Warning on World Backup Day, March 31st
NordVPN has released a survey exposing 'Dark Web Travel Agencies' that resell travel products fraudulently purchased using credit card info stolen by Infostealer malware.
📋 Article Processing Timeline
- 📰 Published: March 30, 2026 at 19:00
- 🔍 Collected: March 30, 2026 at 22:56 (3h 56m after Published)
- 🤖 AI Analyzed: April 22, 2026 at 05:42 (534h 46m after Collected)
NordVPN (Headquarters: Amsterdam, Netherlands; Japan Representative: Takuro Ohara), a provider of personal security services, has announced the results of a survey conducted in 2025 by its threat exposure management platform "NordStellar" regarding the actual damage caused by the information-stealing malware "Infostealer."
This survey analyzed 913 data points collected from dark web bulletin boards and Telegram groups between 2021 and 2025. It revealed the reality of "Dark Web Travel Agencies," which fraudulently purchase flight tickets and hotel reservations using credit card information stolen by Infostealers and resell them on the dark web. It was found that 92.5% of listings are sold at a 40-60% discount off the list price, and in addition to hotel reservations (18.2%) and airline tickets (13%), the handling has recently expanded to delivery coupons such as Uber Eats (21.7%).
Every year, March 31st is "World Backup Day." On this occasion to review the protection of digital data, NordVPN is once again urging consumers to be cautious ahead of the Golden Week and spring travel seasons. Damage from credit card fraud is becoming serious in Japan as well, and according to data from the Japan Consumer Credit Association, the total amount of damage in 2024 reached a record high of 55.5 billion yen. 92.5% of this was due to the theft of card numbers, pointing to a connection with the spread of Infostealers (Source: Japan Consumer Credit Association).
*Infostealer is a malware that secretly collects credit card numbers, passwords, cookies, and saved browser information from infected devices and transmits them externally. It infects through email attachments or unauthorized software downloads, stealing information without the user's knowledge. The dataset for this investigation also included manuals detailing the procedures of crimes by sellers on the dark web, revealing that techniques are systematically shared and inherited.
## What is a "Dark Web Travel Agency"?
A dark web travel agency offers services in a format similar to legitimate travel booking sites, but the actual location of its activities is concealed black markets and bulletin boards on the dark web. Criminals use credit card information stolen on the dark web to purchase legitimate travel products and resell them to third parties at a significant discount. Based on an analysis of data (913 valid entries) collected by NordStellar between 2021 and 2025, the following realities were uncovered:
- 92.5% of listings are sold at a 40-60% discount off the list price. It is a clever resale scheme disguised as "cheap travel."
- The most frequent category is hotel reservations (18.2%), followed by airline tickets (13%), Airbnb reservations (5.6%), and rental cars (5.2%). Package sales combining airline tickets and accommodation have also been confirmed frequently.
- In recent years, it has expanded to delivery coupons. Transactions are made in the order of Uber Eats (21.7%), DoorDash (16.2%), and Amazon (10.1%).
- Cryptocurrency and cash apps are frequently used for payments. A trust-building mechanism through "escrow" (third-party deposit) is also established.
This survey analyzed 913 data points collected from dark web bulletin boards and Telegram groups between 2021 and 2025. It revealed the reality of "Dark Web Travel Agencies," which fraudulently purchase flight tickets and hotel reservations using credit card information stolen by Infostealers and resell them on the dark web. It was found that 92.5% of listings are sold at a 40-60% discount off the list price, and in addition to hotel reservations (18.2%) and airline tickets (13%), the handling has recently expanded to delivery coupons such as Uber Eats (21.7%).
Every year, March 31st is "World Backup Day." On this occasion to review the protection of digital data, NordVPN is once again urging consumers to be cautious ahead of the Golden Week and spring travel seasons. Damage from credit card fraud is becoming serious in Japan as well, and according to data from the Japan Consumer Credit Association, the total amount of damage in 2024 reached a record high of 55.5 billion yen. 92.5% of this was due to the theft of card numbers, pointing to a connection with the spread of Infostealers (Source: Japan Consumer Credit Association).
*Infostealer is a malware that secretly collects credit card numbers, passwords, cookies, and saved browser information from infected devices and transmits them externally. It infects through email attachments or unauthorized software downloads, stealing information without the user's knowledge. The dataset for this investigation also included manuals detailing the procedures of crimes by sellers on the dark web, revealing that techniques are systematically shared and inherited.
## What is a "Dark Web Travel Agency"?
A dark web travel agency offers services in a format similar to legitimate travel booking sites, but the actual location of its activities is concealed black markets and bulletin boards on the dark web. Criminals use credit card information stolen on the dark web to purchase legitimate travel products and resell them to third parties at a significant discount. Based on an analysis of data (913 valid entries) collected by NordStellar between 2021 and 2025, the following realities were uncovered:
- 92.5% of listings are sold at a 40-60% discount off the list price. It is a clever resale scheme disguised as "cheap travel."
- The most frequent category is hotel reservations (18.2%), followed by airline tickets (13%), Airbnb reservations (5.6%), and rental cars (5.2%). Package sales combining airline tickets and accommodation have also been confirmed frequently.
- In recent years, it has expanded to delivery coupons. Transactions are made in the order of Uber Eats (21.7%), DoorDash (16.2%), and Amazon (10.1%).
- Cryptocurrency and cash apps are frequently used for payments. A trust-building mechanism through "escrow" (third-party deposit) is also established.