Online scams easy as ever, as cybercrime markets flourish

An expanding network of cybercrime marketplaces is making it easier than ever to become a professional fraudster, posing unprecedented cybersecurity threats worldwide, experts warn.

Cybercriminals are often portrayed in popular media as rogue and highly skilled individuals, wielding coding and hacking abilities from a dimly lit room. But such stereotypes are becoming outdated. 

“Looking back to the 1990s and early 2000s, you needed to have a reasonable level of technical competence to pull off these types of crimes,” Nicholas Court, assistant director of Interpol’s Financial Crime and Anti-Corruption Centre, tells CNBC. 

Today, the barriers to entry have come down “quite significantly,” Court said. For example, obtaining personal data, such as email addresses, and sending them spam messages en masse — one of the oldest online scams in the book — has never been easier.

Cybersecurity experts say the change is due to advances in scam technology and the growth of organized online markets where cybercrime expertise and resources are bought and sold. 

“The last decade or so has seen an evolution of rogue cybercriminals into organized groups and networks all of which are part of a thriving underground economy,” said Tony Burnside, vice president and head of Asia-Pacific at Netskope, a cloud security company.

Driving that trend has been the emergence of global underground markets that offer “cybercrime-as-a-service” or “CaaS,” through which vendors charge customers for different types of malicious tools and cybercrime services, he added.

Examples of CaaS include ransomware and hacking tools, botnets for rent, stolen data, and anything else that may aid cybercriminals in their illicit activities.

“The availability of these services certainly helps in enabling more cybercriminals, allowing them to scale up and sophisticate their crime while reducing the technical expertise required,” Burnside said. 

CaaS is often hosted on markets in the “darknet” — a part of the internet that uses encryption technology to protect the anonymity of users.

Examples include Abacus Market, Torzon Market and Styx, though the top markets often change as authorities shut them down and new ones emerge. 

Burnside adds that the criminal gangs operating CaaS services and markets have begun to operate like “legitimate organizations in their structure and processes.”

Meanwhile, vendors on these illicit exchanges tend to accept payments only in cryptocurrency in attempts to remain anonymous, obscure proceeds and evade detection. 

Silk Road, an infamous dark web marketplace that was shut down by law enforcement in 2013, is recognized by many as one of the earliest large-scale…