F The Art of Carding: A Detailed Look Into Scammer Strategy To Steal Your Money - Part 3/3

In the previous blog post, we learned about what SOCKS, Cardable site and what cardable means, Carding while on the job, Skimming whilst on the job, Trashing and Phishing over the phone are. In this blog, we will continue to learn more about it and As a result of the feedback which I have received for the last two parts of the series, I have decided to make this blog more immersive for you.
In this blog, we will be getting into a scammer character and will learn more behind the scenes of the art of carding. (*Assume YOU are a scammer. Let's find out what you can do*)

Keylogging for CVV2s

Hardware keylogging

First of all it's best if you use hardware keyloggers here that you put into the keyboard of a computer belonging to an area where a lot of people are going online a lot and logging into e-mails, Ebays, PayPal, etc, pretty much giving you enough info for you to go searching through if you get in their e-mails, or maybe you're lucky enough to get someone who is buying something online anyway.

And come back within 2 days time or so and collect the keylogger after doing some browsing yourself (as to not look suspicious just coming in and then leaving a few seconds later).

Or of course you could set one up in a business and do the classic call in and do some social engineering from the credit card company or secret service and have them go to the bank online and have them log in to verify, or maybe even have them log in to a fake bank online made by yourself that will collect anyone's info who logs in on it.

Carding Instore

Instore carding is the act of skimming a credit card and writing the dumps and track1+2 to a CR-80 piece of plastic and then either cashing out at the ATM or shopping for goods instore, as long as you have the PIN as well through whatever method you choose to use.

IRC
Services provided in IRC

IRC is the main gathering for carders, scam artists and rippers. To put it in a nutshell, IRC is THE black market, unlike craigslist and eBay which is just black markets. You can get anything illegal off IRC from CP to warez to CC details (which is what we want).

To concentrate on carding though you can buy:

CVVs
CVV2s SSNs
Utility bill scans CC scans
COB (a service to get someone to call up the victim's bank and get the billing address changed to your drop) Payment for using someone else's drop and then sending to you
Spyware
Fake ID/ ID scans DUMPZ
Phisher pages
The list really is endless

There are a lot of advantages to using IRC networks and channels which I'll go into now:

- The channels are often underground and not known to many people, so they're harder to stumble upon by some random guy.

- The messages can be encrypted so they can't be read by anyone happening to be on the network sniffing the traffic. This makes it harder for investigators to uncover.

- Easier and quicker to communicate with mass amounts of like-minded people.

- Variety of channels to go to if one doesn't suit you (there are MILLIONS and new ones being made every second, guaranteed).

- And of course, a variety of services, if you need something you can bet someone from the other side of the world will be willing to share or/and sell to you.

There are a lot of disadvantages though, IRC is the equivalent of a backstreet alley, you'll be fine if you stay cautious, here's what you should be worry of:

- Viruses

- If you don't have strong anti-viruses and firewalls you will get infected (You don not want Norton, Kaspersky, and NOD32 like software's here)

- Do not accept random .exes or any file for that matter

- It is easy to get ripped off, choose your forms of payments and who you deal with wisely

Vendors and how to approach them

Vendors are the people in IRC who are selling and providing the services for you. There are certain ways you should speak to vendors otherwise they're going to rip you (remember this is the black market, this is just like going up to a random drug dealer in the street and not knowing what you really want or what you're getting into; you'll get ripped off). Ask as many questions as possible of what you want to know, if you're buying a CVV2 ask to see proof of their details working (get them to make a small purchase somewhere; they should show you a before and after and the limits that are there on the card (*there are methods out there of checking your balance; you can even get it through text/sms*). This is a market so remember there are more people that will be willing to buy from that vendor, it's open for all, you can get a full load of info including dumps for as low as $3/$5, drops usually go for $7; if someone is saying higher prices don't be afraid to haggle down to these prices or a little bit lower. COBs go for a little bit higher in ranges of $15-$20 because the vendor needs to get full info on someone and then change the billing address through the bank to where ever your drop is.

Ripping

Easy as hell to do, not much photoshop skills needed really either.

Lies (*Bullshit*) and say you're selling full info (you're getting the info from fakenamegenerator.com or any credit card gen program; of course they don't work), if they want to see proof just use your own legit CC or another stolen CC to buy something and show them proof of you buying it, except photoshop the details to that which you're going to be giving him later. Take payment through Western Union ONLY (since e-gold isn't around anymore), then just send him the fake info.

Not Actual*

Phishing for Change of billing

A billing address is the details used for a person's bank account and most often their credit cards and everything else too, this includes their phone number too.

What a change of billing (COB) is, in a nutshell changing the billing address registered to the card to your drop address you're gonna be using. When you want to card BIG at various online websites the orders will look more legit that you're not sending it elsewhere other than the one registered to the card (obviously after you've changed the billing address), meaning the delivery of your goods will be quicker and will require a lot less verification.

Most of the time you change the billing address over the phone but SOME banks will let you do it online; when you phone up to change it you use spoofcard.com or the pay as you go mobile phone you're going to be using when carding, or beige boxing Razz

When changing the billing address you need to know as much info as possible about the person's billing address you're changing, because the bank is going to ask you 3 security questions you set (such as mother's maiden name) before they change it.

You can phish for details over the phone (see the phishing over the phone section above), however, it's best to use keyloggers and phisher pages for this with a MIX of over the phone.

Use through phishing pages

2 methods here, 1 including over the phone, one isn't.

The method without the phone is to just send a ton of e-mails out to random people and send them an HTML e-mail telling them they need to update their information before the account is suspended or their account with the bank will be canceled, you have them go to a phisher page off the template and the phisher pages "requires" them to answer security questions like their mother's maiden name, their pet's name, you know those type of questions.

Another method is to call them up pretending to be the bank and saying there have been different IP ranges logging on their account and they need to confirm their details online, link them to the phisher page and have them fill in the details; have the phisher page redirect to the actual online bank's login page; then ask if they've done that over the phone, tell them to wait a minute while you confirm and check it all out, say it's all clear and tell them to log in, they'll think nothing of it and you now have the answers to their secret questions which you can give to the bank itself when you go to change the billing address.

Use through keylogging

You have a hardware (or software) keylogger set on someone's computer, use SOCK proxies when logging into their online bank account and then change their password, call them up pretending to be the bank and then get them to go to the actual online bank link and fill in their forgotten password options (answering secret questions) or of course get them to go to your phisher page and fill in the details (this is if you want to add more fields to get more info) then pretend to be checking it all over, then change their password again to some random letters and numbers and give it to them to log back in (it doesn't matter because they're keylogger and you'll get their new login if they change the password again anyway), you'll have all their info logged down too for you to answer your questions when you call the bank.

Best time to do all of this is around the 10th day of the month (people usually get their credit reports at the start of every month), this will give you plenty of time to card enough for the remaining days until they see they're not getting their reports coming to them anymore (if you're crafty you can pretend to have canceled the online bank account for them after they've given you the info you need to know; I used to do this method and keep it going without them knowing).

You need as much info as possible when calling up the bank to change the billing address. Drops and what you need to know about them.

What drop locations are and what they used for

Well, simply a drop location is an abandoned house or any house that is not under your name or any of your details. Basically, they are used in ways of keeping your nose clean and are used by most scam artists.