Deception is being an effective approach since Hindu mythological times as Lord Vishnu’s Avatar Mohini allured Asuras by fake promise to serve Nectar of Immortality equally among Devas & Asuras during Samudra Manthan (You can read about it here).

Twist factorDisguise in Retaliation: Svarbhanu, an Asura disguised himself as Deva had seated among Devas to obtain Nectar of Immortality. As he successfully drank, devas immediately came to know and Lord Vishnu beheaded him. But due to the Immortality, his head and body got separated — but still alive, hence forming as Rahu & Ketu (Solar & Lunar Eclipse)…

Uncovering a Stealthy Network of Scam Markets on Dark Web & Deep Web

This article exposes one of the most popular Scammers of the Dark Web who poses to offer a wide array of Offensive Services to Dark Web Netizens, by setting up lucrative and promising Websites on the Darknet. Scammers always use the Visual Deception technique to coax the visitors to the sites, which eventually prompts them to pay for the malicious services as “advertised”. Hence, this is the most non-offensive method to earn in Cryptos for the fraudsters as the scammer is not directly targeting anyone, instead earmarking the weaknesses of the public for the weaker ones to fall for it.

It is a common scenario to come across the various Bitcoin Scams on Dark Web while visiting various services. Some are even advertised on landing pages of popular Dark Web sites, which transports users to the luring page of Bitcoin SCAMS. Inexperienced or Less Tech-Savvy Netizens are stupefied by such posts, falling into the bait; ultimately losing money.

It is also evident that these kinds of scams are being made operational by infamous Threat Actors such as Dark Hotel (Korea) to gain maximized profit to fund their Cyber Operations. One such incident pertaining to Magniber Ransomware (which we would be…

NOTE: This tutorial only focuses on the Exploration, Exploitation and Attack Vectors carried out using MODBUS Protocol. Some of the networks described in this article are accessed only for EDUCATIONAL PURPOSES and left untouched, causing no harm to the accessed network.

With the adoption of the Internet in the 1980s, many of the complex tasks paved the way for digitization and nearly every piece of daily work began to witness the presence of Computer & Internet, hence becoming an inevitable factor. Industrial Control Systems were not an exception to this and made its progress a few decades ago. …

Educational Institutes are an easy prey for hackers to compromise and covertly launch Cyber Attacks/Malicious Campaigns under the hood, without divulging their real identity. This is majorly caused due to the reckless attitude of IT Administrators towards their Network Assets as the software programs (which are being used in the production) needs to undergo several patches/updates to mitigate any exposed risk.

School of Villains by Naolito | Source: DeviantArt

Here, we are going to discuss each Threat Vectors where Educational Institutes are being targeted and being used for possible malicious campaigns or exploitation.


It is notable that there is a significant rise of “Database Trading” detected…

Note: The primary aim of this article is not to pinpoint any individual SCAM, but to shed light on the methods adopted by Scammers/Attackers which peddles the Scam Business. Here, a Real-Life Use Case of SCAM is selected to provide detailed insight!

SS7 (Signalling System #7) is an interesting field where newbies often gets attracted due to its complexity and the recent architectural flaws. This interest is being monetized by Scammers.

A lot of traction has been gained on the design flaws of SS7 Architecture where Text/MM Messages, Calls, Billing and other services that are serviced on the cellular network…

Hacking Services are always a hot topic among Non-Tech Groups, as they do not comprehend the fact that though there are some legit services available, most of them are proved to be a larger scam unit. Without doing much background checks about the advertised “Hacking Service” vendors, people get blindfolded by the Reviews, Images as Proofs, Successful Client Conversations etc presented by the “Hackers”; which can be easily manipulated and present before their client in order to defraud them in the chain of vicious business deal.

Interesting plot which often gets leveraged by such Scamsters is by offering “Spying on…

In the world of Digital Fraud, Scammers are quite popular group who promises to sell various services/items by showcasing themselves as legitimate parties by to the Netizens through various means such as Hoax Comments, Inflating Vendor Past Dealings, Fake Star Ratings etc.

There are different type of scammers out there, the ones who targets usual e-commerce customers where maximum profits are reaped. And another type of scammers are targeting the people who relies on purchase of offensive services from Deep Web or Dark Web Marketplaces.

Attackers Never Retires, they Just Evolves! Image Courtesy: Redpeggy (DeviantArt)

Here, we are discussing about such a Scammer, who offers service to Dark Web Users…

With the large number of online marketplaces, people are curious to check various digital shops launched across cyberspace. Though there are many shady vendors in each marketplace, people would generally not fall as an easy prey.

But what if you come across a Marketplace with criminals presenting themselves as legitimate vendors to its users by showcasing the well-crafted product images with past dealings history (Star Rating)loaded up with fake comments?

Pic Courtesy: (God Of War)

Yes, today I came across such shop while investigating a Dark Web Site named “GiftHub” which is a PornHub themed logo, offering Gift Cards for 7 services namely:-


Purchasing anything from Dark Web is always a mounting pressure due to various factors such as:- Market Exit Scam, Receiving mediocre quality products, getting duped for the ordered product, Vendor Disappearance, Get Busted by the Feds etc.

New Dark Web Market always gets launched within a limited time span with security features implemented such as PGP Signature for Users, 2FA for Account Security, Acceptance of XMR and ZCash(over BTC), ESCROW facilitation, Stable Mirror URLs (in case the main URL gets DDoS’d), Support for Cold Wallet, MultiSIG, 24/7 Support via Dread, tie-up, Publishing Scammer/Banned Member List etc. …

Rakesh Krishnan

Independent Security Researcher and Threat Analyst. Often sheds light on Dark Web. Regular contributor to Infosec Community.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store