Voice of the Industry

A lighter shade of dark – the growing trend of Dark Web activities and services seeping to the surface web

Tuesday 15 June 2021 09:58 CET | Editor: Raluca Constantinescu | Voice of the industry

Shawn Colpitts, Senior Fraud Investigator at Just Eat Takeaway.com, elaborates on the move fraudsters have made from the Dark Web to more public social media platforms and its implications

The Dark Web is a worldwide buzzword that is synonymous with the Internet of bad things. Although that is not its main purpose, the fact remains that it is used by fraudulent networks to house many of their crooked communities and efforts. Over the course of the COVID-19 pandemic, many fraud hubs were humbled, including the largest online black boutique of the time, DarkMarket. The hunt was on, and the unknown was becoming more and more known. Things had become extra complicated for fraudsters. Now, there is more and more of this awful activity showing up within the standard Internet that everyone knows and loves. What better way to hide and grow one’s evil efforts than in plain sight, amidst the light that the surface has to offer? 

The vast virgin volume of new Internet activities and the incredible influx of genuine users have made this seeping to the surface more of a tidal wave than a trickle. Tricks of prior torts and treacheries work well within this modern World Wide Web where we now live. Our customer commitments help keep these criminals comfortable outside of their cave. Hiding is easy amidst the masses because friction is so feared. We desire that everything for everyone is effortless. That extraordinary ease which we convey to our customers is also granted to the grifters. 

YouTube 

Streaming has become a hugely popular pastime throughout the planet’s population, if not the most popular. People are watching videos of all kinds. Free time, boredom, curiosity, and financial need have all led many idle hands to surf their way over to sites like YouTube to learn the ways of the fraudster. Criminal curriculums that grew to be so hard to find pre-pandemic can now be easily obtained on popular platforms with videos and step-by-step guides. Although the occurrence of this is nothing new nor unknown to fraud fighters, the frequency of their viewing and the potential use of their taught techniques have rapidly risen in rate. If you have seven minutes, you, too, can learn how to card and con. 

Storefronts 

If you don’t want to learn how to do so yourself, you can always pay someone who already has – and they can do the deeds for you. Online ecommerce platforms are everywhere and may be used by anyone to sell anything. No longer does the world simply rely on eBay for personal sales listings. You can easily set up a shop on sites like Shopify with all that you need to conduct a sales business in just several simple steps… and if you can do it, so can fraudsters, and they do. You can find fraudulent storefronts offering cards, gift cards, budgeted items/services, drugs, account lists, and more – all on the surface web. 

An interactive example 

Here is a fun way to test this out for yourselves. 

  1. Find an online shop’s URL from one of these Shopify-like services, such as the previously discovered and reported examples below: 
    • https://sellix.io/sauce 

    • https://shoppy.gg/@sauce 

  2. At the end, instead of the word ‘sauce’ (a fraudster term), place a different word, name, or phrase of your choosing. You can try ‘carding’, ‘accounts’, ‘blackmarket’, ‘card’, ‘list’... The possibilities and combinations are endless. Get creative. Did you discover anything interesting? I bet that you did. 

To be perfectly honest, not all of these stores will legitimately sell these illegitimate services and items. Some will be set up to rip off potential no-gooders by collecting their payment and not providing what was procured. Others will use the format to gather personal details for identity theft and account takeovers. Finally, some, albeit very few, are honeypots that have been set up by agencies to lure lurid buyers into traps and be caught. Without going through the purchasing process, it is virtually impossible to tell which is which. 

Falling back to the pandemic, the world now watches everything through the windows of their homes and their devices. Tight restrictions and fears have left many to remain indoors, separated from a live society. To supplement and surrogate societal isolation and feel a little more connected and normal, social media and message boards have become abundant with activity from all over. Within these channels of communication and community, fraudsters have found a safer playground than was previously possible. Again, the ease of creation and volume of interactions make hiding in plain sight a fearless option.

Social media 

Facebook has private groups reselling stolen goods and all of the same things previously mentioned. WeChat is a known hub for many fraudulent dealings to take place. Reddit is full of guides and discussion groups. Then, there is Telegram, the baby of the group. 

Telegram, although more youthful, has jumped pace to become one of the most legitimately used (outside of WeChat) social media platforms. Just like searching the online stores as I had described before, searching Telegram groups works in somewhat the same way. Take a fraud word or term, type it in, and voila! You will see a wide array of violators offering everything from discounts to drugs. I even discovered guns being sold through it, and they were not water guns nor were they little. Fraudsters on Telegram have even gone as far as advertising specific services to groups, such as discounted food delivery using stolen credit cards, during major sporting events. 

Youth 

The youth of today are more active online than ever before. In speaking with other parents, I hear tales of their children being much like my own. They would rather play video games than any other type of game. More than that, they would rather watch other people play video games than play them themselves. Rather than getting involved and active within the true world, they sit and watch others do so via their many online sharing sessions. They have come to believe that what they are watching in these videos is real life, and they yearn to be YouTubers and social media influencers. 

Children watch Tik Tok and chat within Discord, two platforms known for their youthful users. Don’t think for one moment that these platforms are safe from fraud. I am not talking about general social media scams, but straight up fraud and their offerings. 

You will notice a pattern within this paper that holds true across platforms, and it continues to do so when speaking of Tik Tok and Discord. The patterns are keywords. Within both, just like the balance of these insights, put a term you would like to search into the URL format that pulls up their pages. I did not know the term ‘sauce’ before finding it on Tik Tok, and it has yielded many frauds across all of these medias using this method.

In summary 

Reporting what has been discovered within the World Wide Web is obviously not enough to prevent fraud. It must be everyone’s responsibility to do something about it with every service that they provide. We have become a society of instant gratification, and we demand everything to be expedited right to us. The cry for supply has led many to leave their doors wide open to fraud of all kinds to keep the commercial masses happy. As I say, the less friction there is for customers, the more traction there is for fraud.

The world, everywhere, has changed, and the dark has made its way to the light. Let’s be smart about all of this and do more as a whole – it should be our basic responsibility. Be aware, be observant, be careful.

About Shawn Colpitts 

Shawn is the Senior Fraud Investigator for the Global Fraud Operations Team at Just Eat Takeaway.com. With over a decade of experience in roles that utilise data and behavioural analysis, he has become very active within the fraud-fighting community with his valuable insights, ideas, and active participation. 

 


About Just Eat Takeaway.com 

Just Eat Takeaway.com is a leading global online food delivery company, connecting tens of millions of consumers with over 250,000 local restaurants through our websites and apps. We offer an online marketplace where supply and demand for food delivery and ordering meet in 23 countries.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: dark web, COVID-19, online fraud, ecommerce platform, ecommerce
Categories: Payments & Commerce | Digital Identity, Security & Online Fraud
Countries: World
This article is part of category

Payments & Commerce