The "dark web," the part of the internet only accessible through third-party overlay networks, is notorious for its criminal activity, but its fraud risk makes it a huge liability for the finance department.
"The technology that supports and underpins the dark web allows for increased anonymity, user obfuscation and all the things that are very good for privacy and security, which also means that they’re very good for criminals." Emily Wilson, vice president of research at Terbium Labs, said on the Finance Magazine (FM) Podcast earlier this month.
- A 2016 study from King’s College London found the number of dark web listings that could specifically harm a business enterprise has risen by 20% since 2016. 60% of the listings discovered were found to have the potential to harm major enterprises.
The King’s study also classified the contents of over 2,500 live dark web sites and found that 57% of them contained illicit material that can enable account hacking.
For instance, login credentials to a $50,000 Bank of America account costs $500 on the dark web, $3,000 in counterfeit $20 bills goes for $600, and a lifetime Netflix premium account costs only $6.
But the dark web is also found to amplify fraud risk for finance departments particularly, with many companies’ financial data especially susceptible to breach.
Data like stolen credit and debit cards, including personal and corporate cards, are quick to show up on the dark web, Wilson said. Actual bank accounts, which can be used for laundering money, also appear.
For individuals looking to specifically breach a certain business’ information, Wilson says, the dark web can provide "a step-by-step guide on how to open a fake business account and then commit tax fraud."
Wilson’s number one tip for finance departments to protect themselves is to understand the parameters of the dark web as best possible, or to add people to teams who may help.
"Understanding how the dark web works actually strips away one of the biggest things that criminals have going for them, which is confusion, [and] an aversion to looking something new and different in the face," Wilson said.
She also recommends finance teams make an effort to track their data and understand the ways in which it could be compromised. Don’t just ask whether your information has been exposed, she cautions.
Wilson encourages finance teams to take it a step further, asking: "What information has been exposed, and where has it been exposed? What does it mean for me if that information has been exposed? What combination of variables puts you at an increased risk for business email compromise?"