- Nearly 1 million alerts sent in relation to data exposure on the dark web in just 6 months.
- Italy in 5th place for online theft of e-mail addresses and passwords, and 7th for the number of compromised e-mail addresses.
- 36.8% of Italians received alerts for data found on the dark web, with Lazio, Lombardy, Sicily and Campania the most affected regions.
In the first half of 2024, the exposure of new data circulating on the dark web rose, with increasingly complete information on victims, making fraud attempts more effective. This is one of the main findings from the CRIF Cyber Observatory, which analyzes the vulnerability of users and companies to cyber-attacks, interpreting the key trends regarding data exchanged in both Open Web and Dark Web environments.
Globally, the number of alerts sent relating to data exposure on the dark web also increased by 10% compared to the previous six months, with a total of 978,957. This confirms that users are having difficulty defending themselves against attacks such as phishing, smishing, vishing and spear phishing. It is worth noting the emerging use of zero-click exploits, which allow malicious code to be executed with a simple SMS, without the user having to interact in any way with the message. Although the severity of alerts in general remained stable, the highest severity recorded by alerts in the first half of the year increased by 31.6% compared to the previous half-year period. In contrast, in the same survey period, the number of alerts sent relating to the exposure of data on the open web fell by 34%, with a total of 23,500 in the first half of 2024. This positive figure is partly due to the privacy regulatory framework, which has imposed more regulation aimed at providing users with greater control over the exposure of their personal data.
Italy is not exempt from this cyber threat either; in fact, in the first 6 months of 2024, 36.8% of users received at least one alert for data detected on the dark web. Furthermore, Italy is ranked 7th in the world in terms of the number of compromised e-mail addresses circulating on the dark web. With regard to stolen credit card data in circulation, Italy ranks 18th in the global ranking, which is still significant.
“The data we collected in the first half of 2024 confirms an alarming trend: Increasingly sophisticated and personalized attacks on the profile of victims allow personal data to be stolen and exchanged through the dark web, with the aim of obtaining a financial advantage to the detriment of the victims themselves. This underlines the importance of being vigilant whenever we are asked to provide personal data and of adopting protection tools capable of identifying the presence of data on the dark web,” commented Beatrice Rubini, Executive Director of the CRIF Mister Credit Line.
Data combinations most exposed to fraud
Looking at the type of data most frequently exposed to fraud, in the first half of 2024 it emerged that the most sought-after information for cyber criminals is the combination of the full residential address and associated e-mail address (65.36% of cases detected), which increased by 146% compared to the second half of 2023, as well as the combination of phone number and e-mail address, which increased by 142% (37.22%). The rise of these data combinations on the dark web is the result of a mix of major data breaches, advanced cybercrime techniques and the increasing value that this data has for bad actors. Indeed, pieces of personal information that are combined with one another are used to identify individuals and improve the accuracy of social engineering attacks, as well as for carrying out targeted fraud such as spear phishing, a type of phishing aimed at a specific target and, precisely for this reason, more difficult to detect. Among the most common examples of this type are BEC (Business E-mail Compromise) attacks, or the CEO scam, where cybercriminals send targeted e-mails to employees, posing as trusted figures such as their company’s CEO, in order to steal money or sensitive information.
Finally, the combination of a credit card number, found in 41.79% of cases, with security data and expiry date is particularly important. Although this decreased in the first 6 months of the year, it is still extremely worrying because it is linked to the risk of financial fraud.
| Top data combinations | H1 2024 | Variation vs H2 2023 |
| E-mail + Password | 96.16% | -1% |
| Username + Password | 91.17% | 31% |
| Phone number + First and Last Name | 55.41% | 59% |
| Phone number + E-mail | 37.22% | 142% |
| Full address + E-mail | 65.36% | 146% |
| Full address + Phone number | 62.26% | -31% |
| Credit card number + Security data and expiry date | 41.79% | -58% |
Source: CRIF Cyber Observatory
It is interesting to note that the details of identity documents and other personal identification numbers (e.g., tax code or social security number) are also subject to attack and exposure together with other data, and can be used to purchase or request services where this information is required.
Most frequent accounts on the dark web
Looking at the types of services linked to usernames found on the dark web, with the exception of e-mail services, VPN (Virtual Private Network) services were number one (30%) in the first half of 2024. VPN systems are increasingly used globally, including by individuals, to allow users to create a secure and private internet connection, even when browsing on a public or insecure network, such as Wi-Fi in a café, on a train or at an airport. In second place were accounts related to the most popular social networks (18%), while in fourth and fifth place were the theft of accounts related to financial services (10%), such as payment platforms and of e-commerce site accounts (7%).
| Most commonly found account types | H1 2024 | |
| 1 | VPN services | 30% |
| 2 | Social Networks | 18% |
| 3 | Internet sites | 11% |
| 4 | Financial services | 10% |
| 5 | E-commerce platforms | 7% |
| 6 | Education | 6% |
| 7 | Gaming | 5% |
| 8 | Dating | 5% |
| Government | 4% | |
| Forums | 1% |
Source: CRIF Cyber Observatory
Stolen credentials on the web can be used for a variety of purposes, such as to hack victim accounts, misuse services, send messages with money requests or phishing links, or send malware or ransomware to extort or steal money. Even for this type of data theft, the “human factor” is essential, i.e., user inattention is one of the most commonly identified causes, as well as weak passwords or passwords used for multiple accounts.
Most affected countries
In terms of the countries most affected by e-mail and password online theft, the USA is in top spot, followed by Russia, Germany and France. Italy is in 5th position, followed by the United Kingdom. In the most recent six-month survey, it was also found that the .edu domain, which is widespread among schools, colleges and universities, circulates widely on the dark web, confirming that numerous e-mail addresses of students and university staff are exposed to cyber risk.
In the ranking of continents most susceptible to the illicit exchange of credit card data, Europe comes first, with a significant increase compared to the previous six-month period of +107%, followed by North America and Asia, where the increase was +61%. Among the countries, Italy comes 18th in the global ranking.
Italy
Looking in more detail at Italy, where 36.8% of users received at least one alert in the first half of 2024, there was an increase in alerts sent regarding the theft of data monitored on the dark web. In fact, 90.7% of users received at least one alert regarding the dark web, while the figure is only 9.3% for data collected on the open web.
Looking at the common characteristics of the individuals sent alerts, the most affected age groups are 51-60 year-olds (25.8%), followed by 41-50 year-olds (25.5%), on a par with the over 60s (25.5%). Men account for the majority of users (64.0%).
The regions with the most alerts received in the first 6 months of the year are Lazio (18.7%), Lombardy (13.8%), Sicily and Campania (both 8.5%), but proportionately it is the inhabitants of Molise, Sicily, Lombardy, Umbria and Valle d’Aosta who received the most notifications.
As a result, the geographical areas where the most people received alerts are the Center (32.4%) and the North (38.9% overall), but proportionately it is the Northwest and Northeast that received the most alerts for data theft.
| Geographical area | Alerted customer distribution | Customer distribution | % customer with alerts |
| Northwest | 23.3% | 22.1% | 38.5% |
| Northeast | 15.6% | 15.0% | 38.0% |
| Center | 32.4% | 34.6% | 34.3% |
| South | 28.8% | 28.3% | 37.2% |
Source: CRIF Cyber Observatory
Also for Italy, in the first half of 2024 the most frequently identified data on the open web - therefore publicly accessible by anyone on the web - were tax codes (63.1% of the data found) and e-mail addresses (28.8%), followed by some distance by phone numbers (5.4%), usernames (1.7%) and street addresses (1%).
| Open web alert type | H1 2024 |
| Tax code | 63.1% |
| E-mail address | 28.8% |
| Phone number | 5.4% |
| Username | 1.7% |
| Street address | 1.0% |
Source: CRIF Cyber Observatory
On the dark web, on the other hand, it was e-mail credentials that were most frequently found in the first 6 months of the year, followed by phone numbers and tax codes. This valuable information could be used to try to commit fraud through the increasingly common techniques of phishing or smishing.
“In such a complex scenario, and in the face of established negative trends, education on the opportunities and risks associated with digital services is crucial to helping citizens defend themselves. For several years, we’ve been running projects to raise awareness and engage people on issues related to cyber risks. In this context, we recently made a short film called “Il Furto” (The Theft), which tells two stories about the potential consequences of identity theft, showing how this crime can have a significant impact on people’s lives,” concluded Beatrice Rubini.
