How Cybercriminals Sell Fake Data and Fall for It Too

Fake data leaks are being increasingly sold on the dark web – and cybercriminals are falling for it.

Tech and Auto
4 min read
<div class="paragraphs"><p>With pandemic disrupting businesses and with remote working becoming reality, cyber criminals have been busy exploiting vulnerabilities.</p></div>

Even scammers are now the target of online fraud. Fake data leaks are being sold in hacker forums, posed as authentic databases for billions of dollars.

Fraudsters have been selling fake data leaks to trick users into buying them.

Since the frequency of cyber incidents have increased manifold in concurrence with the pandemic, malicious actors now have more data sets to work with, which explains the rise in fake claims.

Dark Web: World's Largest Data Marketplace

Genuine data leaks like BigBasket, Mobikwik, and Domino's where data of billions of customers, including sensitive personal and financial information were made public, has offered fodder for fraudsters to manipulate data and earn revenue from it.

Prashanth Guruswamy, Co-founder, InstaSafe, a cyber security firm told The Quint that since data is the new 'oil', malicious actors are selling off such data in bulk, and cryptocurrency is being used as the method of payment in most cases owing to the ease and untraceability of crypto transactions.

One of the biggest marketplaces in this regard is the dark web, which in recent times has become a hotbed for leak-based transactions.

Sourajeet Majumder, a cyber expert, points out that hackers usually post samples of the data they have managed to exploit, and for both the sample set, as well as the complete data, payment is done through Bitcoins.

Interestingly, a recent discussion thread on the dark web pointed out that most of the leaks that were being reported were actually either fake, or simply bad samples, meaning that the data in question wasn’t relevant or useful, or simply information that could be gleaned as basic data from any website.

"Since this has come across as a lucrative revenue generating opportunity, hackers are ironically using datasets from one leak and presenting them as datasets from another leak. So, a Mobikwik leak may be adequately presented as a Facebook leak."
Prashanth Guruswamy, Co-founder, InstaSafe

Rise of Fake Data Breaches

  • <div class="paragraphs"><p>Fake Koo data being sold on dark web.</p></div>
  • <div class="paragraphs"><p>Fake data on CoWin sold on dark web.</p></div>
  • <div class="paragraphs"><p>Fake Clubhouse data leak.</p></div>
  • Clubhouse: The latest alleged data breach which claimed that a database of 3.8 billion phone numbers, owned by Clubhouse users, was sold on the dark web. Cyber security researcher Rajshekhar Rajaharia clarified that fake numbers were generated using bots and the alleged data breach was fake.

  • CoWin: The Centre refuted reports of CoWin platform hack that led to an alleged leak of the personal details of millions of citizens who have registered on the platform for COVID-19 vaccination, saying that the claims “prima facie appear to be fake.”

  • LinkedIn: Looking at the sample data shared by the threat actor, it is very prominent that the data set only includes data which is publicly available on LinkedIn profile.

    "Calling the set of LinkedIn data that has been posted for sale as a data breach explicitly, is not ideal and spreads disinformation and adds to user's anxiety," said Majumder, cyber security researcher.

  • Koo: A threat actor on dark web forum released a data set and claimed that the data includes personal information of more than 1 million users of the microblogging platform. Majumder told The Quint that the data set was just a collection of random numbers and termed it as 'fake'.

Majumder told The Quint that fake data breaches have increased amid the pandemic.

"While it is a good sign that people are finally becoming aware and are voicing their opinions on social media platforms but fraudsters are now trying to use this 'data breach trend' to sell their fake data sets since they are of the notion that buyers will easily believe the breach is real because of this ongoing trend."
Sourajeet Majumder, Cyber Security Researcher

Who is Buying And Why?

Leaked data attracts various types of buyers. Mostly such data is bought by cyber criminal groups who can use it for malicious practices and at times such data also interests telemarketing companies and campaign organisers for advertising purposes.

Guruswamy said that hackers themselves are some of the biggest buyers of such leaked data. "We have had proven instances, wherein hackers have used a combination of personal information with leaked digital loans and social security data to take massive loans in the victim’s name. Collation of leaked information can result in a literal treasure trove of data that can not only be used by malicious actors, but also by state actors and foreign governments," he added.

Who is Selling And Why?

These fraudsters are generally frequent users of dark web and members of illegal online marketplaces who are quite tech savvy.

There can be multiple reasons for why they sell fake data. Some of which Majumder points out are:

  • To dupe buyers out their money or resources.

  • As a publicity stunt to gain reputation points on the forum/marketplace.

  • To malign the image of an organisation.

Ways to Generate Fake Data

Fraudsters have discovered several ways to generate fake data in order to fool people. In some cases, they scrape publicly available data from online sources and try to sell it as breached data.

Sometimes fraudsters also try to sell part of any previously breached data from some other organisations, claiming it as a fresh data breach from their target organisation.

In other cases, the fake datasets are created using bots which is no way are related to the target organisation.

Identifying The Authenticity of Data Leak

Often, hackers’ forums are the first to deduce the authenticity of claims regarding data leaks, basis analysis of the samples that are put up in marketplaces. But, it is tough to actually analyse the actual source of data leaks if they are collated from multiple sources.

"The only way to stop the data breaches is to have strong firewall and all the companies should always encrypt, backup, and opt for automatic upgrades so that there are no loops for hackers."
Ashutosh Verma, Cyber Security Expert, Founder Exalta India

(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)

Stay Updated

Subscribe To Our Daily Newsletter And Get News Delivered Straight To Your Inbox.

Join over 120,000 subscribers!