Tue, Dec 10, 2019

Season’s Greetings from the Dark Web

As we’ve spent 2019 highlighting some of the most pernicious cyber threats in The Monitor, businesses and individuals have become more aware of the rampant lawlessness in dark web marketplaces. In this alert, we wanted to shed some light on some absurd, and worrisome, aspects of holiday shopping on the dark web. Sure, endless amounts of stolen credit cards, Social Security numbers, firearms, phishing templates and much more are for sale. But how about hacked Christmas skins for a popular video game, or instructions on how to commit gift card fraud and make some extra money this season (and perhaps spend 2020 in jail)? As brick and mortar stores slash prices to prepare for the holiday season, the cyber black market also gears up this time of year. That’s right, it’s Christmas on the dark web.

Gift Cards – Everyone’s Favorite, Especially Cybercriminals

On Nightmare Market, a popular English-language dark web criminal market, one vendor advertises a “just in time for the holiday season” deal (Figure 1). Interested buyers can get exclusive access to a fully tested carding method for a well-known retailer that the vendor claims will yield $1,000 to $5,000 a week in profits. Carding is a form of fraud involving the purchase of store-branded gift cards with stolen credit card numbers. Payment card fraud led to more than $24 billion in global financial losses during 2018. 

Season’s Greetings from the Dark Web

Figure 1 – Gift Carding System Product Listing

Go Shopping with a Stolen Identity 

The holiday shopping season also means that more individuals may be looking for stolen personally identifying information (PII) and credit cards to fulfill their own Christmas wish list at someone else’s expense.

On the chat platform Telegram, vendors such as the one in Figure 2 advertise a “promo for Christmas” on a variety of stolen data such as fullz (a full package of PII containing such data as an individual’s name, social security number, birth date and account numbers) and CVV data which usually refers to raw credit card information most typically obtained from a skimming device or an infected point-of-sale machine. The vendor here promises the information is “valid and updated,” potentially signaling that this vendor has tested the information to ensure that it will work.

Season’s Greetings from the Dark Web

Figure 2 – Stolen Personally Identifying Data at a Holiday Discount

Looking for More Skin In The Game? Dark Web Has It Covered

Gamers looking for the latest in video game accessories may be more interested in hacked accounts. For example, a listing for “Random Christmas Skin” appears on Shoppy, a well-known platform in the gaming community (Figure 3). 

The vendor is advertising full access to an account that has up to “30 to 140 skins” for the wildly popular videogame “League of Legends” (LoL). According to an October 2019 profile in Forbes, on any day, eight million people are playing LoL simultaneously, underscoring how the game has made over  $20 billion in revenues since debuting in 2009.

Skins are virtual goods which can modify a video game player’s in-game appearance. While not inherently nefarious, the danger arises if the owner of the original hacked account used the same password across multiple platforms. In this situation, the buyer of the credentials could take over other accounts of the original owner, potentially leading to identity theft and big financial losses.

Season’s Greetings from the Dark Web

Figure 3 – Random Christmas Skins Listing Image on Shoppy

Protect Yourself From Schemes That Start on the Dark Web

While there are plenty of holiday-themed promotions flooding the dark web this month, the reality is that illicit products and services are offered on the dark web all year long. Ultimately, businesses and individuals pay the price. Data compromised on the dark web can fuel phishing schemes that lead to network intrusions, wire fraud or ransomware attacks. Individuals can become victims of SIM swapping and lose control of their email accounts, financial accounts and crypto wallets. Identity theft (for adults and children), tax return fraud, hijacked medical insurance benefits and many other kinds of fraud often get their start in dark web transactions.

But as the saying goes, being forewarned is forearmed. Dark web monitoring can serve as an early warning system that your business—or you as an individual—could soon be targeted by cybercriminals. Knowing your risk gives you the opportunity to take action, such as changing passwords, intensifying your sensitivity to phishing email messages and in general battening down your cyber defenses. Dark web criminals thrive on the element of surprise. With dark web monitoring, you can neutralize one of their greatest weapons, no matter what kind of great deal they got this holiday season! 

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.


Proactively monitor, detect and respond to threats virtually anywhere – on endpoints and throughout the surface, deep and dark web.

24x7 Incident Response

Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.

Virtual CISO (vCISO) Advisory Services

Kroll’s Virtual CISO (vCISO) services help executives, security and technology teams safeguard information assets while supporting business operations with augmented cyber expertise to reduce business risk, signal commitment to data security and enhance overall security posture.