This guide will cover as to how financially motivated individuals convert and exploit stolen data into monetary gains. More specifically, this guide will be more-so focused on credit card fraud and bank account take overs ( or any kind of money-holding account, such as coinbase or paypal ), while highlighting the very basics of how these kind of fraudulent activities theoretically work in 2022 along with the outcome in reality.
In principle, the whole idea of credit card fraud and bank account take-overs are incredibly easy. It can, more or less, be broken down into four steps.
1. Obtain credit card or bank account information. There's three primary ways this can be done.
Purchasing dumps of CC info off the dark net is often the most common method utilized, especially those that are more-so inclined towards CVV carding, which is carding/credit card fraud for online only. Granted, it's not like you can hop onto any darknet market and buy some CC dumps on World Market and expect to suddenly be a fraudster. That's how you get scammed. People that do this method have to spend a significant amount of time scouring for a vendor that's legitimate, and setting up a deal with that vendor so that they don't get selectively scammed in the future. That said, the usual investment you can expect for these is $20-$30 in Monero for CC dumps, and at least $100+ in Monero for bank account logins. There are some offered for less, and while some are certainly legitimate, the amount of them that are scans isn't even worth trying to gamble and find a legit one.
The second method is how many of the dumps are obtained in the aforementioned method, phishing. Either through the emulation of a website's login, such as Paypal's, the login data is then saved on whatever designated server it has. There are of course a lot more other methods, some of which may utilize form grabber bots, a combination of emulating a website that re-directs to the scammer so they can obtain further information and the list can go on and on. Does this method require you to be a master coder? No, not really. You can buy bots like these off of both dark net and private clear net markets for anywhere from $6.00 to $80.00 per bot. Said bots usually store separate user fingerprints per browser, logins and any associated cookies and most importantly, will continue to funnel whatever logins and info it can manage to parse after your purchase. That said, most major markets that focus on these kinds of bots have anywhere upwards of 250,000 of them, all of varying quality. So just like above, a given individual still needs to do their research.
And of course, the method that most people think of when it comes to collecting info for credit card fraud, skimming. Skimming involves solely two things needing to be accomplished. The carder must physically be present, and the carder must have some kind of system in order to regularly obtain credit card info. A waiter at a restaurant for example can easily accomplish this. By holding an MSR206 lightweight portable card reader on their belt, and either tossing on a keypad logger onto one of the keypads for a table or being able to position themselves well off to see the PIN inputted, that waiter has all the credit card info they need. You could even extend this to somebody simply sitting in their car, connected to the local Starbuck's WiFi, watching over an ATM that they put a bluetooth skimmer and a bluetooth keypad logger that transmits the data to the P.C. Does it always have to be this high-tech? Of course not, you could use playdoh to record the card, all that matters is getting the info. Get creative.
In general, the thing to highlight is even the first step requires a significant amount of investment, both financially and time. It's often recommended by many experienced fraudsters, which there's a plethora of communities on various .onion forums by the way, to set aside a week or two, figure out what the fuck you need to do, get all the necessary items you need for the method of carding you want to do and set a goal for yourself. Any character needs a damn good reason to jump into carding as opposed to other forms of income, whether it be a part-time job or exposure to easier to get into, equally as profitable illegal activities such as theft or drug dealing.
2. Actually setting up the digital aspects of it.
Unfortunately, it is no longer 2013, when an individual could simply punch in somebody's credit card info into Amazon or eBay and get something shipped to their drop point in seconds. Financial services employ 2FA, geo-location, MAC address verification, browser identification and generally anything that falls under the umbrella of someone's digital fingerprint.
Now you may ask, how do I even bypass that whole slough of bullshit and make money?
One way of course, is to not. This doesn't mean to just engage in virtual fraud without any protection, this simply means taking the virtual aspect out of it. Cloning cards isn't really that hard, to anybody that does physical cash-outs with cards, the only real worry they have is their composure. Getting a card writer, a blank set of cards and some software that isn't dated as hell, you can quite easily have your own free credit card.
The answer in regards to virtual aspects of setting up security is a bit trickier. The "fundamentals" needed are as goes:
-A VPN. Not any big name ones like Nord VPN or ExpressVPN and shit like that, something like Mullvad VPN is the kind of security you'd need.
-A SOCKS5 client. What is SOCKS5? It's basically a proxy, all a client is good for is finding an IP that has a low fraud score and is from the same zip code and city that your would-be victim is from. This isn't just for security, this is outright necessary to even access the card or account.
-CCleaner if using a modified version of Firefox that helps with keeping your identity hidden, or a specialized browser like the ones provided by Genesis markets.
-A Virtual machine. Set it to the same timezone as your target, change its MAC address to the target of your victim and don't be a dumbass.
Sounds fun right? And this is only for non-big name sites. For big name sites like Amazon or Steam, you'll probably need an RDP, which is a pain in the ass to set up. And since this is a beginner's guide after all, we can skip over that.
Along with this, while not necessarily "digital" per se, it's often recommended to have the following items.
-A burner laptop. Or two. Always useful, and it's a lot better of an idea than using your own personal PC.
-Two prepaid smart phones. Androids are usually the phone of choice for this, especially since if you root the phone, you open yourself up to the world of mobile carding. The main reason most people get burner phones for carding however, is to help with 2FA/ 2 Factor Authentication.
3. Logging in.
It's not that hard, just log into the account with the info you required after doing the necessary set-up above. Anybody can do it.
Just either connect to your neighbor's WiFi if you can, or head out to the mall or starbucks or any commercial venue that offers free WiFi.
4. Actually setting up the digital aspects of it.
This is, unfortunately, the hardest part. You might have the card, and you might have total control over the account, but if you can't transfer those funds to your account, then it's worthless. Most cards and accounts place limits on your transfers and transactions as well, with some being upwards of $2,500 and some being a measly $30. You're basically taking a stab in the dark here each time.
Generally, most individuals either set themselves up with a two man system. One person gets the CC info, the carder, and orders expensive items to an agreed dead drop, and the other person, the mule, picks up the items and flips them. The profit is then shared 50/50 the majority of the time. You can find dozens of legitimate offers like these via telegram within fifteen minutes. It's not that hard. Or, that same two man system has the carder clone the card, and has the mule go out and test the card. Sometimes, some individuals are competent and daring enough to do both tasks as a single person. It varies.
There is of course the alternative method of transferring it through multiple different accounts, converting it to Monero, or some equally as hard to trace cryptocurrency, and then funneling it through a few other wallets until putting it in your own Monero( or whatever cryptocurrency someone decided on ) wallet and sitting on it for some time. This is significantly harder than above. You need multiple synthetic ID's and a few virtual cards to even attempt to pull this off. The only reason why people do such in the first place is because they straight up do not need to leave their home or whatever area they're leeching off of somebody's WiFi with.
And that's basically the gist of modern day credit card fraud, if not a bit unorganized. Hopefully this helps serve other's RP along with updating the general idea of such fraud, as most information you can find around is from 2001-2007 and 2014-2017.