out-dated software on your PC and update it.
  • Install comprehensive internet security software to protect you from all types of malware that can infect your computer, steal your data stored on it, or even make your system crash. BullGuard’s internet security program comes with award-winning antivirus protection, as well as other features that optimize your PC to run at its full speed, like PC Tune Up.

Was this article helpful?