- Joined
- 26.12.23
- Messages
- 148
- Reaction score
- 917
- Points
- 93
LCD: Live Carding Demo - Farfetch.com
Welcome back, you beautiful degenerates! Today we're going into the world of luxury fashion with Farfetch.com. This isn't your run-of-the-mill carding target but with the right approach you might just score yourself some overpriced threads.
Why Farfetch?
Farfetch is a big player in the luxury fashion ecmmerce game. They ship worldwide and offer a wide variety of highend brands. Their security is no joke but that's what makes it fun right? What matters most for Farfetch is your overall profile. They're looking at everything from your IP to your browsing patterns.
What you'll need:
- Fresh US/UK cards (preferably with a history of luxury purchases)
- Clean residential proxies (matching the card's country/possibly the state/city of the cardholder)
- A solid antidetect browser
- Patience (Farfetch can take time to process orders)
- A good backstory (you're a luxury shopper, act like one)
- Email spamming tool (crucial for our advanced technique)
Popping open our reverse proxy, we can see that Farfetch uses Riskified for fraud prevention. This means they're looking at your entire user journey, not just the payment info. They use machine learning to spot patterns that don't match typical luxury shoppers.
Here's what we found in our recon:
- They track mouse movements and typing patterns
- They look at your browsing history on the site
- They cross-reference your data with other luxury retailers
- They use 3D Secure selectively if your fraud score hits a certain threshold
- Riskified heavily favors email addresses in their risk assessment
- Farfetch doesn't validate email addresses during checkout
Now, pay attention because this is where things get juicy. We're about to exploit a major weakness in Farfetch's security setup.
Here's the deal:
Farfetch uses Riskified for fraud prevention, and Riskified puts a lot of weight on email addresses. They're looking for established email histories, especially ones with previous purchases on Riskified-protected sites.
And here's the kicker - Farfetch doesn't actually validate the email address you use at checkout.
So, what does this mean for us?
We can use the cardholder's actual email address when we place the order. This leverages any existing trust that email has with Riskified, dramatically increasing our chances of success.
But wait there's more! To make sure the cardholder doesn't see the order confirmation, we're going to hit that email with a spam attack right after we place the order.
This buries the confirmation email in a sea of spam, keeping our operation under the radar.
Here's how it goes down:
- Use the cardholder's email at checkout
- Place the order
- Immediately unleash your email spamming tool on that address
- Profit while the confirmation email gets lost in the noise
This technique is especially powerful if the cardholder has made legitimate purchases on any Riskified-protected site before. You're essentially piggybacking on their established trust. It's like walking through the VIP entrance while wearing someone else's face.
Remember, timing is crucial here. You want to start the email spam attack immediately after placing the order.
Don't give that confirmation email a chance to be seen or the holder might call Farfetch or try to sign in to the account itself!
Step-by-Step:
Set up your environment (proxy, antidetect, etc.)
If you're doing a big purchase ($2000+) create an account and let it age for a few days if possible, or buy an aged account
Browse the site like a rich person would - view multiple items, use the wishlist
Choose your items. Mix high and low-value stuff, but keep it believable
Go to checkout. Use the account you created, not guest checkout
Enter address carefully. No copy-paste, and make it match the card's country
For our method: Use the cardholder's actual email address
Enter card details slowly, like you're double-checking a big purchase
Submit order
Immediately after submitting, unleash your email spamming tool on the cardholder's email
Exclusive Video Demo:
{VIDEO RENDERING ISSUES ILL UPLOAD THE VIDEO LATER!}
The Farfetch Process (Flow Chart):
Place order
Riskified analyzes your entire session, if it's too high you get 3DS
If approved, payment is processed
Manual review may occur for high-risk orders
Shipping only after all checks pass
Key Points:
- Account history matters. Create and 'warm' the accounts before attempting to card
- Don't rush. Luxury shoppers take their time
- Avoid next-day delivery. It's a red flag for fraud systems
- Mix up your cart. Don't just go for the most expensive items
- If an order gets cancelled, don't try again immediately.
- Using the cardholder's email is a game-changer. It leverages their existing purchase history with Riskified.
- Use your proxy to browse luxury sites adjacent to Farfetch (like Herman Preston, etc, sites that uses Farfetch as their backend) before carding. It builds a "rich person" profile
- If possible, make a small legit purchase first to build account history
- Research the brands you're buying. Be ready to chat with customer service like you know your stuff
- Use social engineering if your order gets flagged. Call as the "cardholder" to confirm the purchase
- Email bombing technique: This is our secret weapon. By using the cardholder's email and then spamming it, we're leveraging their existing trust with Riskified while hiding the confirmation email. If they've made legit purchases on any Riskified-protected site before, you're golden
- Order cancelled immediately: Your card's probably burned. Cool off and try a different one later
- Order under review: Stay cool. This is normal for high-value purchases. Be ready to verify via email or call.
- 3D Secure pops up: Your fraud score's too high. Try again with a different card.
- Order ships: Congrats, I haven't had an issue with Farfetch asking courier to cancel shipment (as they are not the one who handles shipping but their partners) so you're free to order again once an item ships
- Never use the same setup twice during cancellations and 3DS. Rotate everything
- Don't get cocky and order to the same drop repeatedly
- Remember, Farfetch caters to rich folks. Your whole online persona should scream "I wipe my ass with hundred-dollar bills"
- When using the cardholder's email, make sure your email bombing is thorough. You don't want them seeing that order confirmation
Farfetch is a bit of a tough nut to crack but that's what makes it fun. A great carder takes their time learns the patterns and is always ready to adapt. Remember, in the world of luxury carding, patience and attention to detail are your best friends. And with the email trick I told you about, you might just hit the success more often than not.
Next time, we might take on an even bigger fish. Stay tuned, and keep those cards warm!
Last edited:
.
