samualgreyting

Carding Novice
Joined
16.05.24
Messages
8
Reaction score
0
Points
3

💳The Self-Sufficient Carder: Your First Scamshop Part 1 💳



Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:

💳 The Self-Sufficient Carder: Your first CC Sniffer 💳

Now we're going to up the ante with scamshops.



Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.


View attachment 47139

We're splitting this guide into two parts:

Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.

By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.



What the Hell are Scamshops and Why Should You Care?

Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.

These sneaky little fucks come in two flavors:

Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.




Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!

Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:

1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.



Building Your Digital Honey Trap

Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:

🗄️ Running and Hardening Your Own Dedicated Server 🗄️

If you have, you're halfway there. If not, get over there and read it.


View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:

SSH into your server
Install Apache, MySQL, and PHP (LAMP stack)
Download and unzip WordPress
Create a MySQL database for WordPress
Configure wp-config.php
Run the WordPress installation
Install and activate WooCommerce plugin

Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:


Don't worry about how much the shit cost – you're a fucking carder, use your skills.


The Product

Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:

TikTok Popular Ads


View attachment 47141

Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:




Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:


Remember, you want as many visitors to hit that checkout button as possible.

Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.



Make Your Scamshop a Trust Beacon

View attachment 44751

Okay, let's talk about making your scamshop look so legit even your grandma would believe it.

First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.

Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.

Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.

Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.

Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.

With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.



The Checkout

Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.

Remember our CC sniffer guide? We're about to use that.

First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.

View attachment 44752

For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.


View attachment 47143

Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!

Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:

*** Hidden text: cannot be quoted. ***


For this demo we're using Webhook.site. Head over there and get yourself an endpoint:

View attachment 44755

This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.

Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.

Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.



Perfecting

Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.

First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for your order card details", the better.


Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.

Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.

Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.

Every little helps. Look legit, grab more cards. Go! 😉



Conclusion

View attachment 44756


Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.

But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.

Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.

Until next time, happy phishing! d0ctrine out.
Niceeee
 

caodabi

Carding Novice
Joined
30.09.24
Messages
9
Reaction score
1
Points
3

💳The Self-Sufficient Carder: Your First Scamshop Part 1 💳



Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:

💳 The Self-Sufficient Carder: Your first CC Sniffer 💳

Now we're going to up the ante with scamshops.



Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.


View attachment 47139

We're splitting this guide into two parts:

Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.

By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.



What the Hell are Scamshops and Why Should You Care?

Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.

These sneaky little fucks come in two flavors:

Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.




Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!

Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:

1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.



Building Your Digital Honey Trap

Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:

🗄️ Running and Hardening Your Own Dedicated Server 🗄️

If you have, you're halfway there. If not, get over there and read it.


View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:

SSH into your server
Install Apache, MySQL, and PHP (LAMP stack)
Download and unzip WordPress
Create a MySQL database for WordPress
Configure wp-config.php
Run the WordPress installation
Install and activate WooCommerce plugin

Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:


Don't worry about how much the shit cost – you're a fucking carder, use your skills.


The Product

Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:

TikTok Popular Ads


View attachment 47141

Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:




Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:


Remember, you want as many visitors to hit that checkout button as possible.

Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.



Make Your Scamshop a Trust Beacon

View attachment 44751

Okay, let's talk about making your scamshop look so legit even your grandma would believe it.

首先,评论。你不能只是把“有史以来最好的产品!”说上百遍就完事了。不,你需要多样化。给自己买一个评论生成器插件,然后尽情发挥吧。混入一些 4 星评论,甚至偶尔加一些 3 星评论。看在上帝的份上,让它可信一点。

现在,社会认同。人们是羊,羊会从众。在你的网站上放一些虚假的社交媒体信息。炫耀那些虚假的追随者。让它看起来像是你卖的任何东西中的下一个大人物。

有一样东西你不能省:SSL。地址栏上的小挂锁让人们在输入他们的信用卡信息时感到温暖和舒适。使用 Let's Encrypt - 它是免费且合法的。没有借口。

别忘了那些无聊的东西。隐私政策、服务条款 - 是的,我知道,这是一个钓鱼网站,但它需要看起来真实。使用生成器输出一些法律术语。反正没人会读那些废话,但它必须在那里。

最后,编一个关于你的“公司”的故事。创建一个能让莎士比亚哭泣的“关于我们”页面。使用人工智能生成一些假的团队简历和照片。使用真实美女的照片,你这个十足的白痴。

您的诈骗商店看起来合法又专业,您已准备好迎接重头戏:结账流程,真正的魔法就此发生。让我们来看看如何将您的数字网站变成卡片收集器。



结账

现在您的诈骗商店看起来不错,是时候设置赚钱机器了:结账。这是整个过程中最重要的部分。

还记得我们的CC 嗅探器指南吗?我们即将使用它。

第一条经验法则:不要将偷来的 cvv 存储在与商店相同的服务器上。如果您的主机发现您的操作并切断电源,您将比地狱里的雪人更快地失去一切。

View attachment 44752

对于我们的结账,我们使用公共CheckoutWC。因为它看起来像 Shopify,所以它为您的信用卡收集商店增加了一层额外的合法性。更多的信任等于更多的转化,更多的转化意味着我们能获得更多的信用卡详细信息。


View attachment 47143

图片:CheckoutWC 结帐页面的示例,看起来很像 Shopify!

现在,事情开始变得棘手了。我编写了一个插件,充当信用卡详细信息转发器,将这些 cvv 转发到您选择的端点。我以前以几百美元的价格出售它,但请把它当作我送给孩子们的退休礼物,请在此处下载:

*** 隐藏文字:无法引用。***


在本演示中,我们使用Webhook.site。前往那里并获取一个端点:

View attachment 44755

我们将在此端点发布我们的卡详细信息。Webhook.Site提供了一个面板,其中列出了发布到此端点的所有数据。请记住,这只是一个演示目的,暂时将作为我们的面板。

将 class-bravo-sender.php 文件中的 URL 替换为您的新端点。将该插件放入 WordPress,激活它并将其设置为 WooCommerce 中的支付处理器。

继续测试。购买商品并结账。如果您一切正确,您应该会在 Webhook.site 面板中看到卡详细信息。



完善

现在我们的抓卡插件将完成繁重的工作,但我们需要确保人们确实能够达到这一点。

首先,一页结账是您最好的新朋友。CheckoutWC 已经支持它。“立即购买”和“感谢您的订单卡详细信息”之间的点击次数越少越好。


记住,现在是 2024 年,不是 1999 年。您的结账最好能在移动设备上顺利进行,否则您就白白浪费钱了。在您可以拿到的每一台设备上测试一下。

这里有个技巧:提供多种支付选项。PayPal、Apple Pay,无论什么流行的支付方式。当然,它们实际上并不起作用,但它会让你的网站看起来非常合法。此外,它让你有更多机会“意外”出现技术问题,迫使人们使用你的信用卡盗窃选项。

最后,退出意图弹出窗口。是的,它们很烦人,但它们很管用。当有人打算放弃结账时,用最后一刻的折扣或一些紧急的废话来打动他们。我列出的插件已经支持这一点。你会惊讶于你能用这个网络捕获多少人。

一点一滴都有帮助。看起来合法,拿更多卡片。快去吧!😉



结论

View attachment 44756


干得好,您已经开设了第一家诈骗商店并开始营业。您拥有一家看上去像诈骗商店的商店、一种会像疾病一样传播的产品以及一个会欺骗不知情的群众的结账流程。

但不要急着开始数钱。这只是你数字欺骗之旅的开始。在第二部分中,我们将深入探讨获取更多卡片的技巧,并讨论如何在不引起警察注意的情况下推广你的诈骗商店。

记住,能力越大,责任越大……千万不要被抓住。保持冷静,保持匿名。

下次见,祝您网络钓鱼愉快!d0ctrine out。
 

heydrichß

Active Carder
Joined
04.11.24
Messages
53
Reaction score
14
Points
8

💳The Self-Sufficient Carder: Your First Scamshop Part 1 💳



Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:

💳 The Self-Sufficient Carder: Your first CC Sniffer 💳

Now we're going to up the ante with scamshops.



Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.


View attachment 47139

We're splitting this guide into two parts:

Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.

By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.



What the Hell are Scamshops and Why Should You Care?

Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.

These sneaky little fucks come in two flavors:

Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.




Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!

Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:

1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.



Building Your Digital Honey Trap

Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:

🗄️ Running and Hardening Your Own Dedicated Server 🗄️

If you have, you're halfway there. If not, get over there and read it.


View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:

SSH into your server
Install Apache, MySQL, and PHP (LAMP stack)
Download and unzip WordPress
Create a MySQL database for WordPress
Configure wp-config.php
Run the WordPress installation
Install and activate WooCommerce plugin

Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:


Don't worry about how much the shit cost – you're a fucking carder, use your skills.


The Product

Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:

TikTok Popular Ads


View attachment 47141

Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:




Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:


Remember, you want as many visitors to hit that checkout button as possible.

Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.



Make Your Scamshop a Trust Beacon

View attachment 44751

Okay, let's talk about making your scamshop look so legit even your grandma would believe it.

First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.

Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.

Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.

Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.

Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.

With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.



The Checkout

Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.

Remember our CC sniffer guide? We're about to use that.

First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.

View attachment 44752

For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.


View attachment 47143

Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!

Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:

*** Hidden text: cannot be quoted. ***


For this demo we're using Webhook.site. Head over there and get yourself an endpoint:

View attachment 44755

This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.

Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.

Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.



Perfecting

Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.

First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for your order card details", the better.


Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.

Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.

Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.

Every little helps. Look legit, grab more cards. Go! 😉



Conclusion

View attachment 44756


Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.

But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.

Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.

Until next time, happy phishing! d0ctrine out.
thanks bro
 

rapidin1

Active Carder
Joined
30.10.24
Messages
35
Reaction score
1
Points
8

💳The Self-Sufficient Carder: Your First Scamshop Part 1 💳



Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:

💳 The Self-Sufficient Carder: Your first CC Sniffer 💳

Now we're going to up the ante with scamshops.



Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.


View attachment 47139

We're splitting this guide into two parts:

Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.

By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.



What the Hell are Scamshops and Why Should You Care?

Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.

These sneaky little fucks come in two flavors:

Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.




Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!

Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:

1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.



Building Your Digital Honey Trap

Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:

🗄️ Running and Hardening Your Own Dedicated Server 🗄️

If you have, you're halfway there. If not, get over there and read it.


View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:

SSH into your server
Install Apache, MySQL, and PHP (LAMP stack)
Download and unzip WordPress
Create a MySQL database for WordPress
Configure wp-config.php
Run the WordPress installation
Install and activate WooCommerce plugin

Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:


Don't worry about how much the shit cost – you're a fucking carder, use your skills.


The Product

Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:

TikTok Popular Ads


View attachment 47141

Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:




Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:


Remember, you want as many visitors to hit that checkout button as possible.

Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.



Make Your Scamshop a Trust Beacon

View attachment 44751

Okay, let's talk about making your scamshop look so legit even your grandma would believe it.

First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.

Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.

Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.

Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.

Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.

With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.



The Checkout

Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.

Remember our CC sniffer guide? We're about to use that.

First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.

View attachment 44752

For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.


View attachment 47143

Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!

Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:

*** Hidden text: cannot be quoted. ***


For this demo we're using Webhook.site. Head over there and get yourself an endpoint:

View attachment 44755

This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.

Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.

Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.



Perfecting

Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.

First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for your order card details", the better.


Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.

Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.

Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.

Every little helps. Look legit, grab more cards. Go! 😉



Conclusion

View attachment 44756


Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.

But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.

Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.

Until next time, happy phishing! d0ctrine out.
good
 

arture

Active Carder
Joined
26.11.23
Messages
27
Reaction score
2
Points
3

💳The Self-Sufficient Carder: Your First Scamshop Part 1 💳



Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:

💳 The Self-Sufficient Carder: Your first CC Sniffer 💳

Now we're going to up the ante with scamshops.



Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.


View attachment 47139

We're splitting this guide into two parts:

Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.

By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.



What the Hell are Scamshops and Why Should You Care?

Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.

These sneaky little fucks come in two flavors:

Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.




Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!

Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:

1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.



Building Your Digital Honey Trap

Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:

🗄️ Running and Hardening Your Own Dedicated Server 🗄️

If you have, you're halfway there. If not, get over there and read it.


View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:

SSH into your server
Install Apache, MySQL, and PHP (LAMP stack)
Download and unzip WordPress
Create a MySQL database for WordPress
Configure wp-config.php
Run the WordPress installation
Install and activate WooCommerce plugin

Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:


Don't worry about how much the shit cost – you're a fucking carder, use your skills.


The Product

Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:

TikTok Popular Ads


View attachment 47141

Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:




Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:


Remember, you want as many visitors to hit that checkout button as possible.

Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.



Make Your Scamshop a Trust Beacon

View attachment 44751

Okay, let's talk about making your scamshop look so legit even your grandma would believe it.

First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.

Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.

Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.

Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.

Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.

With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.



The Checkout

Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.

Remember our CC sniffer guide? We're about to use that.

First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.

View attachment 44752

For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.


View attachment 47143

Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!

Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:

*** Hidden text: cannot be quoted. ***


For this demo we're using Webhook.site. Head over there and get yourself an endpoint:

View attachment 44755

This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.

Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.

Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.



Perfecting

Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.

First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for your order card details", the better.


Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.

Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.

Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.

Every little helps. Look legit, grab more cards. Go! 😉



Conclusion

View attachment 44756


Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.

But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.

Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.

Until next time, happy phishing! d0ctrine out.
nice
 

rodman8989

Carding Crew Leader
Joined
16.07.24
Messages
108
Reaction score
20
Points
18

💳The Self-Sufficient Carder: Your First Scamshop Part 1 💳



Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:

💳 The Self-Sufficient Carder: Your first CC Sniffer 💳

Now we're going to up the ante with scamshops.



Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.


View attachment 47139

We're splitting this guide into two parts:

Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.

By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.



What the Hell are Scamshops and Why Should You Care?

Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.

These sneaky little fucks come in two flavors:

Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.




Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!

Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:

1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.



Building Your Digital Honey Trap

Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:

🗄️ Running and Hardening Your Own Dedicated Server 🗄️

If you have, you're halfway there. If not, get over there and read it.


View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:

SSH into your server
Install Apache, MySQL, and PHP (LAMP stack)
Download and unzip WordPress
Create a MySQL database for WordPress
Configure wp-config.php
Run the WordPress installation
Install and activate WooCommerce plugin

Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:


Don't worry about how much the shit cost – you're a fucking carder, use your skills.


The Product

Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:

TikTok Popular Ads


View attachment 47141

Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:




Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:


Remember, you want as many visitors to hit that checkout button as possible.

Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.



Make Your Scamshop a Trust Beacon

View attachment 44751

Okay, let's talk about making your scamshop look so legit even your grandma would believe it.

First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.

Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.

Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.

Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.

Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.

With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.



The Checkout

Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.

Remember our CC sniffer guide? We're about to use that.

First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.

View attachment 44752

For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.


View attachment 47143

Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!

Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:

*** Hidden text: cannot be quoted. ***


For this demo we're using Webhook.site. Head over there and get yourself an endpoint:

View attachment 44755

This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.

Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.

Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.



Perfecting

Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.

First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for your order card details", the better.


Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.

Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.

Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.

Every little helps. Look legit, grab more cards. Go! 😉



Conclusion

View attachment 44756


Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.

But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.

Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.

Until next time, happy phishing! d0ctrine out.
tyy
 

BlackLine

Active Carder
Joined
13.10.24
Messages
47
Reaction score
15
Points
8
links for harvester are dead. did anyone get to download it?
 

duncrder

Carding Novice
Joined
30.08.24
Messages
20
Reaction score
6
Points
3

💳The Self-Sufficient Carder: Your First Scamshop Part 1 💳



Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:

💳 The Self-Sufficient Carder: Your first CC Sniffer 💳

Now we're going to up the ante with scamshops.



Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.


View attachment 47139

We're splitting this guide into two parts:

Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.

By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.



What the Hell are Scamshops and Why Should You Care?

Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.

These sneaky little fucks come in two flavors:

Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.




Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!

Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:

1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.



Building Your Digital Honey Trap

Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:

🗄️ Running and Hardening Your Own Dedicated Server 🗄️

If you have, you're halfway there. If not, get over there and read it.


View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:

SSH into your server
Install Apache, MySQL, and PHP (LAMP stack)
Download and unzip WordPress
Create a MySQL database for WordPress
Configure wp-config.php
Run the WordPress installation
Install and activate WooCommerce plugin

Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:


Don't worry about how much the shit cost – you're a fucking carder, use your skills.


The Product

Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:

TikTok Popular Ads


View attachment 47141

Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:




Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:


Remember, you want as many visitors to hit that checkout button as possible.

Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.



Make Your Scamshop a Trust Beacon

View attachment 44751

Okay, let's talk about making your scamshop look so legit even your grandma would believe it.

First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.

Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.

Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.

Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.

Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.

With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.



The Checkout

Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.

Remember our CC sniffer guide? We're about to use that.

First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.

View attachment 44752

For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.


View attachment 47143

Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!

Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:

*** Hidden text: cannot be quoted. ***


For this demo we're using Webhook.site. Head over there and get yourself an endpoint:

View attachment 44755

This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.

Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.

Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.



Perfecting

Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.

First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for your order card details", the better.


Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.

Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.

Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.

Every little helps. Look legit, grab more cards. Go! 😉



Conclusion

View attachment 44756


Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.

But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.

Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.

Until next time, happy phishing! d0ctrine out.
can you teach us how to promote this shop ?
 
Top Bottom