security forum
Vous souhaitez réagir à ce message ? Créez un compte en quelques clics ou connectez-vous pour continuer.
-29%
Le deal à ne pas rater :
DYSON V8 Origin – Aspirateur balai sans fil
269.99 € 379.99 €
Voir le deal

all about carding

Aller en bas

all about carding Empty all about carding

Message par Admin Mar 27 Aoû - 18:20

What I'm going to cover :


Online Carding
=> A quick overview of what online carding is
=> SOCKS and why we use them
=> Finding a cardable site and what cardable means
=> Carding "non cardable websites" with fake CC scans & other documents


Carding while on the job
=> Getting CC, CVV, CVV2 through use of mobiles
=> Skimming whilst on the job
=> Using carbonless receipts to get details (pretty outdated method)

Trashing
=> Trashing for receipts and credit reports (pretty outdated although still works)

Phishing over the phone
=> Phishing over the phone for details

Keylogging for CVV2s
=> Hardware keylogging

Carding Instore
=> What instore carding is (very brief)
=> How it's done
=> How to act and present yourself instore

Carding over the phone
=> Carding over the phone

IRC
=> Services provided in IRC
=> Advantages to using IRC for info
=> Disadvantages
=> How to find carding channels (Will not go too much into this as there are secrets between fellow carders which we like people interested enough to find out for themselves)
=> Vendors and how to approach them
=> How to rip in IRC (EVERY vendor, reliable or not has ripped some n00b who acted like they knew what they were doing)
::::WU BUG BULLSHIT and how to rip n00bs and gain more::::

Phishing for Change of billing
=> What COB is and why it's useful
=> Use through phishing pages
=> Use through keylogging

Drops and what you need to know about them
=> Drops and what you need to know about them



What carding is?
Carding summed up quickly is the act of obtaining someone's credit card information, from the CC#, CVV, CVV2, CVN, and the billing address, along with the expiry date and name of the person the card belongs to along with a signature.

Online Carding
Online carding is the purchasing of goods done over the internet with the CVV2. Now for you n00bies you're probably wondering what a CVV2 is, it's simply just the database of basic info for the card such as the card type (e.g. Mastercard) First and last name, address and post code, phone number of the card owner, the expiry date (and start date if it's a debit card or prepaid CC), the actual CC number and the CVC (card verification code, which is the 3 digits on the back of the card).

This is the format you usually get them in when you buy off IRC:
:::MC ::: Mr Nigerian Mugu ::: 1234567890123456 ::: 09|11 ::: 01/15 ::: 123 ::: 123 fake street, fakeville, ::: Fake City ::: DE24 TRH ::: 01234-567890 :::

SOCKS and why we use them
Now with ANY fraud at all you have to take precautions so you don't make it easy for anyone to catch you in your wrong doings. As usual I swear against TOR for carding/scammin because most nodes are blacklisted by websites and because TOR cycles through various different proxies; and even if you configure it to go straight through an exit node of your choice it's still not worth it. You can use JAP but make sure you're using some constant sock proxies from the same city, town or area that the card is from; also go wardriving and use a VPN (don't trust anyone off IRC with these, you'll have to do some searching around yourself for a highly trusted one and one which won't comply with LE).

You can get good SOCKS from anyproxy.net (people are selling accounts for the site in IRC all the time), that's the best place but even I ended up losing the account eventually (unknowingly I was sharing it with some Nigerian dude who became selfish).

So we use SOCKS because they stay constant. But don't let that get your guard down, you want FRESH proxies everytime you card.

Finding a cardable site and what cardable means
Basically a cardable site holds these characteristics and what you should be looking for to determine an easily "cardable" website:

=> The top one you need to look for on the site's TOS is that they send to any address and not just the one registered on the card (although you can easily get around this if they don't, with a COB, photoshopped verification (will go into detail later) or some social engineering over the phone).

=> The next important to look for is if they have a visa verification code or mastercard secure code (most of the time if you ask your vendor they'll include them in your CVV2 details textfile), if they do have one of these you have to put in and you don't have them then don't waste your time

=> If they ship internationally (for obvious reasons, but you can just stick to local websites and order to your local drop)
=> If they leave packages at the door when no one's in, or around the back in a safe area (I know of one site in the UK that has all these qualities including this one, it is perfect for carding clothes)

=> Also you can't forget to see what other security checks they need to do (if they need to call you up to verify or want a utility bill, passport or a scan of the actual CC)

It is hard to find websites online now that have most of these qualities, therefore we have to use COBs and photoshop to help us along the way, which is what I'll go into now.

Carding "non cardable websites" with fake CC scans and other fake documents. Okay so say you come across a site that will deliver to another house not registered on the card, but they want verificaton either through phone or scans of a utility bill, credit card or passport.

For this you'll want to get a pay as you go deal for a cheap shitty mobile all in fake details (say a nokia 3210, brick LMAO!), or you can use spoofcard.com to your advantage to help you. Hell if the person's details you're using is local to you and you're daring then go to their home and beige box from there; it'd be very convincing.

If they speak to you over the phone have all details in your mind about the item you're carding, have some bullshit story if you're having it sent to a diff address such as a family member's birthday and you need it there as quick as possible as it's a last minute thing, or some shit like that. If you're carding multiple sites at the same time it's easy to get them mixed up, so make sure who it is calling you 1st.

For CC scans and how to do them check the attachments at the end of this file, they explain so much better than I could. How you use them is once you've made them like the tuts have said to do, you then tilt them a little bit so it does actually look like a scan. To make it even more believable put some paper in the scanner (dark shade if you must), scan it and open in photoshop and then put the shopped CC scan of the front onto it and then do the same with the back, then send the scans to them via e-mail or post. Same goes for utility bills (can be got through trashing or your own, and then edited in PS).

Do not use the same designs when making your CC scans, otherwise it will become too obvious. To give you a head start on mastercards (what I recommend for n00bs to go for) I'm giving you a globe hologram image so you won't have to buy them in IRC; unfortunately all of my visa hologram pics are shit, but I'm working on getting a good one soon. 

Carding whilst on the job
Getting CC, CVV, CVV2 through use of mobiles.
Believe it or not giving your information out to anyone anywhere is not a wise choice, you can not trust anyone in this day and age. Yes there are carders working on the inside in places where there are a lot of people around flashing off their plastic cash and using them freely without a care in the world. The most common of places for a carder to work at are brand label clothing stores such as Limey's, Charlie Brown's and all the other trendy shops.

Ever noticed when yourself or someone else has paid at the desk with a debit card or credit card that they bring out a keypad from under the desk, then put your card into it and have the buyer input the pin? Think again when they take your credit card and go under the desk with it to get the keypad, they are doing more than just that; just because they're not taking the card and running off with it does not mean they're not stealing your information.

A friend of my dad used to card and work in a clothing store, he used to have a piece of play doh stuck under the desk and he used to press the card onto the piece of play doh, unfortunately he began doing it too much and because he'd gotten away with it so many times he became careless and got caught out by a co worker and from what I know he is still doing time. The moral is, be careful with the play doh method. 

The unfortunate thing is you can only get the full info of 2 cards at the max, and you don't know exactly if you're pressing over the info of another card already put on to the play doh. Also you can't get the CVC through this method, I was just giving a classic example from the olden days.

But there is a new wonderful invention called cameras, video recording, and mobile phones and they are even all working on the same thing. It's best to test it out 1st and have a camera on your phone that is at least over 2 megapixel and allows long enough video recording times. 

The phone is set to video record and on a lighting if needed, and taped underneath the desk for you to record both sides of the card for all the information you need, as well as being quick you can get a lot more than 2 on, depending on how long each recording lasts, you may need to start more than one recording.

You need good reason to be going under the desk to get the chip and pin machine, so make the desk look cluttered up and put shit in the way of everything, such as coat hangers and various other items; or you could just flat out bullshit the customer and say that the chip and pin machine on the desk isn't working so you need to get the other one, take their card and then go under searching the desk and quickly show it to the camera phone and then get the chip and pin machine and put the card in it and then hand to the customer to put in their pin as normal, unaware you have a CVV2 to later use when shopping online. 


Skimming whilst on the job
For skimming you'll want a mini portable MSR500M reader that can be fitted on your waistline belt or of course once again under the desk, if you're a cashier. But you'll also want a MSR206 writer if you plan on writing the tracks to an embossed CR-80 piece of plastic later (you can make these yourself but embossers are expensive and it's an expensive procedure, so wait a while until you do that yourself and buy them from IRC (be careful, people like to rip with plastics, or you'll get shit quality if you don't watch out).

If you plan to just sell the dumps on IRC then that's fine, but you'll still need the PIN as well, so if you're a waiter you can get a cheeky peek at them putting their pin into the chip and pin device while you keep hold of it slightly (have them put the pin in while they're sat down and you're standing up). It's much easier to skim in a restaurant rather than clothing retail, as you don't have to think it out and set it up as much. You can keep the MSR500M in your front pocket of the uniform you're wearing and pretend to be giving the card a clean on the sleeve (bullshit and say the device won't read it), while really you're giving it a swipe into your reader. This way the person doesn't even get suspicious because you don't take their card out of sight with them. I guess you could do that technique with clothing retail too when you get their card in your dirty little hands, but peeking for the PIN is harder or you'll have to have a friend shoulder surf for it (or if they're on the next register have them use a sony cyber shot c902 camera phone and pretend to have them talking on the phone while really they're recording the person next to them putting in their PIN; cybershots are really inconspicuous looking with their cameras and VERY clear [5mpixel]).

I'll go into detail what to do with the dumps you have later in the instore carding section.

Using carbonless receipts to get details (pretty outdated method)
If the store you work at hasn't gone carbonless on the transactions information then you can get most of the info from the receipt you get a copy of for yourself and note down the pin on this as well when/if you get it.

Trashing
Trashing for receipts and credit reports (pretty outdated although still works)
Ever heard the expression "Another man's trash is another man's gold"? That's exactly what this is. You'd be surprised how many people haven't heard of a paper shredder or bonfire. They just dump their financial records containing SSN's/NI, full name, address, bank, credit card number, CVV, CVV2 etc. All on forms people couldn't be bothered to dispose of properly because they thought they were JUST old records. Again carders wok on the inside again for when they want to do trashing, a lot of janitors wear rags but you'd be surprised how secretly rich most of them are (along with the other shit they steal from work as well). But also from this if there is not enough info for you on the forms then there is definitely the phone number of the mark on the form that they've scrapped; almost always, and if not then there is enough info on their to look them up in the phone directory. Then of course you use social engineering skills over the phone to get the extra info that you need. If you know of a store that is not carbonless, then go trashing in the bins at the back of the store for the receipts with the credit card details on it.

Phishing over the phone
Phishing over the phone for details
Ever had telemarketers ask for your credit card info over the phone? (this is if you haven't already hung up by just hearing a nigger or paki on the phone) chances are they're a carder. Believe it or not there are people actually stupid enough to fall for these obvious scams. Even more people fall for this if they believe that the caller is from the credit card company itself or part of the secret service or credit fraud investigations; the FBI, CIA and police have nothing at all to do with credit card fraud believe it or not. If you sound professional or part of an important group such as investigations then people are more likely to comply with you if they believe that their card has been used for credit fraud purposes and have to give their credit card info and billing address for verification. The best time to call up the mark is when they are at work as it'll take them by surprise and they'll be wanting to get it sorted asap so that they can get back to work. Also if it's "serious" then the secret service don't wait for you to finish work before they question you. Play along well to the part you're pretending to be. Some social engineering skills are required and you must gain the experience of lying to people yourself. Before calling up the person find out as much information about them as you can.

If you've stolen a CC from someone personally you can call them up pretending to be their bank and tell them there has been some suspicious charges made to the credit card from places such as South Africa, Nigeria, Turkey, Russia; places like that, get them to confirm their details (milk as much as you want out of them, ask them bullshit security questions such as their mother's maiden name, address, etc; you may as well, it'll make it easier to get a COB for you to use).

You can also get their PIN out of them if you want as well by either straight out asking them to confirm it, or be crafty and after you've told them to verify their PIN you're putting them through to a different department; then play some cheesy music down the phone for a few mins, have a female voice recording (use AV vocie changer) asking them to input their PIN on their dialpad (this won't be as suspicious); get these recorded so they can be decoded with DTMF decoding hardware/software later (although it's expensive). Guessing DTMF tones is pretty easy too, but you need to know what each tone sounds like, it's preferred to use decoding software to ensure you have it correct.

If you try hard enough you can get full info about anyone over the phone (I suggest using spoofcard for this).

Keylogging for CVV2s
Hardware keylogging
First of all it's best if you use hardware keyloggers here that you put into the keyboard of a computer belonging to an area where a lot of people are going online a lot and logging into e-mails, ebays, paypals etc, pretty much giving you enough info for you to go searching through if you get in their e-mails, or maybe you're lucky enough to get someone who is buying something online anyway. Get the keyloggers from here:
Code:
http://www.brickhousesecurity.com/co...keylogger.html
And come back within 2 days time or so and collect the keylogger after doing some browsing yourself (as to not look suspicious just coming in and then leaving a few seconds later). Or of course you could set one up in a business and do the classic call in and do some social engineering from the credit card company or secret service and have them go to the bank online and have them log in to verify, or maybe even have them log in to a fake bank online made by yourself that will collect anyone's info who logs in on it.

Carding Instore
Instore carding is the act of skimming a credit card and writing the dumps and track1+2 to a CR-80 piece of plastic and then either cashing out at the ATM or shopping for goods instore, as long as you have the PIN as well through whatever method you choose to use.

How it's done is through the use of thejerm software or any other magstripe utility software (thejerm is the best to use). And you do it like this:
Written by: Acetrace

1. Load up thejerms software
2. hit settings tab
3. hit "Defaults" in Leading Zeros box
4. hit "75 bpi" in Set Track 2 density box
5. go bak to actions
6. hit LoCo or HiCo in Coercivity box, depending on which you want to do
7. input your tracks 1 & 2 (without the % ; or ? symbols because the program already does it for you)
8. hit Write Card and swipe your card. (i usually do a read card afterwards to make sure everything went ok)
9. GO SHOPPING!!!

Download thejerm from here:
Code:
http://rapidshare.com/files/154030787/thejerm.rar.html
Now how you should act when you go carding instore is pretty much common sense, but some people get caught up in the moment with nerves, cockiness or just too much weird amounts of excitement.

Simple what you do, make sure you KNOW the PIN for the card you're using before you go, don't be stuck at the counter trying to remember it. If you're going to be carding expensive goods then dress smart for the occasion, wear brand named clothing (that you've previously carded ) or even a suit.

It would look suspicious someone with a hoodie going into a store and buying a Louis Vuitton watch, so walk in with style. When you go instore, you ACT like you are using your own card, because essentially that's what it is (well it is now anyway lol) no looking shifty and don't look at the fucking cameras; the cameras mean nothing anyway, they don't know your name or where you live, they're not being watched half of the time, so stop worrying about the fucking cameras; remember you're doing nothing wrong. 

When you go in, don't rush take your time, browse around some other items. Find the item you want to card and even ask the employee simple questions about it (if it's a TV or comp just ask questions about certain specs and if it's good for playing video games on). You'll be most nervous at the checkout, just act as normal as you always have been, don't make too much small talk but be polite and civil.

Once you have the good sin your hands don't bolt out the door, just say thank you and then casually walk out the door, get to your car and then celebrate all you want.
Admin
Admin
Admin

Messages : 15
Date d'inscription : 27/08/2013

https://2222.forumactif.com

Revenir en haut Aller en bas

Revenir en haut

- Sujets similaires

 
Permission de ce forum:
Vous ne pouvez pas répondre aux sujets dans ce forum