Shopping for Fraud: A Tour of Cybercrime’s Underground Economy

What if fraud looked less like a crime scene and more like an online shopping experience? That was the premise behind “Fraud for Sale: Inside the Underground Economy of Cybercrime,” led by Corey Chadderton, CFE, at the 37th Annual ACFE Global Fraud Conference. The session challenged attendees to rethink cybercrime as a sophisticated commercial marketplace where identities, credentials and network access are bought, sold and packaged like everyday products. 

History Repeats Itself 

To set the stage, Chadderton began several centuries in the past. He pointed to the East India Company, established by royal charter under Queen Elizabeth I, as an early example of how commerce, infrastructure and influence can reshape the world. With control over trade routes, taxation, intelligence and military power, the company demonstrated that when money, expertise and logistics converge, commerce becomes power. 

That same pattern, Chadderton argued, is visible in today’s cybercrime landscape. Instead of shipping routes, today’s marketplace exists in fragmented online communities where stolen identities, passwords and network access move through sophisticated supply chains. Hidden behind anonymous forums and invitation-only networks, cyber criminals have built one of the world’s most efficient underground economies. “Trust is the credential,” Chadderton said. “Fraud is no longer an event. It is an economy.” 

In that economy, identities have become inventory, and data has become currency. Chadderton noted that Europol has documented a cybercrime ecosystem in which stolen identities, credentials and personal data are bought, sold and repackaged across criminal marketplaces. The message was clear: Digital identities are no longer just personal information; they're commercial assets in the criminal underground. 

A Marketplace for Fraud 

The most surprising takeaway wasn’t the products themselves. It was the customers. Drawing on law enforcement examples, Chadderton explained that many cyber criminals purchase the tools they need rather than create them. “They buy the keys to the house, not the house,” Chadderton said. 

To help attendees visualize the underground economy, Chadderton guided the audience through a virtual marketplace. The first “aisle” featured stolen credentials, including login dumps, remote desktop access and corporate VPN credentials. Another offered “Fullz,” or complete identity packages, alongside synthetic identity kits. The next showcased one-time password bypass tools, reverse proxy kits and Telegram bots designed to defeat multifactor authentication.  

Other offerings included money mule recruitment packages with ready-made scripts, employee letters and flowcharts, as well as online “masterclasses” teaching everything from bypassing Know Your Customer requirements to laundering money and creating synthetic identities. 

The marketplace looks surprisingly familiar and has commerce tools baked in, including ratings, reviews, dispute resolution and customer support. Chadderton also shared examples of pricing for services, such as live deepfake video technology, underscoring how accessible many of these tools have become.  

 Seeing the Bigger Picture 

Chadderton encouraged attendees to think beyond individual fraud schemes and recognize the commercial ecosystem supporting today’s attacks. He described a supply chain made up of specialized roles. Harvesters steal credentials and personal information. Vendors package the stolen data into products. Access brokers sell entry into compromised systems. Other providers offer malware, phishing kits, deepfake technology and training that lowers the barrier to entry for aspiring cybercriminals. 

Understanding that ecosystem gives fraud examiners another opportunity to intervene. By recognizing where credentials are stolen, packaged and sold, organizations can identify vulnerabilities earlier. Somewhere, right now, an identity is being added to a cart, but Chadderton left attendees with a reminder that captured the spirit of the session: “Fraud may be for sale, but vigilance remains priceless.”