Carding The Self-Sufficient Carder: Your First Scamshop. Part 1
- Thread starter d0ctrine
- Start date
-
- Tags
- card harvesting carding checkout optimization conversion rate optimization credit card theft cybercrime techniques digital deception dropshipping scams e-commerce fraud exit-intent popups fake reviews mobile fraud online store cloning payment gateway vulnerabilities phishing techniques scamshop social proof manipulation ssl exploitation woocommerce exploits wordpress security
nice
?The Self-Sufficient Carder: Your First Scamshop Part 1 ?
Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:
? The Self-Sufficient Carder: Your first CC Sniffer ?
Now we're going to up the ante with scamshops.
Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.
View attachment 47139
We're splitting this guide into two parts:
Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.
By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.
What the Hell are Scamshops and Why Should You Care?
Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.
These sneaky little fucks come in two flavors:
Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.
Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!
Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:
1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.
Building Your Digital Honey Trap
Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:
?️ Running and Hardening Your Own Dedicated Server ?️
If you have, you're halfway there. If not, get over there and read it.
View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:
SSH into your serverInstall Apache, MySQL, and PHP (LAMP stack)Download and unzip WordPressCreate a MySQL database for WordPressConfigure wp-config.phpRun the WordPress installationInstall and activate WooCommerce plugin
Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:
Don't worry about how much the shit cost – you're a fucking carder, use your skills.
The Product
Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:
TikTok Popular Ads
View attachment 47141
Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:
Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:
Remember, you want as many visitors to hit that checkout button as possible.
Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.
Make Your Scamshop a Trust Beacon
View attachment 44751
Okay, let's talk about making your scamshop look so legit even your grandma would believe it.
First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.
Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.
Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.
Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.
Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.
With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.
The Checkout
Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.
Remember our CC sniffer guide? We're about to use that.
First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.
View attachment 44752
For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.
View attachment 47143
Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!
Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:
*** Hidden text: cannot be quoted. ***
For this demo we're using Webhook.site. Head over there and get yourself an endpoint:
View attachment 44755
This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.
Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.
Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.
Perfecting
Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.
First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for yourordercard details", the better.
Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.
Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.
Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.
Every little helps. Look legit, grab more cards. Go! ?
Conclusion
View attachment 44756
Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.
But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.
Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.
Until next time, happy phishing! d0ctrine out.
poiu123aA1
Carding Novice
- Joined
- 11.09.25
- Messages
- 4
- Reaction score
- 0
- Points
- 1
?The Self-Sufficient Carder: Your First Scamshop Part 1 ?
Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:
? The Self-Sufficient Carder: Your first CC Sniffer ?
Now we're going to up the ante with scamshops.
Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.
View attachment 47139
We're splitting this guide into two parts:
Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.
By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.
What the Hell are Scamshops and Why Should You Care?
Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.
These sneaky little fucks come in two flavors:
Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.
Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!
Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:
1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.
Building Your Digital Honey Trap
Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:
?️ Running and Hardening Your Own Dedicated Server ?️
If you have, you're halfway there. If not, get over there and read it.
View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:
SSH into your serverInstall Apache, MySQL, and PHP (LAMP stack)Download and unzip WordPressCreate a MySQL database for WordPressConfigure wp-config.phpRun the WordPress installationInstall and activate WooCommerce plugin
Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:
Don't worry about how much the shit cost – you're a fucking carder, use your skills.
The Product
Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:
TikTok Popular Ads
View attachment 47141
Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:
Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:
Remember, you want as many visitors to hit that checkout button as possible.
Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.
Make Your Scamshop a Trust Beacon
View attachment 44751
Okay, let's talk about making your scamshop look so legit even your grandma would believe it.
First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.
Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.
Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.
Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.
Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.
With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.
The Checkout
Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.
Remember our CC sniffer guide? We're about to use that.
First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.
View attachment 44752
For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.
View attachment 47143
Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!
Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:
*** Hidden text: cannot be quoted. ***
For this demo we're using Webhook.site. Head over there and get yourself an endpoint:
View attachment 44755
Este punto final es donde publicaremos los datos de nuestra tarjeta. Webhook.Site proporciona un panel que muestra todos los datos publicados en este punto final. Recuerde que este es solo un ejemplo; será nuestro panel por ahora.
Reemplaza la URL del archivo class-bravo-sender.php con tu nuevo endpoint. Instala el plugin en WordPress, actívalo y configúralo como procesador de pagos en WooCommerce.
Haz la prueba. Compra un artículo y finaliza la compra. Si todo salió bien, deberías ver los datos de la tarjeta en el panel de tu Webhook.site.
Perfeccionamiento
Ahora nuestro complemento para capturar tarjetas hará el trabajo pesado, pero debemos asegurarnos de que la gente realmente llegue a ese punto.
En primer lugar, el pago en una sola página es tu mejor aliado. Ya es compatible con CheckoutWC. Cuantos menos clics haya entre "Comprar ahora" y "Gracias por los datos de tutarjeta", mejor.
Recuerda, estamos en 2024, no en 1999. Que tu pago funcione sin problemas en el móvil o perderás dinero. Haz pruebas en todos los dispositivos que tengas a mano.
Un truco: ofrece varias opciones de pago: PayPal, Apple Pay, lo que sea popular. Claro que no funcionarán, pero le darán a tu sitio una apariencia de máxima fiabilidad. Además, te da más posibilidades de tener problemas técnicos accidentales que obliguen a la gente a usar tu opción para robar tarjetas.
Por último, las ventanas emergentes de intención de salida. Sí, son muy molestas, pero funcionan. Cuando alguien esté a punto de abandonar tu compra, ofrécele un descuento de último minuto o alguna tontería urgente. Plugins como los que mencioné ya son compatibles con esto. Te sorprendería la cantidad de gente que puedes atrapar con esta red.
Todo ayuda. Luce decente, consigue más tarjetas. ¡Vamos!
Conclusión
View attachment 44756
¡Bien hecho! Ya tienes tu primera tienda fraudulenta funcionando. Tienes una tienda con la apariencia adecuada, un producto que se propagará como una plaga y un proceso de compra que estafará a las masas incautas.
Pero no empieces a contar tu dinero todavía. Esto es solo el comienzo de tu aventura en el engaño digital. En la segunda parte, profundizaremos en las técnicas para conseguir más tarjetas y hablaremos sobre cómo promocionar tu tienda de estafas sin llamar la atención de los estafadores.
Recuerda, un gran poder conlleva una gran responsabilidad... no te dejes atrapar. Mantén la calma y el anonimato.
¡Hasta la próxima, feliz phishing! d0ctrine fuera.
poiu123aA1
Carding Novice
- Joined
- 11.09.25
- Messages
- 4
- Reaction score
- 0
- Points
- 1
?The Self-Sufficient Carder: Your First Scamshop Part 1 ?
Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:
? The Self-Sufficient Carder: Your first CC Sniffer ?
Now we're going to up the ante with scamshops.
Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.
View attachment 47139
We're splitting this guide into two parts:
Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.
By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.
What the Hell are Scamshops and Why Should You Care?
Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.
These sneaky little fucks come in two flavors:
Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.
Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!
Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:
1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.
Building Your Digital Honey Trap
Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:
?️ Running and Hardening Your Own Dedicated Server ?️
If you have, you're halfway there. If not, get over there and read it.
View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:
SSH into your serverInstall Apache, MySQL, and PHP (LAMP stack)Download and unzip WordPressCreate a MySQL database for WordPressConfigure wp-config.phpRun the WordPress installationInstall and activate WooCommerce plugin
Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:
Don't worry about how much the shit cost – you're a fucking carder, use your skills.
The Product
Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:
TikTok Popular Ads
View attachment 47141
Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:
Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:
Remember, you want as many visitors to hit that checkout button as possible.
Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.
Make Your Scamshop a Trust Beacon
View attachment 44751
Okay, let's talk about making your scamshop look so legit even your grandma would believe it.
First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.
Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.
Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.
Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.
Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.
With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.
The Checkout
Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.
Remember our CC sniffer guide? We're about to use that.
First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.
View attachment 44752
For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.
View attachment 47143
Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!
Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:
*** Hidden text: cannot be quoted. ***
For this demo we're using Webhook.site. Head over there and get yourself an endpoint:
View attachment 44755
Este punto final es donde publicaremos los datos de nuestra tarjeta. Webhook.Site proporciona un panel que muestra todos los datos publicados en este punto final. Recuerde que este es solo un ejemplo; será nuestro panel por ahora.
Reemplaza la URL del archivo class-bravo-sender.php con tu nuevo endpoint. Instala el plugin en WordPress, actívalo y configúralo como procesador de pagos en WooCommerce.
Haz la prueba. Compra un artículo y finaliza la compra. Si todo salió bien, deberías ver los datos de la tarjeta en el panel de tu Webhook.site.
Perfeccionamiento
Ahora nuestro complemento para capturar tarjetas hará el trabajo pesado, pero debemos asegurarnos de que la gente realmente llegue a ese punto.
En primer lugar, el pago en una sola página es tu mejor aliado. Ya es compatible con CheckoutWC. Cuantos menos clics haya entre "Comprar ahora" y "Gracias por los datos de tutarjeta", mejor.
Recuerda, estamos en 2024, no en 1999. Que tu pago funcione sin problemas en el móvil o perderás dinero. Haz pruebas en todos los dispositivos que tengas a mano.
Un truco: ofrece varias opciones de pago: PayPal, Apple Pay, lo que sea popular. Claro que no funcionarán, pero le darán a tu sitio una apariencia de máxima fiabilidad. Además, te da más posibilidades de tener problemas técnicos accidentales que obliguen a la gente a usar tu opción para robar tarjetas.
Por último, las ventanas emergentes de intención de salida. Sí, son muy molestas, pero funcionan. Cuando alguien esté a punto de abandonar tu compra, ofrécele un descuento de último minuto o alguna tontería urgente. Plugins como los que mencioné ya son compatibles con esto. Te sorprendería la cantidad de gente que puedes atrapar con esta red.
Todo ayuda. Luce decente, consigue más tarjetas. ¡Vamos!
Conclusión
View attachment 44756
¡Bien hecho! Ya tienes tu primera tienda fraudulenta funcionando. Tienes una tienda con la apariencia adecuada, un producto que se propagará como una plaga y un proceso de compra que estafará a las masas incautas.
Pero no empieces a contar tu dinero todavía. Esto es solo el comienzo de tu aventura en el engaño digital. En la segunda parte, profundizaremos en las técnicas para conseguir más tarjetas y hablaremos sobre cómo promocionar tu tienda de estafas sin llamar la atención de los estafadores.
Recuerda, un gran poder conlleva una gran responsabilidad... no te dejes atrapar. Mantén la calma y el anonimato.
¡Hasta la próxima, feliz phishing! d0ctrine fuera.
poiu123aA1
Carding Novice
- Joined
- 11.09.25
- Messages
- 4
- Reaction score
- 0
- Points
- 1
tyyyyyyyyy
lancrou356
Active Carder
- Joined
- 21.03.24
- Messages
- 88
- Reaction score
- 12
- Points
- 8
bro is godd
?The Self-Sufficient Carder: Your First Scamshop Part 1 ?
Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:
? The Self-Sufficient Carder: Your first CC Sniffer ?
Now we're going to up the ante with scamshops.
Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.
View attachment 47139
We're splitting this guide into two parts:
Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.
By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.
What the Hell are Scamshops and Why Should You Care?
Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.
These sneaky little fucks come in two flavors:
Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.
Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!
Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:
1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.
Building Your Digital Honey Trap
Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:
?️ Running and Hardening Your Own Dedicated Server ?️
If you have, you're halfway there. If not, get over there and read it.
View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:
SSH into your serverInstall Apache, MySQL, and PHP (LAMP stack)Download and unzip WordPressCreate a MySQL database for WordPressConfigure wp-config.phpRun the WordPress installationInstall and activate WooCommerce plugin
Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:
Don't worry about how much the shit cost – you're a fucking carder, use your skills.
The Product
Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:
TikTok Popular Ads
View attachment 47141
Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:
Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:
Remember, you want as many visitors to hit that checkout button as possible.
Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.
Make Your Scamshop a Trust Beacon
View attachment 44751
Okay, let's talk about making your scamshop look so legit even your grandma would believe it.
First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.
Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.
Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.
Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.
Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.
With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.
The Checkout
Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.
Remember our CC sniffer guide? We're about to use that.
First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.
View attachment 44752
For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.
View attachment 47143
Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!
Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:
*** Hidden text: cannot be quoted. ***
For this demo we're using Webhook.site. Head over there and get yourself an endpoint:
View attachment 44755
This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.
Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.
Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.
Perfecting
Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.
First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for yourordercard details", the better.
Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.
Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.
Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.
Every little helps. Look legit, grab more cards. Go! ?
Conclusion
View attachment 44756
Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.
But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.
Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.
Until next time, happy phishing! d0ctrine out.
Faith16437
Active Carder
- Joined
- 18.05.25
- Messages
- 41
- Reaction score
- 4
- Points
- 8
w
?The Self-Sufficient Carder: Your First Scamshop Part 1 ?
Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:
? The Self-Sufficient Carder: Your first CC Sniffer ?
Now we're going to up the ante with scamshops.
Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.
View attachment 47139
We're splitting this guide into two parts:
Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.
By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.
What the Hell are Scamshops and Why Should You Care?
Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.
These sneaky little fucks come in two flavors:
Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.
Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!
Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:
1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.
Building Your Digital Honey Trap
Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:
?️ Running and Hardening Your Own Dedicated Server ?️
If you have, you're halfway there. If not, get over there and read it.
View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:
SSH into your serverInstall Apache, MySQL, and PHP (LAMP stack)Download and unzip WordPressCreate a MySQL database for WordPressConfigure wp-config.phpRun the WordPress installationInstall and activate WooCommerce plugin
Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:
Don't worry about how much the shit cost – you're a fucking carder, use your skills.
The Product
Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:
TikTok Popular Ads
View attachment 47141
Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:
Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:
Remember, you want as many visitors to hit that checkout button as possible.
Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.
Make Your Scamshop a Trust Beacon
View attachment 44751
Okay, let's talk about making your scamshop look so legit even your grandma would believe it.
First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.
Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.
Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.
Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.
Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.
With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.
The Checkout
Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.
Remember our CC sniffer guide? We're about to use that.
First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.
View attachment 44752
For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.
View attachment 47143
Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!
Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:
*** Hidden text: cannot be quoted. ***
For this demo we're using Webhook.site. Head over there and get yourself an endpoint:
View attachment 44755
This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.
Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.
Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.
Perfecting
Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.
First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for yourordercard details", the better.
Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.
Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.
Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.
Every little helps. Look legit, grab more cards. Go! ?
Conclusion
View attachment 44756
Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.
But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.
Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.
Until next time, happy phishing! d0ctrine out.
Gafflerunn3r
Premium
- Joined
- 29.11.25
- Messages
- 21
- Reaction score
- 1
- Points
- 3
May
May I have the numbers on the back of the card lol !
?The Self-Sufficient Carder: Your First Scamshop Part 1 ?
Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:
? The Self-Sufficient Carder: Your first CC Sniffer ?
Now we're going to up the ante with scamshops.
Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.
View attachment 47139
We're splitting this guide into two parts:
Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.
By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.
What the Hell are Scamshops and Why Should You Care?
Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.
These sneaky little fucks come in two flavors:
Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.
Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!
Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:
1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.
Building Your Digital Honey Trap
Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:
?️ Running and Hardening Your Own Dedicated Server ?️
If you have, you're halfway there. If not, get over there and read it.
View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:
SSH into your serverInstall Apache, MySQL, and PHP (LAMP stack)Download and unzip WordPressCreate a MySQL database for WordPressConfigure wp-config.phpRun the WordPress installationInstall and activate WooCommerce plugin
Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:
Don't worry about how much the shit cost – you're a fucking carder, use your skills.
The Product
Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:
TikTok Popular Ads
View attachment 47141
Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:
Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:
Remember, you want as many visitors to hit that checkout button as possible.
Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.
Make Your Scamshop a Trust Beacon
View attachment 44751
Okay, let's talk about making your scamshop look so legit even your grandma would believe it.
First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.
Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.
Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.
Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.
Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.
With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.
The Checkout
Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.
Remember our CC sniffer guide? We're about to use that.
First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.
View attachment 44752
For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.
View attachment 47143
Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!
Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:
*** Hidden text: cannot be quoted. ***
For this demo we're using Webhook.site. Head over there and get yourself an endpoint:
View attachment 44755
This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.
Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.
Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.
Perfecting
Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.
First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for yourordercard details", the better.
Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.
Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.
Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.
Every little helps. Look legit, grab more cards. Go! ?
Conclusion
View attachment 44756
Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.
But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.
Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.
Until next time, happy phishing! d0ctrine out.
克od
?The Self-Sufficient Carder: Your First Scamshop Part 1 ?
Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:
? The Self-Sufficient Carder: Your first CC Sniffer ?
Now we're going to up the ante with scamshops.
Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.
View attachment 47139
We're splitting this guide into two parts:
Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.
By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.
What the Hell are Scamshops and Why Should You Care?
Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.
These sneaky little fucks come in two flavors:
Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.
Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!
Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:
1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.
Building Your Digital Honey Trap
Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:
?️ Running and Hardening Your Own Dedicated Server ?️
If you have, you're halfway there. If not, get over there and read it.
View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:
SSH into your serverInstall Apache, MySQL, and PHP (LAMP stack)Download and unzip WordPressCreate a MySQL database for WordPressConfigure wp-config.phpRun the WordPress installationInstall and activate WooCommerce plugin
Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:
Don't worry about how much the shit cost – you're a fucking carder, use your skills.
The Product
Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:
TikTok Popular Ads
View attachment 47141
Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:
Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:
Remember, you want as many visitors to hit that checkout button as possible.
Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.
Make Your Scamshop a Trust Beacon
View attachment 44751
Okay, let's talk about making your scamshop look so legit even your grandma would believe it.
First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.
Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.
Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.
Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.
Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.
With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.
The Checkout
Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.
Remember our CC sniffer guide? We're about to use that.
First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.
View attachment 44752
For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.
View attachment 47143
Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!
Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:
*** Hidden text: cannot be quoted. ***
For this demo we're using Webhook.site. Head over there and get yourself an endpoint:
View attachment 44755
我们将通过此接口提交银行卡信息。Webhook.Site提供了一个面板,其中列出了提交到此接口的所有数据。请注意,这只是一个演示面板,目前我们将使用此面板。
将 class-bravo-sender.php 文件中的 URL 替换为您的新端点。将该插件添加到 WordPress,激活它,并将其设置为 WooCommerce 中的支付处理器。
请进行测试。购买一件商品并结账。如果一切操作正确,您应该能在 Webhook.site 面板中看到银行卡信息。
完善
现在我们的卡片抓取插件将完成大部分工作,但我们需要确保人们真的能达到那个阶段。
首先,单页结账是你的新宠。CheckoutWC 已经支持单页结账。从“立即购买”到“感谢您提供订单卡信息”之间的点击次数越少越好。
记住,现在是2024年,不是1999年。你的结账流程在移动设备上必须流畅运行,否则你就是在白白损失金钱。务必在所有你能找到的设备上测试一下。
这里有个小窍门:提供一大堆支付选项。PayPal、Apple Pay,随便什么流行的都行。当然,这些选项实际上都用不了,但这会让你的网站看起来无比正规。而且,这还能让你有更多机会“意外”出现技术问题,迫使人们使用你的盗刷卡选项。
最后,还有退出意图弹窗。没错,它们烦人得要命,但确实有效。当有人准备放弃结账时,用最后一刻折扣或者一些紧迫感之类的东西来吸引他们。像我列出的那些插件已经支持这个功能了。你会惊讶于用这种方法能吸引多少人。
积少成多。看起来靠谱点,多拿点卡。加油!?
结论
View attachment 44756
干得好,你的第一家诈骗店已经开张运营了。你的店铺看起来很正规,产品会像瘟疫一样蔓延,结账流程也会坑害那些毫无防备的顾客。
但别急着数钱。这仅仅是你数字诈骗之旅的开始。在第二部分,我们将深入探讨如何获取更多信用卡信息,以及如何在不引起警方注意的情况下推广你的诈骗商店。
记住,能力越大,责任越大……就是别被抓到。保持警惕,保持匿名。
下次再见,祝你钓鱼愉快!d0ctrine 告退。
克ood
?The Self-Sufficient Carder: Your First Scamshop Part 1 ?
Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:
? The Self-Sufficient Carder: Your first CC Sniffer ?
Now we're going to up the ante with scamshops.
Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.
View attachment 47139
We're splitting this guide into two parts:
Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.
By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.
What the Hell are Scamshops and Why Should You Care?
Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.
These sneaky little fucks come in two flavors:
Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.
Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!
Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:
1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.
Building Your Digital Honey Trap
Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:
?️ Running and Hardening Your Own Dedicated Server ?️
If you have, you're halfway there. If not, get over there and read it.
View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:
SSH into your serverInstall Apache, MySQL, and PHP (LAMP stack)Download and unzip WordPressCreate a MySQL database for WordPressConfigure wp-config.phpRun the WordPress installationInstall and activate WooCommerce plugin
Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:
Don't worry about how much the shit cost – you're a fucking carder, use your skills.
The Product
Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:
TikTok Popular Ads
View attachment 47141
Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:
Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:
Remember, you want as many visitors to hit that checkout button as possible.
Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.
Make Your Scamshop a Trust Beacon
View attachment 44751
Okay, let's talk about making your scamshop look so legit even your grandma would believe it.
首先,说说评论。你不能光写一百遍“史上最佳产品!”就完事了。不行,你需要多样化的评论。弄个评论生成器插件,尽情发挥吧。穿插一些四星好评,甚至可以加一两个三星评价。拜托,让评论看起来可信点。
现在,说说社会认同。人们就像绵羊一样,总是随波逐流。在你的网站上放一些虚假的社交媒体动态,炫耀一下那些假粉丝,让你看起来像是你卖的那些乱七八糟的东西里下一个爆款。
有一件事你绝对不能省:SSL。就是地址栏里那个小小的挂锁图标,它能让人安心地输入银行卡信息。用Let's Encrypt吧——免费又正规。别找借口了。
别忘了那些枯燥乏味的东西。隐私政策、服务条款——我知道,这是个钓鱼网站,但必须看起来像真的。用生成器随便写点法律条文就行了。反正也没人会看这些废话,但必须得放上去。
最后,编造一个关于你“公司”的故事。创建一个“关于我们”页面,让莎士比亚看了都会落泪。用人工智能生成一些虚假的团队成员简介和照片。用真实俊男靓女的照片,你这个十足的白痴。
你的诈骗网站看起来既正规又专业,现在就到了最精彩的部分:结账流程,真正的魔法就在这里发生。让我们来看看如何把你的垃圾网站变成一个信用卡收割机。
结账
现在你的诈骗商店看起来不错,是时候设置赚钱的关键部分:结账系统。这是整个流程中最重要的一环。
还记得我们的CC 嗅探器指南吗?我们马上就要用到它了。
第一条经验法则:不要把偷来的 CVV 码和你的网店信息放在同一个服务器上。如果你的主机商发现你的非法活动并终止服务,你会比雪人掉进地狱还快地失去一切。
View attachment 44752
我们的结账系统使用的是公开的CheckoutWC。因为它外观与 Shopify 相似,所以能为您的信用卡信息收集商店增添一层额外的合法性。更高的信任度意味着更高的转化率,而更高的转化率意味着我们可以获得更多的信用卡信息。
View attachment 47143
图片:CheckoutWC 的结账页面示例,看起来很像 Shopify!
现在,精彩的部分来了。我编写了一个插件,可以作为信用卡信息转发器,将这些 CVV 码转发到你指定的端点。我以前卖这个插件几百美元,但现在就当是我送给你们的退休礼物吧,孩子们,点击这里下载:
***隐藏文本:无法引用。***
本次演示我们使用Webhook.site。请访问该网站并获取一个端点:
View attachment 44755
我们将通过此接口提交银行卡信息。Webhook.Site提供了一个面板,其中列出了提交到此接口的所有数据。请注意,这只是一个演示面板,目前我们将使用此面板。
将 class-bravo-sender.php 文件中的 URL 替换为您的新端点。将该插件添加到 WordPress,激活它,并将其设置为 WooCommerce 中的支付处理器。
请进行测试。购买一件商品并结账。如果一切操作正确,您应该能在 Webhook.site 面板中看到银行卡信息。
完善
现在我们的卡片抓取插件将完成大部分工作,但我们需要确保人们真的能达到那个阶段。
首先,单页结账是你的新宠。CheckoutWC 已经支持单页结账。从“立即购买”到“感谢您提供订单卡信息”之间的点击次数越少越好。
记住,现在是2024年,不是1999年。你的结账流程在移动设备上必须流畅运行,否则你就是在白白损失金钱。务必在所有你能找到的设备上测试一下。
这里有个小窍门:提供一大堆支付选项。PayPal、Apple Pay,随便什么流行的都行。当然,这些选项实际上都用不了,但这会让你的网站看起来无比正规。而且,这还能让你有更多机会“意外”出现技术问题,迫使人们使用你的盗刷卡选项。
最后,还有退出意图弹窗。没错,它们烦人得要命,但确实有效。当有人准备放弃结账时,用最后一刻折扣或者一些紧迫感之类的东西来吸引他们。像我列出的那些插件已经支持这个功能了。你会惊讶于用这种方法能吸引多少人。
积少成多。看起来靠谱点,多拿点卡。加油!?
结论
View attachment 44756
干得好,你的第一家诈骗店已经开张运营了。你的店铺看起来很正规,产品会像瘟疫一样蔓延,结账流程也会坑害那些毫无防备的顾客。
但别急着数钱。这仅仅是你数字诈骗之旅的开始。在第二部分,我们将深入探讨如何获取更多信用卡信息,以及如何在不引起警方注意的情况下推广你的诈骗商店。
记住,能力越大,责任越大……就是别被抓到。保持警惕,保持匿名。
下次再见,祝你钓鱼愉快!d0ctrine 告退。
good
?The Self-Sufficient Carder: Your First Scamshop Part 1 ?
Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:
? The Self-Sufficient Carder: Your first CC Sniffer ?
Now we're going to up the ante with scamshops.
Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.
View attachment 47139
We're splitting this guide into two parts:
Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.
By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.
What the Hell are Scamshops and Why Should You Care?
Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.
These sneaky little fucks come in two flavors:
Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.
Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!
Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:
1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. 更高的成功率:虽然嗅探仍然是获取真实信用卡信息的最佳方式,因为能保证信用卡的有效性,但诈骗商店已经远远超过了传统的网络钓鱼活动。为什么呢?因为大多数受害者甚至没有意识到自己已经把信用卡交给了你,直到你用这些信用卡购买了你心仪已久的最新款情趣用品。
打造你的数字美人计
搭建诈骗网店并不难,但确实需要一些技巧。首先,你需要一个坚实的基础。如果你已经阅读过我关于搭建服务器的指南,可以在这里找到:
如何运行和加固您自己的专用服务器?
如果你已经读过了,那就成功了一半。如果没有,赶紧去读读吧。
View attachment 44750
服务器启动运行后,就可以开始搭建你的诈骗网店了。我们选择WordPress和WooCommerce,因为它们简单易用且广受欢迎。以下是快速简易的搭建步骤:
通过 SSH 连接到您的服务器安装 Apache、MySQL 和 PHP(LAMP 架构)下载并解压缩 WordPress为 WordPress 创建 MySQL 数据库配置 wp-config.php运行 WordPress 安装程序安装并激活 WooCommerce 插件
现在你的店铺基本搭建完成了,是时候让它看起来更美观了。从以下网站下载一些优质主题:
优雅主题
别担心这玩意儿花了多少钱——你可是个盗刷身份证的高手,发挥你的技能吧。
产品
接下来:找到你的爆款产品。你需要的是一款能在社交媒体上爆红的产品。点击以下链接寻找灵感:
TikTok热门广告
View attachment 47141
找到心仪的产品后,在速卖通或阿里巴巴上找到它。复制他们的图片,然后将该产品添加到你的 WooCommerce 商店。如果你想创建一个包含多个产品的完整商店,可以使用:
现在是时候好好打磨一下你的数字产品了。撰写引人入胜的产品描述——如果你只会写一年级水平的文章,那就用人工智能吧。安装一些提升转化率的插件,例如:
奥普廷利亚多里克
记住,你要尽可能让更多的访客点击结账按钮。
说到定价,既然你实际上并没有卖什么东西,你可以随意打折,但别太过分。100% 的折扣会让人觉得“骗局”,引起怀疑。保持合理——30% 到 50% 的折扣。你想要的是让顾客垂涎三尺,而不是疑神疑鬼。
让你的诈骗商店成为信任灯塔
View attachment 44751
好,我们来聊聊如何让你的诈骗商店看起来如此正规,连你奶奶都会相信。
首先,说说评论。你不能光写一百遍“史上最佳产品!”就完事了。不行,你需要多样化的评论。弄个评论生成器插件,尽情发挥吧。穿插一些四星好评,甚至可以加一两个三星评价。拜托,让评论看起来可信点。
现在,说说社会认同。人们就像绵羊一样,总是随波逐流。在你的网站上放一些虚假的社交媒体动态,炫耀一下那些假粉丝,让你看起来像是你卖的那些乱七八糟的东西里下一个爆款。
有一件事你绝对不能省:SSL。就是地址栏里那个小小的挂锁图标,它能让人安心地输入银行卡信息。用Let's Encrypt吧——免费又正规。别找借口了。
别忘了那些枯燥乏味的东西。隐私政策、服务条款——我知道,这是个钓鱼网站,但必须看起来像真的。用生成器随便写点法律条文就行了。反正也没人会看这些废话,但必须得放上去。
最后,编造一个关于你“公司”的故事。创建一个“关于我们”页面,让莎士比亚看了都会落泪。用人工智能生成一些虚假的团队成员简介和照片。用真实俊男靓女的照片,你这个十足的白痴。
你的诈骗网站看起来既正规又专业,现在就到了最精彩的部分:结账流程,真正的魔法就在这里发生。让我们来看看如何把你的垃圾网站变成一个信用卡收割机。
结账
现在你的诈骗商店看起来不错,是时候设置赚钱的关键部分:结账系统。这是整个流程中最重要的一环。
还记得我们的CC 嗅探器指南吗?我们马上就要用到它了。
第一条经验法则:不要把偷来的 CVV 码和你的网店信息放在同一个服务器上。如果你的主机商发现你的非法活动并终止服务,你会比雪人掉进地狱还快地失去一切。
View attachment 44752
我们的结账系统使用的是公开的CheckoutWC。因为它外观与 Shopify 相似,所以能为您的信用卡信息收集商店增添一层额外的合法性。更高的信任度意味着更高的转化率,而更高的转化率意味着我们可以获得更多的信用卡信息。
View attachment 47143
图片:CheckoutWC 的结账页面示例,看起来很像 Shopify!
现在,精彩的部分来了。我编写了一个插件,可以作为信用卡信息转发器,将这些 CVV 码转发到你指定的端点。我以前卖这个插件几百美元,但现在就当是我送给你们的退休礼物吧,孩子们,点击这里下载:
***隐藏文本:无法引用。***
本次演示我们使用Webhook.site。请访问该网站并获取一个端点:
View attachment 44755
我们将通过此接口提交银行卡信息。Webhook.Site提供了一个面板,其中列出了提交到此接口的所有数据。请注意,这只是一个演示面板,目前我们将使用此面板。
将 class-bravo-sender.php 文件中的 URL 替换为您的新端点。将该插件添加到 WordPress,激活它,并将其设置为 WooCommerce 中的支付处理器。
请进行测试。购买一件商品并结账。如果一切操作正确,您应该能在 Webhook.site 面板中看到银行卡信息。
完善
现在我们的卡片抓取插件将完成大部分工作,但我们需要确保人们真的能达到那个阶段。
首先,单页结账是你的新宠。CheckoutWC 已经支持单页结账。从“立即购买”到“感谢您提供订单卡信息”之间的点击次数越少越好。
记住,现在是2024年,不是1999年。你的结账流程在移动设备上必须流畅运行,否则你就是在白白损失金钱。务必在所有你能找到的设备上测试一下。
这里有个小窍门:提供一大堆支付选项。PayPal、Apple Pay,随便什么流行的都行。当然,这些选项实际上都用不了,但这会让你的网站看起来无比正规。而且,这还能让你有更多机会“意外”出现技术问题,迫使人们使用你的盗刷卡选项。
最后,还有退出意图弹窗。没错,它们烦人得要命,但确实有效。当有人准备放弃结账时,用最后一刻折扣或者一些紧迫感之类的东西来吸引他们。像我列出的那些插件已经支持这个功能了。你会惊讶于用这种方法能吸引多少人。
积少成多。看起来靠谱点,多拿点卡。加油!?
结论
View attachment 44756
干得好,你的第一家诈骗店已经开张运营了。你的店铺看起来很正规,产品会像瘟疫一样蔓延,结账流程也会坑害那些毫无防备的顾客。
但别急着数钱。这仅仅是你数字诈骗之旅的开始。在第二部分,我们将深入探讨如何获取更多信用卡信息,以及如何在不引起警方注意的情况下推广你的诈骗商店。
记住,能力越大,责任越大……就是别被抓到。保持警惕,保持匿名。
下次再见,祝你钓鱼愉快!d0ctrine 告退。
MegaBean0Mean
Carding Novice
- Joined
- 31.12.25
- Messages
- 7
- Reaction score
- 0
- Points
- 1
H
Hoping to see more of your work in 2026 doc! thank you for all that you do.
?The Self-Sufficient Carder: Your First Scamshop Part 1 ?
Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:
? The Self-Sufficient Carder: Your first CC Sniffer ?
Now we're going to up the ante with scamshops.
Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.
View attachment 47139
We're splitting this guide into two parts:
Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.
By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.
What the Hell are Scamshops and Why Should You Care?
Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.
These sneaky little fucks come in two flavors:
Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.
Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!
Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:
1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.
Building Your Digital Honey Trap
Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:
?️ Running and Hardening Your Own Dedicated Server ?️
If you have, you're halfway there. If not, get over there and read it.
View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:
SSH into your serverInstall Apache, MySQL, and PHP (LAMP stack)Download and unzip WordPressCreate a MySQL database for WordPressConfigure wp-config.phpRun the WordPress installationInstall and activate WooCommerce plugin
Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:
Don't worry about how much the shit cost – you're a fucking carder, use your skills.
The Product
Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:
TikTok Popular Ads
View attachment 47141
Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:
Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:
Remember, you want as many visitors to hit that checkout button as possible.
Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.
Make Your Scamshop a Trust Beacon
View attachment 44751
Okay, let's talk about making your scamshop look so legit even your grandma would believe it.
First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.
Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.
Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.
Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.
Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.
With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.
The Checkout
Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.
Remember our CC sniffer guide? We're about to use that.
First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.
View attachment 44752
For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.
View attachment 47143
Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!
Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:
*** Hidden text: cannot be quoted. ***
For this demo we're using Webhook.site. Head over there and get yourself an endpoint:
View attachment 44755
This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.
Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.
Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.
Perfecting
Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.
First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for yourordercard details", the better.
Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.
Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.
Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.
Every little helps. Look legit, grab more cards. Go! ?
Conclusion
View attachment 44756
Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.
But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.
Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.
Until next time, happy phishing! d0ctrine out.
z
?The Self-Sufficient Carder: Your First Scamshop Part 1 ?
Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:
? The Self-Sufficient Carder: Your first CC Sniffer ?
Now we're going to up the ante with scamshops.
Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.
View attachment 47139
We're splitting this guide into two parts:
Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.
By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.
What the Hell are Scamshops and Why Should You Care?
Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.
These sneaky little fucks come in two flavors:
Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.
Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!
Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:
1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.
Building Your Digital Honey Trap
Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:
?️ Running and Hardening Your Own Dedicated Server ?️
If you have, you're halfway there. If not, get over there and read it.
View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:
SSH into your serverInstall Apache, MySQL, and PHP (LAMP stack)Download and unzip WordPressCreate a MySQL database for WordPressConfigure wp-config.phpRun the WordPress installationInstall and activate WooCommerce plugin
Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:
Don't worry about how much the shit cost – you're a fucking carder, use your skills.
The Product
Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:
TikTok Popular Ads
View attachment 47141
Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:
Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:
Remember, you want as many visitors to hit that checkout button as possible.
Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.
Make Your Scamshop a Trust Beacon
View attachment 44751
Okay, let's talk about making your scamshop look so legit even your grandma would believe it.
First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.
Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.
Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.
Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.
Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.
With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.
The Checkout
Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.
Remember our CC sniffer guide? We're about to use that.
First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.
View attachment 44752
For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.
View attachment 47143
Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!
Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:
*** Hidden text: cannot be quoted. ***
For this demo we're using Webhook.site. Head over there and get yourself an endpoint:
View attachment 44755
This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.
Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.
Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.
Perfecting
Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.
First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for yourordercard details", the better.
Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.
Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.
Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.
Every little helps. Look legit, grab more cards. Go! ?
Conclusion
View attachment 44756
Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.
But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.
Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.
Until next time, happy phishing! d0ctrine out.s
