Fraud Guides Top List of Most Frequently Sold Type of Data on Major Dark Web Marketplaces

New research from Terbium Labs details the damaging data being sold by three big box marketplaces and the associated digital risks that can impact corporations

Baltimore, Md. – April 16, 2020 – Today, leading Digital Risk Protection company Terbium Labs has released a trend report on the stolen and fraudulent data of three of the largest multi-good dark web marketplaces, which found that guides accounted for nearly half (49%) of the data being sold on the dark web, followed by personal data at 15.6%.

To develop the report, Terbium Labs’ team of researchers surveyed three major dark web marketplaces: “The Canadian HeadQuarters”, “Empire Market” and “White House Market,” sorting all data listings into six categories: personal data, payment cards, financial accounts and credentials, nonfinancial accounts and credentials, fraud guides and fraud tools and templates.

Cybercriminals have transformed the operational structure of these dark web marketplaces over time to mimic the rapid growth of big box retailers, such as Amazon and eBay, complete with search capabilities, ecommerce and seller ratings. These three markets in particular are more likely to stock a higher percentage of damaging data to corporations due to the unique combination of inexpensive personal and financial data as well as straightforward “how-to” type data, allowing cybercriminals to carry out attacks with ease.

According to the findings, fraud guides – listings claiming to sell guides and processes – were the most frequently sold category of data (49%), followed by personal data (15.6%), nonfinancial accounts and credentials (12.2%), financial accounts and credentials (8.2%), fraud tools and templates (8%) and payment cards (7%).

The risks to businesses are exacerbated by the fact that cybercriminals can get value for their money. The average cost of a single fraud guide is The negative impact of fraud guides is often overlooked by organizations, leading to greater digital risks to a business, such as phishing, business email compromise, account takeover, credential harvesting and fraud. The material within fraud guides allows for the most novice cybercriminals to cause damage to individuals and organizations alike, turning commodity data into financial crime.

The second most prevalent type of data found on these marketplaces – personal data – exposes organizations to phishing attacks, business email compromise as well as account takeovers, enabling criminals to target individuals more accurately and impersonate their victims. The average price for a single personal record was $8.45, while the cost of a single personal record can drop as low as $1.00.

“We routinely see stolen data for sale on these markets for surprisingly low prices, considering how expensive the consequences of stolen data can be to an organization,” said Tyler Carbone, Chief Strategy Officer of Terbium Labs. “The missing piece here is the way criminals buy that data and make use of available knowledge and tools to exploit it. It is incredibly important for organizations to detect and respond to stolen data earlier – when it’s at that “raw material” stage – in order to reduce damage and prevent it from ever being used effectively as an instrument for expensive cybercrime.”

To view the full report, please click here.

For more information about Terbium Labs, please visit

Each data category description within the trend report is outlined below.

  • Personal Data: Information, such as names, addresses and social security numbers, but does not include account credentials.
  • Payment Cards: Information from actual debit/credit cards, which can be used to execute fraudulent transactions.
  • Financial Accounts & Credentials: Usernames and passwords for bank/credit card accounts or other online payment platforms (i.e. Stripe, PayPal, Online banking, etc.).
  • Nonfinancial Accounts & Credentials: Credentials for non-financial online accounts (i.e. Netflix, Domino’s, CrunchyRoll, etc.).
  • Fraud Guides: All listings purporting to sell a process – for example, how to open a fraudulent account at a specific financial institution, or how to reset an account password without knowing the answers to security questions.
  • Fraud Tools & Templates: This category includes resources like fake mobile applications or HTML templates that allow criminals to impersonate legitimate sites or applications. Criminals can buy this content rather than needing to build and design phishing sites or content from scratch.




About Terbium Labs

Matchlight, the company’s comprehensive digital risk protection (DRP) platform features continuous digital asset monitoring, robust analytics, and actionable intelligence, to quickly identify and minimize the impact of exposed data across the Internet – whether it’s the open, deep, or dark web. Featuring its patented data- fingerprinting technology that ensures private data stays private, unique fusion of data science and machine learning, and dedicated analysts, Terbium Labs provides pinpoint accuracy for early detection and remediation of data exposure, theft, or misuse across the digital landscape. Learn more about Terbium Labs’ unique approach to DRP by visiting or on Twitter @TerbiumLabs.