A NordVPN and Saily study found a surge in “dark web travel agencies”, where stolen credit cards are used to purchase flights, hotels, and other travel services and later sold at steep discounts on illicit online marketplaces.
In the heat of early-bird discounts and yearly vacation planning, cybersecurity experts are urging consumers to closely monitor their financial accounts.
“Buy-for-you services, or dark web travel agencies, make their money by using stolen payment data,” said Vykintas Maknickas, CEO of Saily. “If your credit card details have been included in a data leak, there is a growing chance it could be used to buy someone else a vacation.”
How dark web travel agencies operate
Dark web travel agencies operate like legitimate booking platforms but entirely within hidden dark web forums and marketplaces. Cybercriminals act as agents and purchase legitimate travel products — flights, hotel reservations, and travel-related services — using stolen credit cards, then resell them at significantly reduced prices. Research shows that 92.5% of these offers are discounted between 40% and 60% off the original price.
Nevertheless, “good deals” like these usually come with consequences. Travellers who bought the discounted service are often met with cancelled bookings or police investigations for fraud or simply get ghosted by the hackers. The original cardholders often remain unaware until fraudulent charges appear on their accounts.
“Travel services on the dark web are a well-developed market with its own customer service and repeat clients,” said Maknickas. “Our research shows that the most accepted payment methods are crypto or cash apps. Also, escrow is very popular among these services — it works as a trust-building tool.”
Among the most popular services sold by dark web travel agencies, hotel reservations are at the top, making up 18.2% of all services. Flights follow at 13%, while Airbnb reservations and car rentals account for 5.6% and 5.2%, respectively. Often these services, such as flights and accommodations, are sold together in a single package.
Meanwhile, research has revealed a new trend on the dark web where these travel agencies have expanded their offerings to include coupons for delivery and shopping. UberEats coupons represent 21.7% of services sold on these platforms, followed by DoorDash at 16.2% and Amazon at 10.1%.
“Travel purchases are especially attractive to criminals,” said Marijus Briedis, CTO at NordVPN. “Because travel purchases are typically high-value and can resemble legitimate spending, they may not be flagged right away on a credit card statement. That gives scammers more time before fraud is reported and the card is canceled. ”
Experts note that these agencies may also test stolen cards with smaller charges before moving on to more expensive travel bookings.
Tips on how protect your financial accounts
Unlike some forms of cybercrime, dark web travel fraud doesn’t rely on fake websites or obvious scams targeting the victim directly. Instead, criminals exploit previously stolen financial data, meaning even consumers who haven’t recently clicked suspicious links or made risky purchases could be affected.
“Cybercrime is evolving rapidly, but so are the tools and strategies to defend against it. By combining smart technology practices with constant awareness, individuals can significantly reduce their risk of financial account compromise,” added Briedis.
Experts recommend consumers regularly review bank and credit card statements, enable real-time transaction alerts, and immediately report unfamiliar charges to their financial institutions. Even small or seemingly insignificant purchases can be early indicators that a card has been compromised and used with dark web travel agencies.
Cybersecurity professionals also advise using strong, unique passwords, enabling multi-factor authentication, and limiting where payment information is stored online.