Fullz is a term used in the world of cybercrime to refer to full packages of individuals’ identifiable information. This information is usually obtained illegally and can include a person’s name, Social Security number, date of birth, account numbers, and other personal data. Cybercriminals often sell or trade these “fullz” on the dark web, using them for identity theft, fraud, or other illicit activities.

The term “fullz” is derived from the slang term “full” used in the credit card fraud community, which refers to a full set of information needed to carry out fraudulent activities. The term has since been adopted by the larger cybercrime community to refer to any comprehensive set of personal information that can be used for illegal purposes.

Origin and Use of Fullz

The origin of the term “fullz” is somewhat obscure, but it is believed to have originated in the early 2000s among cybercriminals involved in credit card fraud. These criminals needed a term to describe a complete set of information about a potential victim, and “fullz” fit the bill. The term has since spread and is now used widely among various types of cybercriminals.

Fullz are typically used in a variety of cybercrimes, most commonly identity theft and financial fraud. Cybercriminals use the information contained in fullz to impersonate their victims, open new accounts in their names, or gain access to their existing accounts. The information can also be used to carry out other types of fraud, such as medical fraud or employment-related fraud.

Trading and Selling Fullz

Fullz are often traded or sold on the dark web, a part of the internet that is not indexed by traditional search engines and where many illegal activities take place. Cybercriminals typically sell fullz in batches, often for a few dollars per record. The price can vary depending on the quality and quantity of the information, as well as the current demand in the cybercrime market.

There are also specialized websites and forums where cybercriminals can buy and sell fullz. These sites are often highly secretive and require users to go through a vetting process before they can participate. Transactions are usually conducted in cryptocurrencies, such as Bitcoin, to maintain the anonymity of the participants.

Components of Fullz

Fullz can contain a wide range of personal information, but there are certain key components that are typically included. These include the victim’s full name, date of birth, Social Security number, and current and previous addresses. This basic information can be used to impersonate the victim and commit various types of fraud.

In addition to this basic information, fullz can also include more detailed data, such as the victim’s driver’s license number, passport number, mother’s maiden name, and other security question answers. This information can be used to bypass security measures and gain access to the victim’s accounts.

Financial Information

Financial information is a key component of many fullz. This can include the victim’s bank account numbers, credit card numbers, PINs, and other financial data. Cybercriminals can use this information to drain the victim’s accounts, make fraudulent purchases, or open new accounts in the victim’s name.

Some fullz also include information about the victim’s employment, including the name and address of their employer, their job title, and their income. This information can be used to commit employment-related fraud, such as filing false tax returns or applying for credit in the victim’s name.

Online Account Information

Many fullz also include information about the victim’s online accounts. This can include usernames, passwords, and security question answers for various websites. Cybercriminals can use this information to gain access to the victim’s accounts, steal their personal data, or carry out other malicious activities.

Some fullz even include the victim’s email address and password, which can be used to take over their email account. This can give the cybercriminal access to a wealth of additional information and can be used to carry out further attacks.

How Fullz are Obtained

There are many ways that cybercriminals can obtain fullz. One common method is through data breaches, where hackers gain unauthorized access to a company’s databases and steal the personal information of their customers. This information is then often sold on the dark web, where it can be bought by other cybercriminals and used to commit fraud.

Another common method is through phishing attacks, where cybercriminals trick individuals into revealing their personal information. This can be done through deceptive emails, text messages, or websites that mimic legitimate companies. The cybercriminals then use this information to create fullz, which they can use themselves or sell to others.

Malware and Hacking

Malware and hacking are also common methods used to obtain fullz. Cybercriminals can use malware to infect a victim’s computer or smartphone, allowing them to steal the victim’s personal information. They can also use hacking techniques to gain unauthorized access to a victim’s accounts, where they can steal their personal data.

Some cybercriminals also use social engineering techniques to trick individuals into revealing their personal information. This can involve posing as a trusted individual or organization, such as a bank or government agency, and convincing the victim to provide their personal information.

Data Brokers and Public Records

Some fullz are obtained from data brokers, companies that collect and sell personal information. These companies gather information from a variety of sources, including public records, online activity, and other data providers. Cybercriminals can purchase this information and use it to create fullz.

Public records are another source of information for fullz. These records can include property records, court records, and other public documents that contain personal information. Cybercriminals can access these records and use the information they contain to create fullz.

Preventing Fullz Theft

There are several steps that individuals can take to protect themselves from fullz theft. One of the most important is to be vigilant about protecting personal information. This includes not sharing personal information unnecessarily, being cautious about who is asked for it, and being aware of common phishing tactics.

It’s also important to use strong, unique passwords for all online accounts and to change these passwords regularly. Using two-factor authentication, where available, can also provide an additional layer of security.

Monitoring and Alerts

Regularly monitoring financial accounts and credit reports can also help to detect any suspicious activity that may indicate fullz theft. Many financial institutions offer alert services that can notify individuals of any unusual activity on their accounts.

There are also various credit monitoring services available that can alert individuals to any changes in their credit reports. These services can be particularly useful for detecting identity theft, one of the main uses of fullz.

Secure Internet Practices

Using secure internet practices can also help to protect against fullz theft. This includes using secure, encrypted connections when transmitting personal information, being cautious about downloading attachments or clicking on links in emails, and using antivirus software to protect against malware.

It’s also important to be cautious about sharing personal information on social media, as this information can be used by cybercriminals to create fullz. This includes being careful about what is posted publicly and using privacy settings to control who can see personal information.

Legal Consequences of Using Fullz

Using fullz for illegal purposes can have serious legal consequences. In many jurisdictions, it is a crime to use someone else’s personal information without their consent, particularly for fraudulent purposes. Penalties can include fines, imprisonment, and other legal sanctions.

Furthermore, individuals who buy or sell fullz can also face legal consequences. This includes not only those who use the information for illegal purposes, but also those who trade or sell the information. Even if the information is not used for illegal purposes, simply possessing it can be a crime in many jurisdictions.

International Legal Framework

The legal framework for dealing with fullz varies from country to country. In many countries, there are specific laws that criminalize identity theft and related activities. These laws often include provisions that specifically address the use of fullz.

In addition to national laws, there are also international agreements that address the issue of fullz. For example, the Council of Europe’s Convention on Cybercrime includes provisions that criminalize the unauthorized access to, interception of, or interference with computer data, which can include fullz.

Enforcement Challenges

Despite the legal consequences, enforcing laws against the use of fullz can be challenging. One of the main challenges is the international nature of cybercrime. Cybercriminals often operate across national borders, making it difficult for law enforcement agencies to pursue them.

Another challenge is the anonymous nature of the internet, which can make it difficult to identify and locate cybercriminals. This is particularly true on the dark web, where many fullz transactions take place.


Fullz are a serious threat to personal privacy and financial security. They are used by cybercriminals to commit a range of illegal activities, from identity theft to financial fraud. Understanding what fullz are, how they are used, and how they can be prevented is an important step in protecting against these threats.

As technology continues to evolve, so too do the methods used by cybercriminals. It’s therefore crucial to stay informed about the latest threats and to take proactive steps to protect personal information. By doing so, individuals can reduce their risk of becoming victims of fullz theft and other forms of cybercrime.

With cybersecurity threats on the rise, organizations need to protect all areas of their business. This includes defending their websites and web applications from bots, spam, and abuse. In particular, web interactions such as logins, registrations, and online forms are increasingly under attack.

To secure web interactions in a user-friendly, fully accessible and privacy compliant way, Friendly Captcha offers a secure and invisible alternative to traditional captchas. It is used successfully by large corporations, governments and startups worldwide.

Want to protect your website? Learn more about Friendly Captcha »