How Cybercriminals Sell Fake Data and Fall for It Too

Even scammers are now the target of online fraud. Fake data leaks are being sold in hacker forums, posed as authentic databases for billions of dollars.

Fraudsters have been selling fake data leaks to trick users into buying them.

Dark Web: World's Largest Data Marketplace

Genuine data leaks like BigBasket, Mobikwik, and Domino's where data of billions of customers, including sensitive personal and financial information were made public, has offered fodder for fraudsters to manipulate data and earn revenue from it.

Prashanth Guruswamy, Co-founder, InstaSafe, a cyber security firm told The Quint that since data is the new 'oil', malicious actors are selling off such data in bulk, and cryptocurrency is being used as the method of payment in most cases owing to the ease and untraceability of crypto transactions.

One of the biggest marketplaces in this regard is the dark web, which in recent times has become a hotbed for leak-based transactions.

Sourajeet Majumder, a cyber expert, points out that hackers usually post samples of the data they have managed to exploit, and for both the sample set, as well as the complete data, payment is done through Bitcoins.

Interestingly, a recent discussion thread on the dark web pointed out that most of the leaks that were being reported were actually either fake, or simply bad samples, meaning that the data in question wasn’t relevant or useful, or simply information that could be gleaned as basic data from any website.

Rise of Fake Data Breaches

• Clubhouse: The latest alleged data breach which claimed that a database of 3.8 billion phone numbers, owned by Clubhouse users, was sold on the dark web. Cyber security researcher Rajshekhar Rajaharia clarified that fake numbers were generated using bots and the alleged data breach was fake.

• CoWin: The Centre refuted reports of CoWin platform hack that led to an alleged leak of the personal details of millions of citizens who have registered on the platform for COVID-19 vaccination, saying that the claims “prima facie appear to be fake.”

• LinkedIn: Looking at the sample data shared by the threat actor, it is very prominent that the data set only includes data which is publicly available on LinkedIn profile.

  "Calling the set of LinkedIn data that has been posted for sale as a data breach explicitly, is not ideal and spreads disinformation and adds to user's anxiety," said Majumder, cyber security researcher.

• Koo: A threat actor on dark web forum released a data set and claimed that the data includes personal information of more than 1 million users of the microblogging platform. Majumder told The Quint that the data set was just a collection of random numbers and termed it as 'fake'.

Majumder told The Quint that fake data breaches have increased amid the pandemic.

Who is Buying And Why?

Leaked data attracts various types of buyers. Mostly such data is bought by cyber criminal groups who can use it for malicious practices and at times such data also interests telemarketing companies and campaign organisers for advertising purposes.

Guruswamy said that hackers themselves are some of the biggest buyers of such leaked data. "We have had proven instances, wherein hackers have used a combination of personal information with leaked digital loans and social security data to take massive loans in the victim’s name. Collation of leaked information can result in a literal treasure trove of data that can not only be used by malicious actors, but also by state actors and foreign governments," he added.

Who is Selling And Why?

These fraudsters are generally frequent users of dark web and members of illegal online marketplaces who are quite tech savvy.

There can be multiple reasons for why they sell fake data. Some of which Majumder points out are:

• To dupe buyers out their money or resources.

• As a publicity stunt to gain reputation points on the forum/marketplace.

• To malign the image of an organisation.

Ways to Generate Fake Data

Fraudsters have discovered several ways to generate fake data in order to fool people. In some cases, they scrape publicly available data from online sources and try to sell it as breached data.

Sometimes fraudsters also try to sell part of any previously breached data from some other organisations, claiming it as a fresh data breach from their target organisation.

In other cases, the fake datasets are created using bots which is no way are related to the target organisation.

Identifying The Authenticity of Data Leak

Often, hackers’ forums are the first to deduce the authenticity of claims regarding data leaks, basis analysis of the samples that are put up in marketplaces. But, it is tough to actually analyse the actual source of data leaks if they are collated from multiple sources.