Skip to main content

Looking for Valuant? You are in the right place!

Valuant is now Abrigo, giving you a single source to Manage Risk and Drive Growth

Make yourself at home – we hope you enjoy your new web experience.

Looking for DiCOM? You are in the right place!

DiCOM Software is now part of Abrigo, giving you a single source to Manage Risk and Drive Growth. Make yourself at home – we hope you enjoy your new web experience.

Holiday Sales on the Dark Web

Dima Khrustalov
December 17, 2019
Read Time: 0 min

Holiday sales aren't limited to legitimate businesses

Both established markets and emerging vendors on the Dark Web have been actively promoting fresh inventory and steep discounts for holiday sales, including Black Friday and Cyber Monday.

Carding shops offer bulk sales on compromised payment card data

Carding shops are underground marketplaces that traffic in compromised payment card data. These marketplaces facilitate the movement of compromised payment card data from hackers to fraudsters, often across faraway geographies. The following are actual screenshots of popular underground carding shops promoting Black Friday deals:

Account markets offer discounts on data hacked from victims

Another popular category in the underground is account markets. Account markets are e-commerce shops that offer data hacked from victims around the world. The types of compromised accounts that are commonly available and most popular on account markets are financial (bank, investments, brokerage), e-commerce, online payments, dating sites, mobile / telecommunications, social media, and email. Cybercriminals, hackers, and fraudsters purchase the account data in order to access the victims’ accounts and exploit them in various ways. The following is a screenshot of a popular account market offering a 50% discount on Black Friday:

Even illicit services are offered at a discount

One of the most important links in the chain of e-commerce fraud is the “mule”. Mules are “front men” used by fraudsters to receive packages purchased online using stolen payment cards. There are many operators of mule networks offering their services on the Dark Web. Not surprisingly, these operators have prepared for Black Friday and Cyber Monday, mainly by increasing mule capacity to satisfy the high demand during the holiday shopping.

Are you proactively monitoring the Dark Web to better protect against fraud?

Learn more

Just like in the big box stores, technical tools for illicit activity are also on sale

The digital underground is home to countless providers of technical tools and services – malware, exploit kits, phishing kits, and virtual private servers, to name a few - to other fraudsters and cybercriminals. “Anti-Detect” tools are also widely available on the underground. An “anti-detect” tool enables cybercriminals to effectively emulate a victim’s device and browser and defeat “fingerprinting” controls deployed by companies fighting cybercrime. The number and popularity of such tools has grown substantially starting in 2018. For Black Friday, the vendor of the leading anti-detect tool offers a 25% discount on several subscription packages:

Institutions need to be proactive to detect and thwart cyber threats early

The holiday season is often marked by increased fraud activity and cyberattacks targeting companies across sectors and geographies. Recognizing the intelligence value of the digital underground, companies should take steps to quickly assess their exposure across the Dark Web, Deep Web, and beyond.

Such analysis can help answer questions such as:

  • Are we being targeted?
  • What tools and tactics are our adversaries using?
  • What data or access has already been compromised?
  • What can we learn from peer companies?

Additionally, companies should consider deploying more proactive strategies to detect and thwart fraud and cyber threats early, for example, flagging compromised payment cards promoted on the Dark Web as part of Black Friday deals.

About the Author

Dima Khrustalov

Dima Khrustalov is a senior analyst with Q6 Cyber, based in their Tel Aviv office and covering global cybercriminal activities on the Dark Web and Deep Web. Prior to Q6 Cyber, Dima was an Anti-Money-Laundering and Due Diligence analyst. Dima holds a BA in Communications and Business Administration from the

Full Bio

About Abrigo

Abrigo enables U.S. financial institutions to support their communities through technology that fights financial crime, grows loans and deposits, and optimizes risk. Abrigo's platform centralizes the institution's data, creates a digital user experience, ensures compliance, and delivers efficiency for scale and profitable growth.

Make Big Things Happen.