How Much Do Stolen Financial Data Cost on the Darknet Black Market?

By Ava McKinneyOnline Safety

How Much Do Stolen Financial Data Cost on the Darknet Black Market?

As cases of personal data theft on the internet continue to rise, especially during the pandemic, the portal Darknet.Global decided to conduct its own research to shed light on the shadowy world of cybercriminals and try to understand how it operates. The cybercrime market is developing at a pace that rivals, if not surpasses, that of e-commerce. Carding forums, most of which are hidden in the darknet, have become the most common platforms for buying and selling illegal goods and services.

What Did the Research Reveal?

The first impression from the study is a high likelihood of scams and thousands of people searching for free “tutorials” on hacking and stealing personal data. Unfortunately, this is the conclusion reached after analyzing carding forums on illegal sites specializing in credit card information theft.

  • The vast majority of users neither buy nor sell anything, although they are active on carding forums.
  • Almost all forum visitors want free samples of certified goods, malware source codes, and hacking guides.

Actual buyers and sellers of stolen information make up only a small portion of carding site visitors in the darknet. There are far fewer real scammers than those who wish to make money using free but criminal tools.

However, the volume of stolen financial information sold is enough to keep this market active. The data bought and sold on these forums (financial and personal) allow for unauthorized online purchases, opening bank accounts in someone else’s name, or even creating a clone of a victim’s credit card for use in physical stores.

Even here, buyers are sometimes scammed. For example, they may be offered information or a cloned credit card, only to be warned later that it cannot be used.

The Black Market for Stolen Financial Information Is Growing

The FBI recently reported a nearly 75% increase in cybercrime after most developed countries imposed restrictions requiring people and businesses to self-isolate. According to Darknet.Global, black markets for stolen financial information operate in several categories:

  • Internet relay chats – mainly simple text message exchanges
  • Carding shops – buying goods with stolen credit or debit cards
  • Darknet marketplaces
  • Carding forums

Carding forums are by far the most popular. They are easier to access than other platforms where stolen information is bought and sold. Unlike darknet markets, these forums are often on the regular internet (clearnet), while accessing the darknet requires special protocols (like using the Tor browser).

Carding forums feature specialized threads for selling credit cards, distributing malware, and even offering free hacking tutorials. Users must register profiles to comment, which are also used to track reliability ratings, recommendations, and trading activity. Each thread has one or more moderators who act like law enforcement, discouraging scams and setting user behavior guidelines.

However, these forums are short-lived, usually lasting only a few months before being shut down by authorities. As soon as one is closed, another pops up. Due to jurisdictional and technological challenges, few criminals are ever caught. Despite the wealth of information available, visiting these communities poses a real risk to users: the more time you spend on such forums, the greater the chance your personal information will be exposed to cybercriminals.

Darknet Prices for Hacking and Stolen Financial Data

The darknet has long been known as a haven for all kinds of criminal groups. Here, almost anything can be bought or sold, often with anonymity—if you’re lucky and your payment data isn’t stolen in the process. The privacy provided by tools like TOR creates an environment where criminals can sell their goods without fear of law enforcement.

To show how widespread the sale of stolen financial data is, we scanned darknet marketplaces, forums, and websites to create an index of average prices for specific products:

  • Cloned Mastercard with PIN – $15
  • Cloned American Express with PIN – $35
  • Cloned Visa with PIN – $25
  • Credit card data with up to $1,000 balance – $12
  • Credit card data with up to $5,000 balance – $20
  • Stolen online banking logins with at least $100 – from $35
  • Stolen online banking logins with at least $2,000 – $65
  • Walmart account with linked credit card – $10
  • Stolen PayPal account data with at least $100 – nearly $199
  • Transfer from stolen PayPal account ($1,000–$3,000) – from $320
  • Transfer from stolen PayPal account (over $3,000) – from $156
  • Transfer from stolen Western Union account (over $1,000) – $99

PayPal account data are the easiest to steal and are the most common and cheapest items on the black market. The most expensive are real money transfers from hacked payment system or bank accounts.

Fake Documents

Fake documents are also actively sold:

  • US driver’s license, average quality – $70
  • US driver’s license, high quality – $550
  • Auto insurance card – $70
  • Fake bank statements – $25–$80
  • Rutgers University student ID – $70
  • US, Canadian, or EU passport – $1,500
  • European national ID card – $550

These documents come with various guarantees and can be made with any data the buyer chooses. With just a few pieces of real information about someone, a criminal can create a “package” of official documents for all kinds of fraud, from opening a business to getting a loan, both online and offline.

Counterfeit Money

Counterfeit bills are extremely common on darknet black markets, mostly in $20 or $50 denominations. US dollars, euros, British pounds, Canadian and Australian dollars are the most frequently sold. Some counterfeits even come with a UV-check guarantee. High-quality fake bills typically cost about 30% of the real bill’s value.

Social Media Accounts

Even social media accounts are sold on darknet platforms. Prices vary depending on the network’s popularity and the difficulty of hacking:

  • Hacked Facebook account – $74.50
  • Hacked Instagram account – $55.45
  • Hacked Twitter account – $49
  • Hacked Gmail account – $155.73
  • Stolen Instagram followers (1,000+) – $7
  • Stolen Spotify followers (1,000+) – $3
  • Twitch followers (1,000) – $6
  • TikTok followers (1,000) – $15
  • Stolen LinkedIn followers (1,000+) – $10

Offers to hack or sell accounts are relatively rare on forums, possibly due to increased security measures. Hackers often use social engineering rather than technical hacking to obtain social media credentials, which is more costly and less effective.

Malware

There is a wide price range for malware, depending on quality and effectiveness:

  • Global low-quality malware – up to $70
  • Low-quality malware for EU countries – up to $300
  • Low-quality malware for the US, Saudi Arabia, UK, Australia – up to $800
  • High-quality modern malware – $1,400–$1,700

Malware is marketed as software that can be installed on almost any operating system (Windows, Android, etc.), giving criminals access to victims’ computers and devices. Initial infection often occurs through fake online casinos, social networks, or popular websites. Some malware simply uses the victim’s computer for activities like cryptocurrency mining, while others steal credentials. It’s a lucrative business—hackers can steal tens of thousands of dollars for every thousand virus installations.

DDoS Attacks

Organizing DDoS attacks is another service offered on darknet black markets:

  • Attack on an unprotected site, 10–50k requests/sec, 1 hour – $10
  • Attack on an unprotected site, 10–50k requests/sec, 24 hours – $60
  • Attack on an unprotected site, 10–50k requests/sec, 1 week – $400+
  • Attack on an unprotected site, 10–50k requests/sec, 1 month – $800+
  • Attack on a protected site (premium), 20–50k requests/sec, several elite proxies, 24 hours – $200

A distributed denial-of-service (DDoS) attack aims to take a website offline by sending thousands of requests per second, overloading the server and causing it to crash. Guides on cashing out stolen accounts are also commonly sold, usually at minimal prices, but there’s no guarantee these methods will work.

How to Protect Yourself from Identity Fraud

If you discover money stolen from your bank account, you can try to recover it through your bank, but the process is lengthy and not guaranteed. It may take years, and in addition to theft, a loan could be taken out in your name.

We recommend these simple security measures:

  • Never give out confidential information over the phone—do it in person if necessary.
  • Each time you use an ATM, check for skimmers (devices that read card data to create a clone). Press the sides of the card slot to see if anything is loose. Skimmers are designed to mimic the slot but are often loosely attached. Check for glue or tape around the slot. If you see anything suspicious, avoid the ATM and call your bank.
  • Check the ATM keypad by gently lifting the edges. Fake keypads are sometimes placed over the real one to record your PIN.
  • Scan your computer for malware to ensure your data isn’t being recorded. Use anti-malware software.
  • Avoid using public or unsecured Wi-Fi. If you must log in to an account on an untrusted network, use a VPN to encrypt your communications.
  • Delete accounts you no longer use. Old accounts can be compromised and cause problems later.
  • Never use the same password for multiple accounts. This is the easiest way for criminals to access your confidential information.

This list may seem a bit complicated and burdensome at first, but it’s just a matter of getting used to these rules and developing a sense of “cyber safety.”

Leave a Reply