Last updated at Mon, 30 Oct 2023 19:59:57 GMT

The Dark Web has evolved over the past few years in many ways, but one of the biggest changes is the amount of information you can find via Dark Web forums and black markets. This increase in Dark Web data developed when hackers started focusing on new targets that weren’t in the landscape before. As more industries move their businesses online, their digital attack surfaces have increased dramatically, which has given hackers new targets and scam opportunities. One of the new victims of this shift is the retail and the eCommerce sector.

For this blog, we will share examples of common retailer data found across the Dark Web and build a “Dark Web profile” for a typical retail company.

How hackers target retail companies

Imagine you run a successful eCommerce site. After a recent ad campaign, you see that every product you sell is sold out within seconds after you run the ad. You go home to your family and celebrate your success, but little do you know that a hacker has targeted your site and bought your whole stock of products, making it unavailable to your typical customers.

These products are later being sold on dark web platforms by the hacker, who is making hundreds of dollars in profits from selling your product that is not in stock anymore (which they forced with their original purchase). It doesn't take long for your customers to become upset, and your site’s reputation begins to fall.

These cyber attacks against retail and eCommerce shops can be incredibly damaging to both profits and reputation. Yet, many retail organizations aren’t aware of these attacks happening and don’t have the resources to fight back against it.

To help you understand how cybercriminals target retail companies, we've searched the Dark Web for common tactics and examples of eCommerce scams. Here's what we found.

Individual suppliers

Using the Dark Web, individuals can now become independent suppliers by developing tools that enable them to buy the entire stock of a product from an eCommerce shop and then sell that item for more money. Once a hacker has bought all the units of a popular product, consumers have no other options but to buy it from the hacker. And because fads and product obsession drive such high demand, this tactic usually works.

Most of these items can be found in the Black Markets; however, the integrity of these posts are questionable at best. The hackers don’t always have the intention of giving you your money's worth once you’ve paid. Some of these published posts are scams, where they’ll take your money and either send you a knock-off version or not send you anything at all.

Trading promo codes

Retail products are not the only thing that you can find on the Dark Web. Hackers often sell other items, such as gift cards and promo codes. Another tactic is developing a mechanism to create gift cards for popular brands on their own. This tool is known as a gift card generator and it is a relatively new service hackers offer on Dark Web forums.

Every gift card uses an ID number which ties back to an account in the retailer's database. These gift card generators use a bot that generates ID numbers, checks their validity against public algorithms, and then finally checks to see if they have a balance remaining. They can then sell these gift card balances for profit or use them to buy their own goods, which they will later sell on their own. As you might expect, these gift card generators can be very unreliable and are often just scams setup to get users to buy gift cards that don't actually work.

For this type of scheme, it doesn't matter how hackers obtain these gift cards, whether it's buying them at a discount, stealing them from a company database, or developing a mechanism to create gift cards on their own. All of these tactics can significantly eat into a company’s profits and damage brand reputation.

Carding methods

Another bit of information hackers trade on retail companies is carding methods. Carding methods are tactics to help you manipulate the details of someone else's credit card to your advantage. Many hackers sell carding methods on retail companies so other hackers can buy products with stolen credit cards and not get caught.

Premium users

Finally, you can also find instances of hackers selling the account details of “premium users” on the Dark Web. A premium user account is an account that has achieved some sort of benefit or reward status on the retailer’s site due to their buying activities.

Many retail and eCommerce companies decide to reward a user that is active on their site by giving them points for every purchase they make. The user can later use these points to purchase other items on the retailer’s site. However, these premium users have become popular targets for hackers. If a hacker gains access to a user’s account, they can use that in a number of different ways, such as:

  • Selling the user’s login information online
  • Selling the user’s points
  • Using the points to buy “free” goods they can later sell for a profit

In addition, because people typically use similar passwords for their different accounts, a hacker can likely guess the login information for other sites to continue exploiting the victim.


Although retail companies are fairly new targets for criminals, the profits they can generate are huge due to the increasing number of eCommerce transactions. It’s become incredibly easy for cybercriminals to run schemes that exploit both retailers and consumers, and as a result, they’ve been able to build a highly profitable revenue source.

Retail organizations need to be aware of these tactics and monitor for them on the Dark Web. Leveraging Dark Web reconnaissance can help you identify retail schemes before they’re carried out. Not only will this protect your profit margins, but will help you protect your customers as well, helping you maintain (or even strengthen) your brand credibility and reputation.


Get the latest stories, expertise, and news about security today.