williamstrevi
Carding Novice
- Joined
- 09.03.25
- Messages
- 5
- Reaction score
- 0
- Points
- 1
Solid method as usual
Carding 💳 The Self-Sufficient Carder: Your First Scamshop. Part 1 💳
- Thread starter d0ctrine
- Start date
-
- Tags
- card harvesting carding checkout optimization conversion rate optimization credit card theft cybercrime techniques digital deception dropshipping scams e-commerce fraud exit-intent popups fake reviews mobile fraud online store cloning payment gateway vulnerabilities phishing techniques scamshop social proof manipulation ssl exploitation woocommerce exploits wordpress security
![AntonioMontana2](https://pic-cc.com/data/avatars/m/185/185481.jpg?1741996265"){kind=avatar}
AntonioMontana2
Carding Novice
- Joined
- 13.03.25
- Messages
- 4
- Reaction score
- 1
- Points
- 3
very good my brother
The Self-Sufficient Carder: Your First Scamshop Part 1
Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:
Now we're going to up the ante with scamshops.
Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.
View attachment 47139
We're splitting this guide into two parts:
Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.
By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.
What the Hell are Scamshops and Why Should You Care?
Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.
These sneaky little fucks come in two flavors:
Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.
Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!
Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:
1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.
Building Your Digital Honey Trap
Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:
Running and Hardening Your Own Dedicated Server
If you have, you're halfway there. If not, get over there and read it.
View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:
SSH into your serverInstall Apache, MySQL, and PHP (LAMP stack)Download and unzip WordPressCreate a MySQL database for WordPressConfigure wp-config.phpRun the WordPress installationInstall and activate WooCommerce plugin
Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:
Don't worry about how much the shit cost – you're a fucking carder, use your skills.
The Product
Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:
TikTok Popular Ads
View attachment 47141
Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:
Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:
Remember, you want as many visitors to hit that checkout button as possible.
Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.
Make Your Scamshop a Trust Beacon
View attachment 44751
Okay, let's talk about making your scamshop look so legit even your grandma would believe it.
First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.
Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.
Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.
Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.
Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.
With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.
The Checkout
Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.
Remember our CC sniffer guide? We're about to use that.
First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.
View attachment 44752
For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.
View attachment 47143
Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!
Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:
*** Hidden text: cannot be quoted. ***
For this demo we're using Webhook.site. Head over there and get yourself an endpoint:
View attachment 44755
This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.
Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.
Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.
Perfecting
Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.
First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for yourordercard details", the better.
Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.
Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.
Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.
Every little helps. Look legit, grab more cards. Go!
Conclusion
View attachment 44756
Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.
But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.
Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.
Until next time, happy phishing! d0ctrine out.
lawliet.l.ug247
Carding Novice
- Joined
- 14.03.25
- Messages
- 13
- Reaction score
- 0
- Points
- 1
<3
Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:
Now we're going to up the ante with scamshops.
Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.
View attachment 47139
We're splitting this guide into two parts:
Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.
By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.
What the Hell are Scamshops and Why Should You Care?
Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.
These sneaky little fucks come in two flavors:
Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.
Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!
Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:
1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.
Building Your Digital Honey Trap
Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:
If you have, you're halfway there. If not, get over there and read it.
View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:
SSH into your serverInstall Apache, MySQL, and PHP (LAMP stack)Download and unzip WordPressCreate a MySQL database for WordPressConfigure wp-config.phpRun the WordPress installationInstall and activate WooCommerce plugin
Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:
Don't worry about how much the shit cost – you're a fucking carder, use your skills.
The Product
Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:
TikTok Popular Ads
View attachment 47141
Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:
Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:
Remember, you want as many visitors to hit that checkout button as possible.
Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.
Make Your Scamshop a Trust Beacon
View attachment 44751
Okay, let's talk about making your scamshop look so legit even your grandma would believe it.
First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.
Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.
Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.
Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.
Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.
With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.
The Checkout
Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.
Remember our CC sniffer guide? We're about to use that.
First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.
View attachment 44752
For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.
View attachment 47143
Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!
Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:
*** Hidden text: cannot be quoted. ***
For this demo we're using Webhook.site. Head over there and get yourself an endpoint:
View attachment 44755
Điểm cuối này là nơi chúng ta sẽ đăng thông tin chi tiết về thẻ của mình. Webhook.Site cung cấp một bảng điều khiển liệt kê mọi dữ liệu đã đăng lên điểm cuối này. Đây, và hãy nhớ rằng đây chỉ là mục đích demo, sẽ là bảng điều khiển của chúng ta trong thời gian này.
Thay thế URL trong tệp class-bravo-sender.php bằng điểm cuối mới của bạn. Thả plugin đó vào WordPress, kích hoạt và đặt nó làm bộ xử lý thanh toán của bạn trong WooCommerce.
Hãy tiếp tục và thử nghiệm. Mua một mặt hàng và thanh toán. Nếu bạn đã làm đúng mọi thứ, bạn sẽ thấy thông tin chi tiết về thẻ trong bảng điều khiển Webhook.site của mình.
Hoàn thiện
Bây giờ plugin lấy thẻ của chúng tôi sẽ thực hiện công việc khó khăn, nhưng chúng tôi cần đảm bảo mọi người thực sự đến được điểm đó.
Trước hết, thanh toán một trang là người bạn mới tốt nhất của bạn. CheckoutWC đã hỗ trợ tính năng này. Càng ít lần nhấp chuột giữa "Mua ngay" và "Cảm ơn bạn đã cung cấp thông tin chi tiết về thẻđặt hàng" thì càng tốt.
Hãy nhớ rằng, bây giờ là năm 2024 chứ không phải năm 1999. Việc thanh toán của bạn phải hoạt động trơn tru trên thiết bị di động hoặc bạn sẽ mất tiền. Hãy thử nghiệm trên mọi thiết bị mà bạn có thể có.
Đây là một mẹo: cung cấp một loạt các tùy chọn thanh toán. PayPal, Apple Pay, bất kỳ tùy chọn nào phổ biến. Tất nhiên, chúng sẽ không thực sự hiệu quả, nhưng nó khiến trang web của bạn trông hợp pháp vô cùng. Thêm vào đó, nó cung cấp cho bạn nhiều cơ hội hơn để "vô tình" gặp phải các vấn đề kỹ thuật buộc mọi người phải sử dụng tùy chọn đánh cắp thẻ của bạn.
Cuối cùng, các cửa sổ bật lên khi thoát. Đúng là chúng rất khó chịu, nhưng chúng hiệu quả. Khi ai đó sắp thoát khỏi trang thanh toán của bạn, hãy tặng họ một khoản giảm giá vào phút chót hoặc một số lời lẽ vô nghĩa về sự cấp bách. Các plugin như tôi đã liệt kê đã hỗ trợ điều này. Bạn sẽ ngạc nhiên khi biết có bao nhiêu người bạn có thể bắt được bằng lưới này.
Mỗi chút đều có ích. Trông thật hợp lệ, lấy thêm thẻ. Tiến lên!
Phần kết luận
View attachment 44756
Làm tốt lắm, bạn đã có cửa hàng lừa đảo đầu tiên và đang hoạt động. Bạn có một cửa hàng trông giống như vậy, một sản phẩm sẽ lây lan như một căn bệnh và một quy trình thanh toán sẽ lừa đảo những người thiếu cảnh giác.
Nhưng đừng bắt đầu đếm tiền ngay bây giờ. Đây chỉ là khởi đầu cho hành trình lừa đảo kỹ thuật số của bạn. Trong Phần Hai, chúng ta sẽ đi sâu hơn vào các kỹ thuật để có thêm thẻ và nói về cách quảng bá cửa hàng lừa đảo của bạn mà không thu hút sự chú ý của những chàng trai mặc đồ xanh.
Hãy nhớ rằng, sức mạnh lớn đi kèm với trách nhiệm lớn... là không để bị phát hiện. Hãy giữ thái độ lạnh lùng và ẩn danh.
Hẹn gặp lại lần sau, lừa đảo vui vẻ! d0ctrine out.
ty king
Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:
Now we're going to up the ante with scamshops.
Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.
View attachment 47139
We're splitting this guide into two parts:
Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.
By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.
What the Hell are Scamshops and Why Should You Care?
Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.
These sneaky little fucks come in two flavors:
Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.
Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!
Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:
1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.
Building Your Digital Honey Trap
Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:
If you have, you're halfway there. If not, get over there and read it.
View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:
SSH into your serverInstall Apache, MySQL, and PHP (LAMP stack)Download and unzip WordPressCreate a MySQL database for WordPressConfigure wp-config.phpRun the WordPress installationInstall and activate WooCommerce plugin
Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:
Don't worry about how much the shit cost – you're a fucking carder, use your skills.
The Product
Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:
TikTok Popular Ads
View attachment 47141
Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:
Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:
Remember, you want as many visitors to hit that checkout button as possible.
Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.
Make Your Scamshop a Trust Beacon
View attachment 44751
Okay, let's talk about making your scamshop look so legit even your grandma would believe it.
First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.
Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.
Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.
Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.
Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.
With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.
The Checkout
Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.
Remember our CC sniffer guide? We're about to use that.
First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.
View attachment 44752
For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.
View attachment 47143
Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!
Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:
*** Hidden text: cannot be quoted. ***
For this demo we're using Webhook.site. Head over there and get yourself an endpoint:
View attachment 44755
This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.
Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.
Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.
Perfecting
Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.
First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for yourordercard details", the better.
Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.
Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.
Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.
Every little helps. Look legit, grab more cards. Go!
Conclusion
View attachment 44756
Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.
But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.
Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.
Until next time, happy phishing! d0ctrine out.
noreferrals
Carding Novice
- Joined
- 02.03.25
- Messages
- 4
- Reaction score
- 0
- Points
- 1
Thanks for the plugins
Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:
Now we're going to up the ante with scamshops.
Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.
View attachment 47139
We're splitting this guide into two parts:
Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.
By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.
What the Hell are Scamshops and Why Should You Care?
Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.
These sneaky little fucks come in two flavors:
Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.
Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!
Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:
1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.
Building Your Digital Honey Trap
Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:
If you have, you're halfway there. If not, get over there and read it.
View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:
SSH into your serverInstall Apache, MySQL, and PHP (LAMP stack)Download and unzip WordPressCreate a MySQL database for WordPressConfigure wp-config.phpRun the WordPress installationInstall and activate WooCommerce plugin
Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:
Don't worry about how much the shit cost – you're a fucking carder, use your skills.
The Product
Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:
TikTok Popular Ads
View attachment 47141
Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:
Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:
Remember, you want as many visitors to hit that checkout button as possible.
Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.
Make Your Scamshop a Trust Beacon
View attachment 44751
Okay, let's talk about making your scamshop look so legit even your grandma would believe it.
First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.
Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.
Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.
Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.
Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.
With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.
The Checkout
Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.
Remember our CC sniffer guide? We're about to use that.
First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.
View attachment 44752
For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.
View attachment 47143
Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!
Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:
*** Hidden text: cannot be quoted. ***
For this demo we're using Webhook.site. Head over there and get yourself an endpoint:
View attachment 44755
This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.
Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.
Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.
Perfecting
Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.
First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for yourordercard details", the better.
Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.
Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.
Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.
Every little helps. Look legit, grab more cards. Go!
Conclusion
View attachment 44756
Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.
But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.
Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.
Until next time, happy phishing! d0ctrine out.
thanks
Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:
Now we're going to up the ante with scamshops.
Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.
View attachment 47139
We're splitting this guide into two parts:
Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.
By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.
What the Hell are Scamshops and Why Should You Care?
Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.
These sneaky little fucks come in two flavors:
Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.
Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!
Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:
1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.
Building Your Digital Honey Trap
Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:
If you have, you're halfway there. If not, get over there and read it.
View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:
SSH into your serverInstall Apache, MySQL, and PHP (LAMP stack)Download and unzip WordPressCreate a MySQL database for WordPressConfigure wp-config.phpRun the WordPress installationInstall and activate WooCommerce plugin
Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:
Don't worry about how much the shit cost – you're a fucking carder, use your skills.
The Product
Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:
TikTok Popular Ads
View attachment 47141
Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:
Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:
Remember, you want as many visitors to hit that checkout button as possible.
Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.
Make Your Scamshop a Trust Beacon
View attachment 44751
Okay, let's talk about making your scamshop look so legit even your grandma would believe it.
First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.
Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.
Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.
Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.
Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.
With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.
The Checkout
Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.
Remember our CC sniffer guide? We're about to use that.
First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.
View attachment 44752
For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.
View attachment 47143
Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!
Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:
*** Hidden text: cannot be quoted. ***
For this demo we're using Webhook.site. Head over there and get yourself an endpoint:
View attachment 44755
This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.
Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.
Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.
Perfecting
Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.
First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for yourordercard details", the better.
Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.
Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.
Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.
Every little helps. Look legit, grab more cards. Go!
Conclusion
View attachment 44756
Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.
But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.
Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.
Until next time, happy phishing! d0ctrine out.
Thank you
Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:
Now we're going to up the ante with scamshops.
Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.
View attachment 47139
We're splitting this guide into two parts:
Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.
By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.
What the Hell are Scamshops and Why Should You Care?
Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.
These sneaky little fucks come in two flavors:
Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.
Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!
Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:
1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.
Building Your Digital Honey Trap
Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:
If you have, you're halfway there. If not, get over there and read it.
View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:
SSH into your serverInstall Apache, MySQL, and PHP (LAMP stack)Download and unzip WordPressCreate a MySQL database for WordPressConfigure wp-config.phpRun the WordPress installationInstall and activate WooCommerce plugin
Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:
Don't worry about how much the shit cost – you're a fucking carder, use your skills.
The Product
Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:
TikTok Popular Ads
View attachment 47141
Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:
Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:
Remember, you want as many visitors to hit that checkout button as possible.
Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.
Make Your Scamshop a Trust Beacon
View attachment 44751
Okay, let's talk about making your scamshop look so legit even your grandma would believe it.
First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.
Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.
Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.
Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.
Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.
With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.
The Checkout
Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.
Remember our CC sniffer guide? We're about to use that.
First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.
View attachment 44752
For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.
View attachment 47143
Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!
Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:
*** Hidden text: cannot be quoted. ***
For this demo we're using Webhook.site. Head over there and get yourself an endpoint:
View attachment 44755
This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.
Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.
Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.
Perfecting
Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.
First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for yourordercard details", the better.
Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.
Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.
Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.
Every little helps. Look legit, grab more cards. Go!
Conclusion
View attachment 44756
Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.
But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.
Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.
Until next time, happy phishing! d0ctrine out.
fewiy39607
Carding Novice
- Joined
- 20.03.25
- Messages
- 5
- Reaction score
- 0
- Points
- 1
Nice
Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:
Now we're going to up the ante with scamshops.
Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.
View attachment 47139
We're splitting this guide into two parts:
Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.
By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.
What the Hell are Scamshops and Why Should You Care?
Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.
These sneaky little fucks come in two flavors:
Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.
Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!
Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:
1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.
Building Your Digital Honey Trap
Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:
If you have, you're halfway there. If not, get over there and read it.
View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:
SSH into your serverInstall Apache, MySQL, and PHP (LAMP stack)Download and unzip WordPressCreate a MySQL database for WordPressConfigure wp-config.phpRun the WordPress installationInstall and activate WooCommerce plugin
Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:
Don't worry about how much the shit cost – you're a fucking carder, use your skills.
The Product
Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:
TikTok Popular Ads
View attachment 47141
Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:
Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:
Remember, you want as many visitors to hit that checkout button as possible.
Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.
Make Your Scamshop a Trust Beacon
View attachment 44751
Okay, let's talk about making your scamshop look so legit even your grandma would believe it.
First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.
Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.
Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.
Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.
Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.
With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.
The Checkout
Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.
Remember our CC sniffer guide? We're about to use that.
First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.
View attachment 44752
For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.
View attachment 47143
Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!
Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:
*** Hidden text: cannot be quoted. ***
For this demo we're using Webhook.site. Head over there and get yourself an endpoint:
View attachment 44755
This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.
Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.
Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.
Perfecting
Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.
First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for yourordercard details", the better.
Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.
Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.
Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.
Every little helps. Look legit, grab more cards. Go!
Conclusion
View attachment 44756
Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.
But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.
Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.
Until next time, happy phishing! d0ctrine out.
circuitosh
Carding Novice
- Joined
- 10.07.24
- Messages
- 3
- Reaction score
- 0
- Points
- 3
Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:
Now we're going to up the ante with scamshops.
Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.
View attachment 47139
We're splitting this guide into two parts:
Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.
By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.
What the Hell are Scamshops and Why Should You Care?
Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.
These sneaky little fucks come in two flavors:
Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.
Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!
Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:
1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.
Building Your Digital Honey Trap
Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:
If you have, you're halfway there. If not, get over there and read it.
View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:
SSH into your serverInstall Apache, MySQL, and PHP (LAMP stack)Download and unzip WordPressCreate a MySQL database for WordPressConfigure wp-config.phpRun the WordPress installationInstall and activate WooCommerce plugin
Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:
Don't worry about how much the shit cost – you're a fucking carder, use your skills.
The Product
Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:
TikTok Popular Ads
View attachment 47141
Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:
Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:
Remember, you want as many visitors to hit that checkout button as possible.
Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.
Make Your Scamshop a Trust Beacon
View attachment 44751
Okay, let's talk about making your scamshop look so legit even your grandma would believe it.
First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.
Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.
Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.
Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.
Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.
With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.
The Checkout
Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.
Remember our CC sniffer guide? We're about to use that.
First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.
View attachment 44752
For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.
View attachment 47143
Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!
Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:
*** Hidden text: cannot be quoted. ***
For this demo we're using Webhook.site. Head over there and get yourself an endpoint:
View attachment 44755
This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.
Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.
Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.
Perfecting
Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.
First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for yourordercard details", the better.
Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.
Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.
Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.
Every little helps. Look legit, grab more cards. Go!
Conclusion
View attachment 44756
Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.
But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.
Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.
Until next time, happy phishing! d0ctrine out.
distantguy
Carding Novice
- Joined
- 12.03.24
- Messages
- 19
- Reaction score
- 1
- Points
- 3
Stk
Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:
Now we're going to up the ante with scamshops.
Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.
View attachment 47139
We're splitting this guide into two parts:
Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.
By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.
What the Hell are Scamshops and Why Should You Care?
Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.
These sneaky little fucks come in two flavors:
Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.
Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!
Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:
1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.
Building Your Digital Honey Trap
Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:
If you have, you're halfway there. If not, get over there and read it.
View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:
SSH into your serverInstall Apache, MySQL, and PHP (LAMP stack)Download and unzip WordPressCreate a MySQL database for WordPressConfigure wp-config.phpRun the WordPress installationInstall and activate WooCommerce plugin
Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:
Don't worry about how much the shit cost – you're a fucking carder, use your skills.
The Product
Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:
TikTok Popular Ads
View attachment 47141
Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:
Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:
Remember, you want as many visitors to hit that checkout button as possible.
Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.
Make Your Scamshop a Trust Beacon
View attachment 44751
Okay, let's talk about making your scamshop look so legit even your grandma would believe it.
First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.
Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.
Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.
Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.
Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.
With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.
The Checkout
Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.
Remember our CC sniffer guide? We're about to use that.
First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.
View attachment 44752
For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.
View attachment 47143
Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!
Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:
*** Hidden text: cannot be quoted. ***
Đối với bản demo này, chúng tôi đang sử dụng Webhook.site. Đi đến đó và lấy cho mình một điểm cuối:
[ĐÍNH KÈM = ĐẦY ĐỦ] 44755 [/ ĐÍNH KẾT]
Điểm cuối này là nơi chúng tôi sẽ đăng chi tiết thẻ của mình. Webhook.Site cung cấp một bảng liệt kê mọi dữ liệu được đăng lên điểm cuối này. Điều này, và hãy nhớ rằng đây chỉ là mục đích demo, sẽ là bảng điều khiển của chúng tôi trong thời gian chờ đợi.
Thay thế URL trong tệp class-bravo-sender.php bằng điểm cuối mới của bạn. Thả plugin đó vào WordPress, kích hoạt nó và đặt nó làm bộ xử lý thanh toán của bạn trong WooCommerce.
Hãy tiếp tục và kiểm tra. Mua một mặt hàng và thanh toán. Nếu bạn đã làm mọi thứ đúng, bạn sẽ thấy chi tiết thẻ trong bảng điều khiển Webhook.site của mình.
Hoàn thiện
Bây giờ plugin lấy thẻ của chúng tôi sẽ thực hiện công việc nặng nhọc, nhưng chúng tôi cần đảm bảo rằng mọi người thực sự đạt được điểm đó.
Trước hết, thanh toán một trang là người bạn tốt nhất mới của bạn. Nó đã được hỗ trợ bởi CheckoutWC. Càng ít nhấp chuột giữa "Mua ngay" và "Cảm ơn bạn vì chi tiết thẻđặt hàngcủa bạn" thì càng tốt.
Hãy nhớ rằng, năm 2024 của nó không phải năm 1999. Thanh toán của bạn hoạt động trơn tru hơn trên thiết bị di động hoặc bạn sẽ để lại tiền trên bàn. Kiểm tra thứ đó trên mọi thiết bị mà bạn có thể có được.
Đây là một mẹo: cung cấp một loạt các tùy chọn thanh toán. PayPal, Apple Pay, bất cứ thứ gì phổ biến. Tất nhiên, chúng sẽ không thực sự hoạt động, nhưng nó làm cho trang web của bạn trông hợp pháp như địa ngục. Thêm vào đó, nó mang lại cho bạn nhiều cơ hội hơn để "vô tình" gặp các vấn đề kỹ thuật buộc mọi người phải sử dụng tùy chọn ăn cắp thẻ của bạn.
Cuối cùng, cửa sổ bật lên có ý định thoát. Vâng, chúng thật khó chịu, nhưng chúng hoạt động. Khi ai đó chuẩn bị bảo lãnh khi thanh toán của bạn, hãy giảm giá vào phút chót hoặc một số điều nhảm nhí khẩn cấp. Các plugin như tôi đã liệt kê đã hỗ trợ điều này. Bạn sẽ ngạc nhiên khi bạn có thể bắt được bao nhiêu người bằng lưới này.
Mọi thứ đều giúp ích. Trông hợp pháp, lấy thêm thẻ. Đi!
Kết thúc
View attachment 44756
Làm tốt lắm, bạn đã có cửa hàng lừa đảo đầu tiên của mình và đang hoạt động. Bạn có một cửa hàng trông giống như một phần, một sản phẩm sẽ lây lan như một căn bệnh và một quy trình thanh toán sẽ xé toạc những người không cảnh giác.
Nhưng đừng bắt đầu đếm tiền của bạn. Đây chỉ là khởi đầu cho hành trình lừa dối kỹ thuật số của bạn. Trong Phần Hai, chúng ta sẽ đi sâu hơn vào các kỹ thuật để có được nhiều thẻ hơn và nói về cách quảng bá lừa đảo của bạn mà không thu hút sự chú ý của các chàng trai mặc áo xanh.
Hãy nhớ rằng, với sức mạnh lớn đi kèm với trách nhiệm lớn lao... để không bị bắt. Giữ lạnh lùng và ẩn danh.
Cho đến lần sau, vui vẻ lừa đảo! d0ctrine ra.
weswqdrwfr
Carding Novice
- Joined
- 10.01.25
- Messages
- 3
- Reaction score
- 0
- Points
- 1
Thankx!
doctorrrrrrr
Carding Novice
- Joined
- 18.03.25
- Messages
- 17
- Reaction score
- 2
- Points
- 3
thanks
Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:
Now we're going to up the ante with scamshops.
Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.
View attachment 47139
We're splitting this guide into two parts:
Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.
By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.
What the Hell are Scamshops and Why Should You Care?
Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.
These sneaky little fucks come in two flavors:
Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.
Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!
Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:
1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.
Building Your Digital Honey Trap
Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:
If you have, you're halfway there. If not, get over there and read it.
View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:
SSH into your serverInstall Apache, MySQL, and PHP (LAMP stack)Download and unzip WordPressCreate a MySQL database for WordPressConfigure wp-config.phpRun the WordPress installationInstall and activate WooCommerce plugin
Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:
Don't worry about how much the shit cost – you're a fucking carder, use your skills.
The Product
Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:
TikTok Popular Ads
View attachment 47141
Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:
Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:
Remember, you want as many visitors to hit that checkout button as possible.
Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.
Make Your Scamshop a Trust Beacon
View attachment 44751
Okay, let's talk about making your scamshop look so legit even your grandma would believe it.
First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.
Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.
Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.
Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.
Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.
With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.
The Checkout
Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.
Remember our CC sniffer guide? We're about to use that.
First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.
View attachment 44752
For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.
View attachment 47143
Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!
Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:
*** Hidden text: cannot be quoted. ***
For this demo we're using Webhook.site. Head over there and get yourself an endpoint:
View attachment 44755
This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.
Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.
Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.
Perfecting
Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.
First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for yourordercard details", the better.
Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.
Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.
Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.
Every little helps. Look legit, grab more cards. Go!
Conclusion
View attachment 44756
Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.
But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.
Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.
Until next time, happy phishing! d0ctrine out.
thank u
Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:
Now we're going to up the ante with scamshops.
Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.
View attachment 47139
We're splitting this guide into two parts:
Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.
By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.
What the Hell are Scamshops and Why Should You Care?
Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.
These sneaky little fucks come in two flavors:
Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.
Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!
Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:
1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.
Building Your Digital Honey Trap
Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:
If you have, you're halfway there. If not, get over there and read it.
View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:
SSH into your serverInstall Apache, MySQL, and PHP (LAMP stack)Download and unzip WordPressCreate a MySQL database for WordPressConfigure wp-config.phpRun the WordPress installationInstall and activate WooCommerce plugin
Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:
Don't worry about how much the shit cost – you're a fucking carder, use your skills.
The Product
Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:
TikTok Popular Ads
View attachment 47141
Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:
Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:
Remember, you want as many visitors to hit that checkout button as possible.
Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.
Make Your Scamshop a Trust Beacon
View attachment 44751
Okay, let's talk about making your scamshop look so legit even your grandma would believe it.
First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.
Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.
Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.
Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.
Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.
With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.
The Checkout
Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.
Remember our CC sniffer guide? We're about to use that.
First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.
View attachment 44752
For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.
View attachment 47143
Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!
Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:
*** Hidden text: cannot be quoted. ***
For this demo we're using Webhook.site. Head over there and get yourself an endpoint:
View attachment 44755
This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.
Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.
Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.
Perfecting
Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.
First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for yourordercard details", the better.
Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.
Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.
Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.
Every little helps. Look legit, grab more cards. Go!
Conclusion
View attachment 44756
Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.
But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.
Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.
Until next time, happy phishing! d0ctrine out.
ibanezjfi3
Carding Novice
- Joined
- 03.04.25
- Messages
- 17
- Reaction score
- 2
- Points
- 3
thank you g
Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:
Now we're going to up the ante with scamshops.
Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.
View attachment 47139
We're splitting this guide into two parts:
Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.
By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.
What the Hell are Scamshops and Why Should You Care?
Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.
These sneaky little fucks come in two flavors:
Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.
Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!
Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:
1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.
Building Your Digital Honey Trap
Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:
If you have, you're halfway there. If not, get over there and read it.
View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:
SSH into your serverInstall Apache, MySQL, and PHP (LAMP stack)Download and unzip WordPressCreate a MySQL database for WordPressConfigure wp-config.phpRun the WordPress installationInstall and activate WooCommerce plugin
Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:
Don't worry about how much the shit cost – you're a fucking carder, use your skills.
The Product
Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:
TikTok Popular Ads
View attachment 47141
Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:
Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:
Remember, you want as many visitors to hit that checkout button as possible.
Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.
Make Your Scamshop a Trust Beacon
View attachment 44751
Okay, let's talk about making your scamshop look so legit even your grandma would believe it.
First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.
Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.
Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.
Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.
Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.
With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.
The Checkout
Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.
Remember our CC sniffer guide? We're about to use that.
First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.
View attachment 44752
For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.
View attachment 47143
Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!
Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:
*** Hidden text: cannot be quoted. ***
For this demo we're using Webhook.site. Head over there and get yourself an endpoint:
View attachment 44755
This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.
Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.
Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.
Perfecting
Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.
First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for yourordercard details", the better.
Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.
Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.
Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.
Every little helps. Look legit, grab more cards. Go!
Conclusion
View attachment 44756
Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.
But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.
Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.
Until next time, happy phishing! d0ctrine out.
Killerwhale710
Active Carder
- Joined
- 20.03.25
- Messages
- 28
- Reaction score
- 1
- Points
- 3
ty
Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:
Now we're going to up the ante with scamshops.
Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.
View attachment 47139
We're splitting this guide into two parts:
Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.
By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.
What the Hell are Scamshops and Why Should You Care?
Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.
These sneaky little fucks come in two flavors:
Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.
Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!
Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:
1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.
Building Your Digital Honey Trap
Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:
If you have, you're halfway there. If not, get over there and read it.
View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:
SSH into your serverInstall Apache, MySQL, and PHP (LAMP stack)Download and unzip WordPressCreate a MySQL database for WordPressConfigure wp-config.phpRun the WordPress installationInstall and activate WooCommerce plugin
Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:
Don't worry about how much the shit cost – you're a fucking carder, use your skills.
The Product
Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:
TikTok Popular Ads
View attachment 47141
Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:
Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:
Remember, you want as many visitors to hit that checkout button as possible.
Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.
Make Your Scamshop a Trust Beacon
View attachment 44751
Okay, let's talk about making your scamshop look so legit even your grandma would believe it.
First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.
Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.
Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.
Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.
Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.
With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.
The Checkout
Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.
Remember our CC sniffer guide? We're about to use that.
First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.
View attachment 44752
For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.
View attachment 47143
Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!
Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:
*** Hidden text: cannot be quoted. ***
For this demo we're using Webhook.site. Head over there and get yourself an endpoint:
View attachment 44755
This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.
Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.
Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.
Perfecting
Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.
First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for yourordercard details", the better.
Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.
Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.
Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.
Every little helps. Look legit, grab more cards. Go!
Conclusion
View attachment 44756
Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.
But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.
Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.
Until next time, happy phishing! d0ctrine out.
txxxxx
Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:
Now we're going to up the ante with scamshops.
Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.
View attachment 47139
We're splitting this guide into two parts:
Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.
By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.
What the Hell are Scamshops and Why Should You Care?
Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.
These sneaky little fucks come in two flavors:
Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.
Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!
Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:
1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.
Building Your Digital Honey Trap
Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:
If you have, you're halfway there. If not, get over there and read it.
View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:
SSH into your serverInstall Apache, MySQL, and PHP (LAMP stack)Download and unzip WordPressCreate a MySQL database for WordPressConfigure wp-config.phpRun the WordPress installationInstall and activate WooCommerce plugin
Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:
Don't worry about how much the shit cost – you're a fucking carder, use your skills.
The Product
Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:
TikTok Popular Ads
View attachment 47141
Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:
Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:
Remember, you want as many visitors to hit that checkout button as possible.
Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.
Make Your Scamshop a Trust Beacon
View attachment 44751
Okay, let's talk about making your scamshop look so legit even your grandma would believe it.
First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.
Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.
Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.
Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.
Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.
With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.
The Checkout
Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.
Remember our CC sniffer guide? We're about to use that.
First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.
View attachment 44752
For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.
View attachment 47143
Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!
Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:
*** Hidden text: cannot be quoted. ***
For this demo we're using Webhook.site. Head over there and get yourself an endpoint:
View attachment 44755
This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.
Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.
Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.
Perfecting
Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.
First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for yourordercard details", the better.
Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.
Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.
Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.
Every little helps. Look legit, grab more cards. Go!
Conclusion
View attachment 44756
Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.
But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.
Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.
Until next time, happy phishing! d0ctrine out.
