One very common item for sale is guides on how to “cash in”/”cash out”.
Security researchers have reported on the prevalence and value of stolen identities and other illegal services on underground marketplaces.
Some of the most common items on the darknet are credit card data, experts said. They are usually specified in the format CC|MM|YY|CVV|HOLDER_NAME|ZIP|CITY|ADDRESS|EMAIL|PHONE. The first 4 sections are information about the card itself, and the rest are information about the account holder.
Sellers usually offer an 80% guarantee that the cards will work or have the funds claimed. The cost of such data can range from $20 to $75, depending on the card and the balance claimed.
PayPal account data has proven to be the most common on the darknet and costs about $200 per account with a minimum balance of $100. Criminals also offer money transfer services from hacked accounts. Some clearnet shops also sale hacked Paypal.
Another very common item for sale are manuals on how to “cash out” money – getting money in a way that doesn’t raise suspicion with authorities. Such manuals sell for as little as a few cents.
The fake documents come with a number of safeguards and are available with whatever details the buyer chooses. With just a few real details about someone, a criminal can create an entire set of official documents to be used for all kinds of fraudulent activities. The cost of counterfeit documents can range from $70 for a U.S. driver’s license to $1,500 for a U.S., Canadian or European passport.
Counterfeit banknotes have also proven to be extremely common. Mostly clandestine marketplaces sell dollars, euros, pounds, Canadian and Australian dollars, and sometimes the seller provides a UV-test guarantee. “Quality” fakes are usually worth about 30% of the bill’s value.
Offers to hack accounts or sell access to them are relatively rare. This may be due to a lack of demand for the product combined with increased security measures. Cybercriminals trying to steal social network user credentials mostly have to resort to social engineering techniques, which require very high effort with relatively low success rates.
Deploying malware onto a victim’s device can cost from $80 to $8000 per 1,000 installations. As for performing DDoS-attacks, their cost varies from $15 to over $800 depending on the duration of the attack (1 hour, 24 hours, 1 week or 1 month).