Carding Real Phishing Story by Scarface Chapter 1: The “K-Pop Craze” Phishing Scheme + 3 Free Scam Letters

[Jeffery333]

th

 

[rax4code]

View attachment 55023
Some Potential targets lol don't worry thweir bf will refund them just work brother​

Setting: The vibrant worlds of K-Pop and J-Pop fandoms, where social media is a crucial communication tool for millions of fans.

Incident Overview: In early 2024, a mass phishing attack targeted K-Pop and J-Pop fans through Instagram, exploiting the popularity of idols and music events. Dubbed "The K-Pop Conspiracy," the attack compromised numerous fan accounts and led to significant financial losses.

Technical Details: The attackers developed a multi-layered approach that included targeted ads, and mass DM. They created an elaborate scheme involving fake contests where participants were promised exclusive merchandise, concert tickets, and meet-and-greet opportunities.

Tactics Used:​

1. Targeted Phishing Campaigns: Using data analytics tools, the attackers identified active fan accounts with high engagement rates. They crafted messages that included exclusive offers, enticing fans to click on links. For example, If Kpop singer Momo's fans are the targets, Mass dm related to a Momo special event will be sent to them. There are services to help hackers send targeted mass dms.
2. Browser Exploits: The phishing site was designed to exploit vulnerabilities in popular web browsers, allowing the attackers to install malware that could capture keystrokes and extract saved passwords typically a stealer/rat.
3. Credential Stuffing: Once they obtained a list of compromised credentials, the attackers employed credential stuffing attacks on other platforms, taking advantage of users who reused passwords.

To gain the target's trust they have 3 types of Scam Letters:

Scam Letter 1: Fan Club Verification Format​

---

Message:
*** Hidden text: cannot be quoted. ***

​

Scam Letter 2: Contest Winner Notification​

---

Message:

*** Hidden text: cannot be quoted. ***​

​

*** Hidden text: cannot be quoted. ***

​

Scam Letter 3: New Album Pre-Sale Alert​

---

Message:​

​

*** Hidden text: cannot be quoted. ***

​

Impact:​

The K-Pop Conspiracy resulted in the compromise of over 400,000 accounts, leading to estimated losses of around $20 million. Many fans found their accounts drained or used for unauthorized purchases of merchandise. The psychological impact on fans, who felt betrayed by their idols, led to widespread outrage on social media.

Aftermath: In response to the crisis, K-Pop and J-Pop agencies worked closely with cybersecurity firms to educate their fanbases on online security. I

Nice idea

 

[rax4code]

View attachment 55023
Some Potential targets lol don't worry thweir bf will refund them just work brother​

Setting: The vibrant worlds of K-Pop and J-Pop fandoms, where social media is a crucial communication tool for millions of fans.

Incident Overview: In early 2024, a mass phishing attack targeted K-Pop and J-Pop fans through Instagram, exploiting the popularity of idols and music events. Dubbed "The K-Pop Conspiracy," the attack compromised numerous fan accounts and led to significant financial losses.

Technical Details: The attackers developed a multi-layered approach that included targeted ads, and mass DM. They created an elaborate scheme involving fake contests where participants were promised exclusive merchandise, concert tickets, and meet-and-greet opportunities.

Tactics Used:​

1. Targeted Phishing Campaigns: Using data analytics tools, the attackers identified active fan accounts with high engagement rates. They crafted messages that included exclusive offers, enticing fans to click on links. For example, If Kpop singer Momo's fans are the targets, Mass dm related to a Momo special event will be sent to them. There are services to help hackers send targeted mass dms.
2. Browser Exploits: The phishing site was designed to exploit vulnerabilities in popular web browsers, allowing the attackers to install malware that could capture keystrokes and extract saved passwords typically a stealer/rat.
3. Credential Stuffing: Once they obtained a list of compromised credentials, the attackers employed credential stuffing attacks on other platforms, taking advantage of users who reused passwords.

To gain the target's trust they have 3 types of Scam Letters:

Scam Letter 1: Fan Club Verification Format​

---

Message:
*** Hidden text: cannot be quoted. ***

​

Scam Letter 2: Contest Winner Notification​

---

Message:

*** Hidden text: cannot be quoted. ***​

​

*** Hidden text: cannot be quoted. ***

​

Scam Letter 3: New Album Pre-Sale Alert​

---

Message:​

​

*** Hidden text: cannot be quoted. ***

​

Impact:​

The K-Pop Conspiracy resulted in the compromise of over 400,000 accounts, leading to estimated losses of around $20 million. Many fans found their accounts drained or used for unauthorized purchases of merchandise. The psychological impact on fans, who felt betrayed by their idols, led to widespread outrage on social media.

Aftermath: In response to the crisis, K-Pop and J-Pop agencies worked closely with cybersecurity firms to educate their fanbases on online security. I

Cool

 

[unknown45]

View attachment 55023
Some Potential targets lol don't worry thweir bf will refund them just work brother​

Setting: The vibrant worlds of K-Pop and J-Pop fandoms, where social media is a crucial communication tool for millions of fans.

Incident Overview: In early 2024, a mass phishing attack targeted K-Pop and J-Pop fans through Instagram, exploiting the popularity of idols and music events. Dubbed "The K-Pop Conspiracy," the attack compromised numerous fan accounts and led to significant financial losses.

Technical Details: The attackers developed a multi-layered approach that included targeted ads, and mass DM. They created an elaborate scheme involving fake contests where participants were promised exclusive merchandise, concert tickets, and meet-and-greet opportunities.

Tactics Used:​

1. Targeted Phishing Campaigns: Using data analytics tools, the attackers identified active fan accounts with high engagement rates. They crafted messages that included exclusive offers, enticing fans to click on links. For example, If Kpop singer Momo's fans are the targets, Mass dm related to a Momo special event will be sent to them. There are services to help hackers send targeted mass dms.
2. Browser Exploits: The phishing site was designed to exploit vulnerabilities in popular web browsers, allowing the attackers to install malware that could capture keystrokes and extract saved passwords typically a stealer/rat.
3. Credential Stuffing: Once they obtained a list of compromised credentials, the attackers employed credential stuffing attacks on other platforms, taking advantage of users who reused passwords.

To gain the target's trust they have 3 types of Scam Letters:

Scam Letter 1: Fan Club Verification Format​

---

Message:
*** Hidden text: cannot be quoted. ***

​

Scam Letter 2: Contest Winner Notification​

---

Message:

*** Hidden text: cannot be quoted. ***​

​

*** Hidden text: cannot be quoted. ***

​

Scam Letter 3: New Album Pre-Sale Alert​

---

Message:​

​

*** Hidden text: cannot be quoted. ***

​

Impact:​

The K-Pop Conspiracy resulted in the compromise of over 400,000 accounts, leading to estimated losses of around $20 million. Many fans found their accounts drained or used for unauthorized purchases of merchandise. The psychological impact on fans, who felt betrayed by their idols, led to widespread outrage on social media.

Aftermath: In response to the crisis, K-Pop and J-Pop agencies worked closely with cybersecurity firms to educate their fanbases on online security. I

Interesting

 

[innominate]

View attachment 55023
잠재적인 타겟이 몇 명 있어요. 걱정하지 마세요. 남자친구가 환불해 줄 테니까요. 그냥 일하세요.​

배경: 수백만 명의 팬에게 소셜 미디어가 중요한 의사소통 도구인 K-Pop과 J-Pop 팬덤의 활기찬 세계.

사건 개요: 2024년 초, 인스타그램을 통해 K팝과 J팝 팬들을 대상으로 한 대규모 피싱 공격이 발생했습니다. 아이돌과 음악 행사의 인기를 악용한 것입니다. "K팝 음모론"으로 불리는 이 공격은 수많은 팬 계정을 감염시켰고, 막대한 재정적 손실을 초래했습니다.

기술적 세부 정보: 공격자들은 표적 광고 와 대량 DM을 포함한 다층적인 접근 방식을 개발했습니다. 참가자들에게 특별 상품, 콘서트 티켓, 그리고 팬미팅 기회를 약속하는 가짜 콘테스트를 포함한 정교한 수법을 고안했습니다.

사용된 전술:​

1. 타겟 피싱 캠페인 : 공격자는 데이터 분석 도구를 사용하여 참여율이 높은 활성 팬 계정을 파악했습니다. 독점 혜택이 포함된 메시지를 작성하여 팬들이 링크를 클릭하도록 유도했습니다. 예를 들어, K팝 가수 모모의 팬이 타겟이라면 모모의 특별 이벤트와 관련된 대량 DM이 전송됩니다. 해커가 타겟을 정하고 대량 DM을 보낼 수 있도록 지원하는 서비스가 있습니다 .
2. 브라우저 악용: 피싱 사이트는 널리 사용되는 웹 브라우저의 취약점을 악용하도록 설계되었으며, 공격자는 키 입력을 캡처하고 저장된 비밀번호를 추출할 수 있는 맬웨어를 설치합니다. 이는 일반적으로 도둑/쥐가 사용합니다.
3. 자격 증명 채우기: 공격자는 손상된 자격 증명 목록을 얻은 후 다른 플랫폼에 자격 증명 채우기 공격을 실시하여 비밀번호를 재사용하는 사용자를 이용했습니다.

타겟의 신뢰를 얻기 위해 그들은 3가지 유형의 사기 편지를 사용합니다.

사기 편지 1: 팬클럽 확인 양식​

---

메시지:
*** 숨겨진 텍스트: 인용할 수 없습니다. ***

​

사기 편지 2: 콘테스트 우승자 알림​

---

메시지:

*** 숨겨진 텍스트: 인용할 수 없습니다. ***​

​

*** 숨겨진 텍스트: 인용할 수 없습니다. ***

​

사기 편지 3: 새 앨범 사전 판매 알림​

---

메시지:​

​

*** 숨겨진 텍스트: 인용할 수 없습니다. ***

​

영향:​

K팝 음모론으로 40만 개 이상의 계정이 유출되어 약 2천만 달러(한화 약 2,000억 원)의 피해가 발생했습니다. 많은 팬들이 계정이 유출되거나 무단으로 상품을 구매하는 데 이용되는 것을 목격했습니다. 아이돌에게 배신감을 느낀 팬들의 심리적 충격은 소셜 미디어에서 광범위한 분노로 이어졌습니다.

여파: 위기에 대응하여 K팝과 J팝 기획사는 사이버 보안 회사와 긴밀히 협력하여 팬들에게 온라인 보안 교육을 실시했습니다.

lol

 

[Metatron]

Interesting

View attachment 55023
Some Potential targets lol don't worry thweir bf will refund them just work brother​

Setting: The vibrant worlds of K-Pop and J-Pop fandoms, where social media is a crucial communication tool for millions of fans.

Incident Overview: In early 2024, a mass phishing attack targeted K-Pop and J-Pop fans through Instagram, exploiting the popularity of idols and music events. Dubbed "The K-Pop Conspiracy," the attack compromised numerous fan accounts and led to significant financial losses.

Technical Details: The attackers developed a multi-layered approach that included targeted ads, and mass DM. They created an elaborate scheme involving fake contests where participants were promised exclusive merchandise, concert tickets, and meet-and-greet opportunities.

Tactics Used:​

1. Targeted Phishing Campaigns: Using data analytics tools, the attackers identified active fan accounts with high engagement rates. They crafted messages that included exclusive offers, enticing fans to click on links. For example, If Kpop singer Momo's fans are the targets, Mass dm related to a Momo special event will be sent to them. There are services to help hackers send targeted mass dms.
2. Browser Exploits: The phishing site was designed to exploit vulnerabilities in popular web browsers, allowing the attackers to install malware that could capture keystrokes and extract saved passwords typically a stealer/rat.
3. Credential Stuffing: Once they obtained a list of compromised credentials, the attackers employed credential stuffing attacks on other platforms, taking advantage of users who reused passwords.

To gain the target's trust they have 3 types of Scam Letters:

Scam Letter 1: Fan Club Verification Format​

---

Message:
*** Hidden text: cannot be quoted. ***

​

Scam Letter 2: Contest Winner Notification​

---

Message:

*** Hidden text: cannot be quoted. ***​

​

*** Hidden text: cannot be quoted. ***

​

Scam Letter 3: New Album Pre-Sale Alert​

---

Message:​

​

*** Hidden text: cannot be quoted. ***

​

Impact:​

The K-Pop Conspiracy resulted in the compromise of over 400,000 accounts, leading to estimated losses of around $20 million. Many fans found their accounts drained or used for unauthorized purchases of merchandise. The psychological impact on fans, who felt betrayed by their idols, led to widespread outrage on social media.

Aftermath: In response to the crisis, K-Pop and J-Pop agencies worked closely with cybersecurity firms to educate their fanbases on online security. I

Interesting

 

[3c495e4be5c0]

View attachment 55023
Some Potential targets lol don't worry thweir bf will refund them just work brother​

Setting: The vibrant worlds of K-Pop and J-Pop fandoms, where social media is a crucial communication tool for millions of fans.

Incident Overview: In early 2024, a mass phishing attack targeted K-Pop and J-Pop fans through Instagram, exploiting the popularity of idols and music events. Dubbed "The K-Pop Conspiracy," the attack compromised numerous fan accounts and led to significant financial losses.

Technical Details: The attackers developed a multi-layered approach that included targeted ads, and mass DM. They created an elaborate scheme involving fake contests where participants were promised exclusive merchandise, concert tickets, and meet-and-greet opportunities.

Tactics Used:​

1. Targeted Phishing Campaigns: Using data analytics tools, the attackers identified active fan accounts with high engagement rates. They crafted messages that included exclusive offers, enticing fans to click on links. For example, If Kpop singer Momo's fans are the targets, Mass dm related to a Momo special event will be sent to them. There are services to help hackers send targeted mass dms.
2. Browser Exploits: The phishing site was designed to exploit vulnerabilities in popular web browsers, allowing the attackers to install malware that could capture keystrokes and extract saved passwords typically a stealer/rat.
3. Credential Stuffing: Once they obtained a list of compromised credentials, the attackers employed credential stuffing attacks on other platforms, taking advantage of users who reused passwords.

To gain the target's trust they have 3 types of Scam Letters:

Scam Letter 1: Fan Club Verification Format​

---

Message:
*** Hidden text: cannot be quoted. ***

​

Scam Letter 2: Contest Winner Notification​

---

Message:

*** Hidden text: cannot be quoted. ***​

​

*** Hidden text: cannot be quoted. ***

​

Scam Letter 3: New Album Pre-Sale Alert​

---

Message:​

​

*** Hidden text: cannot be quoted. ***

​

Impact:​

The K-Pop Conspiracy resulted in the compromise of over 400,000 accounts, leading to estimated losses of around $20 million. Many fans found their accounts drained or used for unauthorized purchases of merchandise. The psychological impact on fans, who felt betrayed by their idols, led to widespread outrage on social media.

Aftermath: In response to the crisis, K-Pop and J-Pop agencies worked closely with cybersecurity firms to educate their fanbases on online security. I

.

 

[miaohaha233]

cool

 

[Beandaddy415]

View attachment 55023
Some Potential targets lol don't worry thweir bf will refund them just work brother​

Setting: The vibrant worlds of K-Pop and J-Pop fandoms, where social media is a crucial communication tool for millions of fans.

Incident Overview: In early 2024, a mass phishing attack targeted K-Pop and J-Pop fans through Instagram, exploiting the popularity of idols and music events. Dubbed "The K-Pop Conspiracy," the attack compromised numerous fan accounts and led to significant financial losses.

Technical Details: The attackers developed a multi-layered approach that included targeted ads, and mass DM. They created an elaborate scheme involving fake contests where participants were promised exclusive merchandise, concert tickets, and meet-and-greet opportunities.

Tactics Used:​

1. Targeted Phishing Campaigns: Using data analytics tools, the attackers identified active fan accounts with high engagement rates. They crafted messages that included exclusive offers, enticing fans to click on links. For example, If Kpop singer Momo's fans are the targets, Mass dm related to a Momo special event will be sent to them. There are services to help hackers send targeted mass dms.
2. Browser Exploits: The phishing site was designed to exploit vulnerabilities in popular web browsers, allowing the attackers to install malware that could capture keystrokes and extract saved passwords typically a stealer/rat.
3. Credential Stuffing: Once they obtained a list of compromised credentials, the attackers employed credential stuffing attacks on other platforms, taking advantage of users who reused passwords.

To gain the target's trust they have 3 types of Scam Letters:

Scam Letter 1: Fan Club Verification Format​

---

Message:
*** Hidden text: cannot be quoted. ***

​

Scam Letter 2: Contest Winner Notification​

---

Message:

*** Hidden text: cannot be quoted. ***​

​

*** Hidden text: cannot be quoted. ***

​

Scam Letter 3: New Album Pre-Sale Alert​

---

Message:​

​

*** Hidden text: cannot be quoted. ***

​

Impact:​

The K-Pop Conspiracy resulted in the compromise of over 400,000 accounts, leading to estimated losses of around $20 million. Many fans found their accounts drained or used for unauthorized purchases of merchandise. The psychological impact on fans, who felt betrayed by their idols, led to widespread outrage on social media.

Aftermath: In response to the crisis, K-Pop and J-Pop agencies worked closely with cybersecurity firms to educate their fanbases on online security. I

View attachment 55023
Some Potential targets lol don't worry thweir bf will refund them just work brother​

Setting: The vibrant worlds of K-Pop and J-Pop fandoms, where social media is a crucial communication tool for millions of fans.

Incident Overview: In early 2024, a mass phishing attack targeted K-Pop and J-Pop fans through Instagram, exploiting the popularity of idols and music events. Dubbed "The K-Pop Conspiracy," the attack compromised numerous fan accounts and led to significant financial losses.

Technical Details: The attackers developed a multi-layered approach that included targeted ads, and mass DM. They created an elaborate scheme involving fake contests where participants were promised exclusive merchandise, concert tickets, and meet-and-greet opportunities.

Tactics Used:​

1. Targeted Phishing Campaigns: Using data analytics tools, the attackers identified active fan accounts with high engagement rates. They crafted messages that included exclusive offers, enticing fans to click on links. For example, If Kpop singer Momo's fans are the targets, Mass dm related to a Momo special event will be sent to them. There are services to help hackers send targeted mass dms.
2. Browser Exploits: The phishing site was designed to exploit vulnerabilities in popular web browsers, allowing the attackers to install malware that could capture keystrokes and extract saved passwords typically a stealer/rat.
3. Credential Stuffing: Once they obtained a list of compromised credentials, the attackers employed credential stuffing attacks on other platforms, taking advantage of users who reused passwords.

To gain the target's trust they have 3 types of Scam Letters:

Scam Letter 1: Fan Club Verification Format​

---

Message:
*** Hidden text: cannot be quoted. ***

​

Scam Letter 2: Contest Winner Notification​

---

Message:

*** Hidden text: cannot be quoted. ***​

​

*** Hidden text: cannot be quoted. ***

​

Scam Letter 3: New Album Pre-Sale Alert​

---

Message:​

​

*** Hidden text: cannot be quoted. ***

​

Impact:​

The K-Pop Conspiracy resulted in the compromise of over 400,000 accounts, leading to estimated losses of around $20 million. Many fans found their accounts drained or used for unauthorized purchases of merchandise. The psychological impact on fans, who felt betrayed by their idols, led to widespread outrage on social media.

Aftermath: In response to the crisis, K-Pop and J-Pop agencies worked closely with cybersecurity firms to educate their fanbases on online security. I

Nice

 

[darkniss]

great

 

[xiaofunny]

 

[printz]

克ood

 

[oreo3030]

good stuff

 

[r1dnman888]

nice

 

[moneyman1000]

View attachment 55023
Some Potential targets lol don't worry thweir bf will refund them just work brother​

Setting: The vibrant worlds of K-Pop and J-Pop fandoms, where social media is a crucial communication tool for millions of fans.

Incident Overview: In early 2024, a mass phishing attack targeted K-Pop and J-Pop fans through Instagram, exploiting the popularity of idols and music events. Dubbed "The K-Pop Conspiracy," the attack compromised numerous fan accounts and led to significant financial losses.

Technical Details: The attackers developed a multi-layered approach that included targeted ads, and mass DM. They created an elaborate scheme involving fake contests where participants were promised exclusive merchandise, concert tickets, and meet-and-greet opportunities.

Tactics Used:​

1. Targeted Phishing Campaigns: Using data analytics tools, the attackers identified active fan accounts with high engagement rates. They crafted messages that included exclusive offers, enticing fans to click on links. For example, If Kpop singer Momo's fans are the targets, Mass dm related to a Momo special event will be sent to them. There are services to help hackers send targeted mass dms.
2. Browser Exploits: The phishing site was designed to exploit vulnerabilities in popular web browsers, allowing the attackers to install malware that could capture keystrokes and extract saved passwords typically a stealer/rat.
3. Credential Stuffing: Once they obtained a list of compromised credentials, the attackers employed credential stuffing attacks on other platforms, taking advantage of users who reused passwords.

To gain the target's trust they have 3 types of Scam Letters:

Scam Letter 1: Fan Club Verification Format​

---

Message:
*** Hidden text: cannot be quoted. ***

​

Scam Letter 2: Contest Winner Notification​

---

Message:

*** Hidden text: cannot be quoted. ***​

​

*** Hidden text: cannot be quoted. ***

​

Scam Letter 3: New Album Pre-Sale Alert​

---

Message:​

​

*** Hidden text: cannot be quoted. ***

​

Impact:​

The K-Pop Conspiracy resulted in the compromise of over 400,000 accounts, leading to estimated losses of around $20 million. Many fans found their accounts drained or used for unauthorized purchases of merchandise. The psychological impact on fans, who felt betrayed by their idols, led to widespread outrage on social media.

Aftermath: In response to the crisis, K-Pop and J-Pop agencies worked closely with cybersecurity firms to educate their fanbases on online security. I

Thanks

 

[yzzh176]

r看看

 

[COSMOS]

Funny shit!