Advanced Search

Carding πŸ’³ The Self-Sufficient Carder: Your First Scamshop. Part 1 πŸ’³



XTC | CUSTOMER SATISFACTION IS OUR PRIORITY
AntonioMontana2

AntonioMontana2

Carding Novice
Joined
13.03.25
Messages
4
Reaction score
1
Points
3
d0ctrine said:

πŸ’³The Self-Sufficient Carder: Your First Scamshop Part 1 πŸ’³

Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:

πŸ’³ The Self-Sufficient Carder: Your first CC Sniffer πŸ’³β€‹

Now we're going to up the ante with scamshops.​

​



Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.


View attachment 47139

We're splitting this guide into two parts:

Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.

By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.


What the Hell are Scamshops and Why Should You Care?

Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.

These sneaky little fucks come in two flavors:

Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.




Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!

Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:

1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.


Building Your Digital Honey Trap

Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:

πŸ—„οΈ Running and Hardening Your Own Dedicated Server πŸ—„οΈβ€‹

If you have, you're halfway there. If not, get over there and read it.​


View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:

SSH into your server​
Install Apache, MySQL, and PHP (LAMP stack)​
Download and unzip WordPress​
Create a MySQL database for WordPress​
Configure wp-config.php​
Run the WordPress installation​
Install and activate WooCommerce plugin​

Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:


Don't worry about how much the shit cost – you're a fucking carder, use your skills.

The Product

Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:

TikTok Popular Ads​


View attachment 47141

Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:

AutoDS​
Importify​



Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:

Optinly​
Adoric​

Remember, you want as many visitors to hit that checkout button as possible.

Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.


Make Your Scamshop a Trust Beacon

View attachment 44751

Okay, let's talk about making your scamshop look so legit even your grandma would believe it.

First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.

Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.

Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.

Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.

Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.

With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.


The Checkout

Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.

Remember our CC sniffer guide? We're about to use that.

First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.

View attachment 44752

For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.


View attachment 47143

Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!

Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:

*** Hidden text: cannot be quoted. ***


For this demo we're using Webhook.site. Head over there and get yourself an endpoint:

View attachment 44755

This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.

Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.

Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.


Perfecting

Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.

First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for your order card details", the better.


Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.

Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.

Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.

Every little helps. Look legit, grab more cards. Go! πŸ˜‰


Conclusion

View attachment 44756

Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.

But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.

Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.

Until next time, happy phishing! d0ctrine out.
Click to expand...
very good my brother
 
C

cf1223

Carding Novice
Joined
15.03.25
Messages
14
Reaction score
0
Points
1
absolutely the best write ups I've came across, let alone for free? MY MAN!
 
C

cf1223

Carding Novice
Joined
15.03.25
Messages
14
Reaction score
0
Points
1
bravotocharlie.zip download links no longer work..any chance of an updated link to DL?
 
L

lawliet.l.ug247

Carding Novice
Joined
14.03.25
Messages
13
Reaction score
0
Points
1
d0ctrine said:

πŸ’³The Self-Sufficient Carder: Your First Scamshop Part 1 πŸ’³

Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:

πŸ’³ The Self-Sufficient Carder: Your first CC Sniffer πŸ’³β€‹

Now we're going to up the ante with scamshops.​

​



Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.


View attachment 47139

We're splitting this guide into two parts:

Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.

By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.


What the Hell are Scamshops and Why Should You Care?

Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.

These sneaky little fucks come in two flavors:

Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.




Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!

Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:

1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.


Building Your Digital Honey Trap

Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:

πŸ—„οΈ Running and Hardening Your Own Dedicated Server πŸ—„οΈβ€‹

If you have, you're halfway there. If not, get over there and read it.​


View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:

SSH into your server​
Install Apache, MySQL, and PHP (LAMP stack)​
Download and unzip WordPress​
Create a MySQL database for WordPress​
Configure wp-config.php​
Run the WordPress installation​
Install and activate WooCommerce plugin​

Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:


Don't worry about how much the shit cost – you're a fucking carder, use your skills.

The Product

Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:

TikTok Popular Ads​


View attachment 47141

Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:

AutoDS​
Importify​



Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:

Optinly​
Adoric​

Remember, you want as many visitors to hit that checkout button as possible.

Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.


Make Your Scamshop a Trust Beacon

View attachment 44751

Okay, let's talk about making your scamshop look so legit even your grandma would believe it.

First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.

Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.

Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.

Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.

Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.

With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.


The Checkout

Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.

Remember our CC sniffer guide? We're about to use that.

First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.

View attachment 44752

For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.


View attachment 47143

Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!

Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:

*** Hidden text: cannot be quoted. ***


For this demo we're using Webhook.site. Head over there and get yourself an endpoint:

View attachment 44755

Điểm cuα»‘i nΓ y lΓ  nΖ‘i chΓΊng ta sαΊ½ Δ‘Δƒng thΓ΄ng tin chi tiαΊΏt về thαΊ» của mΓ¬nh. Webhook.Site cung cαΊ₯p mα»™t bαΊ£ng Δ‘iều khiển liệt kΓͺ mọi dα»― liệu Δ‘Γ£ Δ‘Δƒng lΓͺn Δ‘iểm cuα»‘i nΓ y. ĐÒy, vΓ  hΓ£y nhα»› rαΊ±ng Δ‘Γ’y chỉ lΓ  mα»₯c Δ‘Γ­ch demo, sαΊ½ lΓ  bαΊ£ng Δ‘iều khiển của chΓΊng ta trong thời gian nΓ y.

Thay thαΊΏ URL trong tệp class-bravo-sender.php bαΊ±ng Δ‘iểm cuα»‘i mα»›i của bαΊ‘n. ThαΊ£ plugin Δ‘Γ³ vΓ o WordPress, kΓ­ch hoαΊ‘t vΓ  Δ‘αΊ·t nΓ³ lΓ m bα»™ xα»­ lΓ½ thanh toΓ‘n của bαΊ‘n trong WooCommerce.

HΓ£y tiαΊΏp tα»₯c vΓ  thα»­ nghiệm. Mua mα»™t mαΊ·t hΓ ng vΓ  thanh toΓ‘n. NαΊΏu bαΊ‘n Δ‘Γ£ lΓ m Δ‘ΓΊng mọi thα»©, bαΊ‘n sαΊ½ thαΊ₯y thΓ΄ng tin chi tiαΊΏt về thαΊ» trong bαΊ£ng Δ‘iều khiển Webhook.site của mΓ¬nh.


HoΓ n thiện

BΓ’y giờ plugin lαΊ₯y thαΊ» của chΓΊng tΓ΄i sαΊ½ thα»±c hiện cΓ΄ng việc khΓ³ khΔƒn, nhΖ°ng chΓΊng tΓ΄i cαΊ§n Δ‘αΊ£m bαΊ£o mọi người thα»±c sα»± Δ‘αΊΏn được Δ‘iểm Δ‘Γ³.

TrΖ°α»›c hαΊΏt, thanh toΓ‘n mα»™t trang lΓ  người bαΊ‘n mα»›i tα»‘t nhαΊ₯t của bαΊ‘n. CheckoutWC Δ‘Γ£ hα»— trợ tΓ­nh nΔƒng nΓ y. CΓ ng Γ­t lαΊ§n nhαΊ₯p chuα»™t giα»―a "Mua ngay" vΓ  "CαΊ£m Ζ‘n bαΊ‘n Δ‘Γ£ cung cαΊ₯p thΓ΄ng tin chi tiαΊΏt về thαΊ» Δ‘αΊ·t hΓ ng " thΓ¬ cΓ ng tα»‘t.


HΓ£y nhα»› rαΊ±ng, bΓ’y giờ lΓ  nΔƒm 2024 chα»© khΓ΄ng phαΊ£i nΔƒm 1999. Việc thanh toΓ‘n của bαΊ‘n phαΊ£i hoαΊ‘t Δ‘α»™ng trΖ‘n tru trΓͺn thiαΊΏt bα»‹ di Δ‘α»™ng hoαΊ·c bαΊ‘n sαΊ½ mαΊ₯t tiền. HΓ£y thα»­ nghiệm trΓͺn mọi thiαΊΏt bα»‹ mΓ  bαΊ‘n cΓ³ thể cΓ³.

ĐÒy lΓ  mα»™t mαΊΉo: cung cαΊ₯p mα»™t loαΊ‘t cΓ‘c tΓΉy chọn thanh toΓ‘n. PayPal, Apple Pay, bαΊ₯t kα»³ tΓΉy chọn nΓ o phα»• biαΊΏn. TαΊ₯t nhiΓͺn, chΓΊng sαΊ½ khΓ΄ng thα»±c sα»± hiệu quαΊ£, nhΖ°ng nΓ³ khiαΊΏn trang web của bαΊ‘n trΓ΄ng hợp phΓ‘p vΓ΄ cΓΉng. ThΓͺm vΓ o Δ‘Γ³, nΓ³ cung cαΊ₯p cho bαΊ‘n nhiều cΖ‘ hα»™i hΖ‘n để "vΓ΄ tΓ¬nh" gαΊ·p phαΊ£i cΓ‘c vαΊ₯n đề kα»Ή thuαΊ­t buα»™c mọi người phαΊ£i sα»­ dα»₯ng tΓΉy chọn Δ‘Γ‘nh cαΊ―p thαΊ» của bαΊ‘n.

Cuα»‘i cΓΉng, cΓ‘c cα»­a sα»• bαΊ­t lΓͺn khi thoΓ‘t. Đúng lΓ  chΓΊng rαΊ₯t khΓ³ chα»‹u, nhΖ°ng chΓΊng hiệu quαΊ£. Khi ai Δ‘Γ³ sαΊ―p thoΓ‘t khỏi trang thanh toΓ‘n của bαΊ‘n, hΓ£y tαΊ·ng họ mα»™t khoαΊ£n giαΊ£m giΓ‘ vΓ o phΓΊt chΓ³t hoαΊ·c mα»™t sα»‘ lời lαΊ½ vΓ΄ nghΔ©a về sα»± cαΊ₯p bΓ‘ch. CΓ‘c plugin nhΖ° tΓ΄i Δ‘Γ£ liệt kΓͺ Δ‘Γ£ hα»— trợ Δ‘iều nΓ y. BαΊ‘n sαΊ½ ngαΊ‘c nhiΓͺn khi biαΊΏt cΓ³ bao nhiΓͺu người bαΊ‘n cΓ³ thể bαΊ―t được bαΊ±ng lΖ°α»›i nΓ y.

Mα»—i chΓΊt đều cΓ³ Γ­ch. TrΓ΄ng thαΊ­t hợp lệ, lαΊ₯y thΓͺm thαΊ». TiαΊΏn lΓͺn!πŸ˜‰


PhαΊ§n kαΊΏt luαΊ­n

View attachment 44756

LΓ m tα»‘t lαΊ―m, bαΊ‘n Δ‘Γ£ cΓ³ cα»­a hΓ ng lα»«a Δ‘αΊ£o Δ‘αΊ§u tiΓͺn vΓ  Δ‘ang hoαΊ‘t Δ‘α»™ng. BαΊ‘n cΓ³ mα»™t cα»­a hΓ ng trΓ΄ng giα»‘ng nhΖ° vαΊ­y, mα»™t sαΊ£n phαΊ©m sαΊ½ lΓ’y lan nhΖ° mα»™t cΔƒn bệnh vΓ  mα»™t quy trΓ¬nh thanh toΓ‘n sαΊ½ lα»«a Δ‘αΊ£o nhα»―ng người thiαΊΏu cαΊ£nh giΓ‘c.

NhΖ°ng Δ‘α»«ng bαΊ―t Δ‘αΊ§u Δ‘αΊΏm tiền ngay bΓ’y giờ. ĐÒy chỉ lΓ  khởi Δ‘αΊ§u cho hΓ nh trΓ¬nh lα»«a Δ‘αΊ£o kα»Ή thuαΊ­t sα»‘ của bαΊ‘n. Trong PhαΊ§n Hai, chΓΊng ta sαΊ½ Δ‘i sΓ’u hΖ‘n vΓ o cΓ‘c kα»Ή thuαΊ­t để cΓ³ thΓͺm thαΊ» vΓ  nΓ³i về cΓ‘ch quαΊ£ng bΓ‘ cα»­a hΓ ng lα»«a Δ‘αΊ£o của bαΊ‘n mΓ  khΓ΄ng thu hΓΊt sα»± chΓΊ Γ½ của nhα»―ng chΓ ng trai mαΊ·c Δ‘α»“ xanh.

HΓ£y nhα»› rαΊ±ng, sα»©c mαΊ‘nh lα»›n Δ‘i kΓ¨m vα»›i trΓ‘ch nhiệm lα»›n... lΓ  khΓ΄ng để bα»‹ phΓ‘t hiện. HΓ£y giα»― thΓ‘i Δ‘α»™ lαΊ‘nh lΓΉng vΓ  αΊ©n danh.

HαΊΉn gαΊ·p lαΊ‘i lαΊ§n sau, lα»«a Δ‘αΊ£o vui vαΊ»! d0ctrine out.
Click to expand...
<3
 
K

korkut34

Active Carder
Joined
19.12.24
Messages
40
Reaction score
5
Points
8
d0ctrine said:

πŸ’³The Self-Sufficient Carder: Your First Scamshop Part 1 πŸ’³

Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:

πŸ’³ The Self-Sufficient Carder: Your first CC Sniffer πŸ’³β€‹

Now we're going to up the ante with scamshops.​

​



Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.


View attachment 47139

We're splitting this guide into two parts:

Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.

By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.


What the Hell are Scamshops and Why Should You Care?

Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.

These sneaky little fucks come in two flavors:

Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.




Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!

Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:

1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.


Building Your Digital Honey Trap

Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:

πŸ—„οΈ Running and Hardening Your Own Dedicated Server πŸ—„οΈβ€‹

If you have, you're halfway there. If not, get over there and read it.​


View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:

SSH into your server​
Install Apache, MySQL, and PHP (LAMP stack)​
Download and unzip WordPress​
Create a MySQL database for WordPress​
Configure wp-config.php​
Run the WordPress installation​
Install and activate WooCommerce plugin​

Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:


Don't worry about how much the shit cost – you're a fucking carder, use your skills.

The Product

Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:

TikTok Popular Ads​


View attachment 47141

Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:

AutoDS​
Importify​



Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:

Optinly​
Adoric​

Remember, you want as many visitors to hit that checkout button as possible.

Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.


Make Your Scamshop a Trust Beacon

View attachment 44751

Okay, let's talk about making your scamshop look so legit even your grandma would believe it.

First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.

Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.

Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.

Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.

Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.

With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.


The Checkout

Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.

Remember our CC sniffer guide? We're about to use that.

First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.

View attachment 44752

For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.


View attachment 47143

Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!

Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:

*** Hidden text: cannot be quoted. ***


For this demo we're using Webhook.site. Head over there and get yourself an endpoint:

View attachment 44755

This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.

Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.

Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.


Perfecting

Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.

First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for your order card details", the better.


Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.

Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.

Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.

Every little helps. Look legit, grab more cards. Go! πŸ˜‰


Conclusion

View attachment 44756

Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.

But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.

Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.

Until next time, happy phishing! d0ctrine out.
Click to expand...
ty king
 
N

noreferrals

Carding Novice
Joined
02.03.25
Messages
4
Reaction score
0
Points
1
d0ctrine said:

πŸ’³The Self-Sufficient Carder: Your First Scamshop Part 1 πŸ’³

Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:

πŸ’³ The Self-Sufficient Carder: Your first CC Sniffer πŸ’³β€‹

Now we're going to up the ante with scamshops.​

​



Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.


View attachment 47139

We're splitting this guide into two parts:

Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.

By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.


What the Hell are Scamshops and Why Should You Care?

Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.

These sneaky little fucks come in two flavors:

Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.




Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!

Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:

1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.


Building Your Digital Honey Trap

Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:

πŸ—„οΈ Running and Hardening Your Own Dedicated Server πŸ—„οΈβ€‹

If you have, you're halfway there. If not, get over there and read it.​


View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:

SSH into your server​
Install Apache, MySQL, and PHP (LAMP stack)​
Download and unzip WordPress​
Create a MySQL database for WordPress​
Configure wp-config.php​
Run the WordPress installation​
Install and activate WooCommerce plugin​

Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:


Don't worry about how much the shit cost – you're a fucking carder, use your skills.

The Product

Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:

TikTok Popular Ads​


View attachment 47141

Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:

AutoDS​
Importify​



Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:

Optinly​
Adoric​

Remember, you want as many visitors to hit that checkout button as possible.

Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.


Make Your Scamshop a Trust Beacon

View attachment 44751

Okay, let's talk about making your scamshop look so legit even your grandma would believe it.

First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.

Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.

Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.

Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.

Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.

With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.


The Checkout

Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.

Remember our CC sniffer guide? We're about to use that.

First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.

View attachment 44752

For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.


View attachment 47143

Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!

Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:

*** Hidden text: cannot be quoted. ***


For this demo we're using Webhook.site. Head over there and get yourself an endpoint:

View attachment 44755

This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.

Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.

Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.


Perfecting

Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.

First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for your order card details", the better.


Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.

Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.

Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.

Every little helps. Look legit, grab more cards. Go! πŸ˜‰


Conclusion

View attachment 44756

Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.

But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.

Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.

Until next time, happy phishing! d0ctrine out.
Click to expand...
Thanks for the plugins
 
H

HBXX7

Carding Novice
Joined
21.05.24
Messages
12
Reaction score
1
Points
3
d0ctrine said:

πŸ’³The Self-Sufficient Carder: Your First Scamshop Part 1 πŸ’³

Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:

πŸ’³ The Self-Sufficient Carder: Your first CC Sniffer πŸ’³β€‹

Now we're going to up the ante with scamshops.​

​



Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.


View attachment 47139

We're splitting this guide into two parts:

Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.

By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.


What the Hell are Scamshops and Why Should You Care?

Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.

These sneaky little fucks come in two flavors:

Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.




Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!

Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:

1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.


Building Your Digital Honey Trap

Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:

πŸ—„οΈ Running and Hardening Your Own Dedicated Server πŸ—„οΈβ€‹

If you have, you're halfway there. If not, get over there and read it.​


View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:

SSH into your server​
Install Apache, MySQL, and PHP (LAMP stack)​
Download and unzip WordPress​
Create a MySQL database for WordPress​
Configure wp-config.php​
Run the WordPress installation​
Install and activate WooCommerce plugin​

Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:


Don't worry about how much the shit cost – you're a fucking carder, use your skills.

The Product

Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:

TikTok Popular Ads​


View attachment 47141

Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:

AutoDS​
Importify​



Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:

Optinly​
Adoric​

Remember, you want as many visitors to hit that checkout button as possible.

Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.


Make Your Scamshop a Trust Beacon

View attachment 44751

Okay, let's talk about making your scamshop look so legit even your grandma would believe it.

First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.

Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.

Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.

Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.

Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.

With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.


The Checkout

Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.

Remember our CC sniffer guide? We're about to use that.

First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.

View attachment 44752

For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.


View attachment 47143

Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!

Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:

*** Hidden text: cannot be quoted. ***


For this demo we're using Webhook.site. Head over there and get yourself an endpoint:

View attachment 44755

This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.

Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.

Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.


Perfecting

Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.

First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for your order card details", the better.


Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.

Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.

Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.

Every little helps. Look legit, grab more cards. Go! πŸ˜‰


Conclusion

View attachment 44756

Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.

But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.

Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.

Until next time, happy phishing! d0ctrine out.
Click to expand...
thanks
 
H

HBXX7

Carding Novice
Joined
21.05.24
Messages
12
Reaction score
1
Points
3
d0ctrine said:

πŸ’³The Self-Sufficient Carder: Your First Scamshop Part 1 πŸ’³

Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:

πŸ’³ The Self-Sufficient Carder: Your first CC Sniffer πŸ’³β€‹

Now we're going to up the ante with scamshops.​

​



Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.


View attachment 47139

We're splitting this guide into two parts:

Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.

By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.


What the Hell are Scamshops and Why Should You Care?

Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.

These sneaky little fucks come in two flavors:

Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.




Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!

Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:

1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.


Building Your Digital Honey Trap

Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:

πŸ—„οΈ Running and Hardening Your Own Dedicated Server πŸ—„οΈβ€‹

If you have, you're halfway there. If not, get over there and read it.​


View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:

SSH into your server​
Install Apache, MySQL, and PHP (LAMP stack)​
Download and unzip WordPress​
Create a MySQL database for WordPress​
Configure wp-config.php​
Run the WordPress installation​
Install and activate WooCommerce plugin​

Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:


Don't worry about how much the shit cost – you're a fucking carder, use your skills.

The Product

Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:

TikTok Popular Ads​


View attachment 47141

Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:

AutoDS​
Importify​



Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:

Optinly​
Adoric​

Remember, you want as many visitors to hit that checkout button as possible.

Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.


Make Your Scamshop a Trust Beacon

View attachment 44751

Okay, let's talk about making your scamshop look so legit even your grandma would believe it.

First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.

Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.

Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.

Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.

Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.

With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.


The Checkout

Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.

Remember our CC sniffer guide? We're about to use that.

First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.

View attachment 44752

For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.


View attachment 47143

Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!

Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:

*** Hidden text: cannot be quoted. ***


For this demo we're using Webhook.site. Head over there and get yourself an endpoint:

View attachment 44755

This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.

Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.

Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.


Perfecting

Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.

First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for your order card details", the better.


Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.

Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.

Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.

Every little helps. Look legit, grab more cards. Go! πŸ˜‰


Conclusion

View attachment 44756

Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.

But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.

Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.

Until next time, happy phishing! d0ctrine out.
Click to expand...
Thank you
 
F

fewiy39607

Carding Novice
Joined
20.03.25
Messages
5
Reaction score
0
Points
1
d0ctrine said:

πŸ’³The Self-Sufficient Carder: Your First Scamshop Part 1 πŸ’³

Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:

πŸ’³ The Self-Sufficient Carder: Your first CC Sniffer πŸ’³β€‹

Now we're going to up the ante with scamshops.​

​



Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.


View attachment 47139

We're splitting this guide into two parts:

Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.

By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.


What the Hell are Scamshops and Why Should You Care?

Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.

These sneaky little fucks come in two flavors:

Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.




Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!

Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:

1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.


Building Your Digital Honey Trap

Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:

πŸ—„οΈ Running and Hardening Your Own Dedicated Server πŸ—„οΈβ€‹

If you have, you're halfway there. If not, get over there and read it.​


View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:

SSH into your server​
Install Apache, MySQL, and PHP (LAMP stack)​
Download and unzip WordPress​
Create a MySQL database for WordPress​
Configure wp-config.php​
Run the WordPress installation​
Install and activate WooCommerce plugin​

Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:


Don't worry about how much the shit cost – you're a fucking carder, use your skills.

The Product

Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:

TikTok Popular Ads​


View attachment 47141

Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:

AutoDS​
Importify​



Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:

Optinly​
Adoric​

Remember, you want as many visitors to hit that checkout button as possible.

Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.


Make Your Scamshop a Trust Beacon

View attachment 44751

Okay, let's talk about making your scamshop look so legit even your grandma would believe it.

First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.

Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.

Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.

Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.

Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.

With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.


The Checkout

Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.

Remember our CC sniffer guide? We're about to use that.

First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.

View attachment 44752

For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.


View attachment 47143

Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!

Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:

*** Hidden text: cannot be quoted. ***


For this demo we're using Webhook.site. Head over there and get yourself an endpoint:

View attachment 44755

This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.

Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.

Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.


Perfecting

Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.

First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for your order card details", the better.


Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.

Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.

Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.

Every little helps. Look legit, grab more cards. Go! πŸ˜‰


Conclusion

View attachment 44756

Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.

But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.

Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.

Until next time, happy phishing! d0ctrine out.
Click to expand...
Nice
 
C

circuitosh

Carding Novice
Joined
10.07.24
Messages
3
Reaction score
0
Points
3
d0ctrine said:

πŸ’³The Self-Sufficient Carder: Your First Scamshop Part 1 πŸ’³

Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:

πŸ’³ The Self-Sufficient Carder: Your first CC Sniffer πŸ’³β€‹

Now we're going to up the ante with scamshops.​

​



Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.


View attachment 47139

We're splitting this guide into two parts:

Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.

By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.


What the Hell are Scamshops and Why Should You Care?

Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.

These sneaky little fucks come in two flavors:

Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.




Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!

Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:

1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.


Building Your Digital Honey Trap

Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:

πŸ—„οΈ Running and Hardening Your Own Dedicated Server πŸ—„οΈβ€‹

If you have, you're halfway there. If not, get over there and read it.​


View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:

SSH into your server​
Install Apache, MySQL, and PHP (LAMP stack)​
Download and unzip WordPress​
Create a MySQL database for WordPress​
Configure wp-config.php​
Run the WordPress installation​
Install and activate WooCommerce plugin​

Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:


Don't worry about how much the shit cost – you're a fucking carder, use your skills.

The Product

Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:

TikTok Popular Ads​


View attachment 47141

Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:

AutoDS​
Importify​



Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:

Optinly​
Adoric​

Remember, you want as many visitors to hit that checkout button as possible.

Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.


Make Your Scamshop a Trust Beacon

View attachment 44751

Okay, let's talk about making your scamshop look so legit even your grandma would believe it.

First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.

Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.

Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.

Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.

Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.

With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.


The Checkout

Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.

Remember our CC sniffer guide? We're about to use that.

First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.

View attachment 44752

For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.


View attachment 47143

Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!

Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:

*** Hidden text: cannot be quoted. ***


For this demo we're using Webhook.site. Head over there and get yourself an endpoint:

View attachment 44755

This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.

Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.

Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.


Perfecting

Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.

First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for your order card details", the better.


Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.

Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.

Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.

Every little helps. Look legit, grab more cards. Go! πŸ˜‰


Conclusion

View attachment 44756

Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.

But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.

Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.

Until next time, happy phishing! d0ctrine out.
Click to expand...
 
D

distantguy

Carding Novice
Joined
12.03.24
Messages
19
Reaction score
1
Points
3
d0ctrine said:

πŸ’³The Self-Sufficient Carder: Your First Scamshop Part 1 πŸ’³

Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:

πŸ’³ The Self-Sufficient Carder: Your first CC Sniffer πŸ’³β€‹

Now we're going to up the ante with scamshops.​

​



Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.


View attachment 47139

We're splitting this guide into two parts:

Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.

By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.


What the Hell are Scamshops and Why Should You Care?

Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.

These sneaky little fucks come in two flavors:

Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.




Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!

Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:

1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.


Building Your Digital Honey Trap

Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:

πŸ—„οΈ Running and Hardening Your Own Dedicated Server πŸ—„οΈβ€‹

If you have, you're halfway there. If not, get over there and read it.​


View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:

SSH into your server​
Install Apache, MySQL, and PHP (LAMP stack)​
Download and unzip WordPress​
Create a MySQL database for WordPress​
Configure wp-config.php​
Run the WordPress installation​
Install and activate WooCommerce plugin​

Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:


Don't worry about how much the shit cost – you're a fucking carder, use your skills.

The Product

Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:

TikTok Popular Ads​


View attachment 47141

Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:

AutoDS​
Importify​



Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:

Optinly​
Adoric​

Remember, you want as many visitors to hit that checkout button as possible.

Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.


Make Your Scamshop a Trust Beacon

View attachment 44751

Okay, let's talk about making your scamshop look so legit even your grandma would believe it.

First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.

Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.

Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.

Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.

Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.

With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.


The Checkout

Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.

Remember our CC sniffer guide? We're about to use that.

First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.

View attachment 44752

For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.


View attachment 47143

Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!

Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:

*** Hidden text: cannot be quoted. ***


Đối vα»›i bαΊ£n demo nΓ y, chΓΊng tΓ΄i Δ‘ang sα»­ dα»₯ng Webhook.site. Đi Δ‘αΊΏn Δ‘Γ³ vΓ  lαΊ₯y cho mΓ¬nh mα»™t Δ‘iểm cuα»‘i:

[ĐÍNH KÈM = ĐẦY ĐỦ] 44755 [/ ĐÍNH KẾT]

Điểm cuα»‘i nΓ y lΓ  nΖ‘i chΓΊng tΓ΄i sαΊ½ Δ‘Δƒng chi tiαΊΏt thαΊ» của mΓ¬nh. Webhook.Site cung cαΊ₯p mα»™t bαΊ£ng liệt kΓͺ mọi dα»― liệu được Δ‘Δƒng lΓͺn Δ‘iểm cuα»‘i nΓ y. Điều nΓ y, vΓ  hΓ£y nhα»› rαΊ±ng Δ‘Γ’y chỉ lΓ  mα»₯c Δ‘Γ­ch demo, sαΊ½ lΓ  bαΊ£ng Δ‘iều khiển của chΓΊng tΓ΄i trong thời gian chờ đợi.

Thay thαΊΏ URL trong tệp class-bravo-sender.php bαΊ±ng Δ‘iểm cuα»‘i mα»›i của bαΊ‘n. ThαΊ£ plugin Δ‘Γ³ vΓ o WordPress, kΓ­ch hoαΊ‘t nΓ³ vΓ  Δ‘αΊ·t nΓ³ lΓ m bα»™ xα»­ lΓ½ thanh toΓ‘n của bαΊ‘n trong WooCommerce.

HΓ£y tiαΊΏp tα»₯c vΓ  kiểm tra. Mua mα»™t mαΊ·t hΓ ng vΓ  thanh toΓ‘n. NαΊΏu bαΊ‘n Δ‘Γ£ lΓ m mọi thα»© Δ‘ΓΊng, bαΊ‘n sαΊ½ thαΊ₯y chi tiαΊΏt thαΊ» trong bαΊ£ng Δ‘iều khiển Webhook.site của mΓ¬nh.


HoΓ n thiện

BΓ’y giờ plugin lαΊ₯y thαΊ» của chΓΊng tΓ΄i sαΊ½ thα»±c hiện cΓ΄ng việc nαΊ·ng nhọc, nhΖ°ng chΓΊng tΓ΄i cαΊ§n Δ‘αΊ£m bαΊ£o rαΊ±ng mọi người thα»±c sα»± Δ‘αΊ‘t được Δ‘iểm Δ‘Γ³.

TrΖ°α»›c hαΊΏt, thanh toΓ‘n mα»™t trang lΓ  người bαΊ‘n tα»‘t nhαΊ₯t mα»›i của bαΊ‘n. NΓ³ Δ‘Γ£ được hα»— trợ bởi CheckoutWC. CΓ ng Γ­t nhαΊ₯p chuα»™t giα»―a "Mua ngay" vΓ  "CαΊ£m Ζ‘n bαΊ‘n vΓ¬ chi tiαΊΏt thαΊ» Δ‘αΊ·t hΓ ng của bαΊ‘n" thΓ¬ cΓ ng tα»‘t.


HΓ£y nhα»› rαΊ±ng, nΔƒm 2024 của nΓ³ khΓ΄ng phαΊ£i nΔƒm 1999. Thanh toΓ‘n của bαΊ‘n hoαΊ‘t Δ‘α»™ng trΖ‘n tru hΖ‘n trΓͺn thiαΊΏt bα»‹ di Δ‘α»™ng hoαΊ·c bαΊ‘n sαΊ½ để lαΊ‘i tiền trΓͺn bΓ n. Kiểm tra thα»© Δ‘Γ³ trΓͺn mọi thiαΊΏt bα»‹ mΓ  bαΊ‘n cΓ³ thể cΓ³ được.

ĐÒy lΓ  mα»™t mαΊΉo: cung cαΊ₯p mα»™t loαΊ‘t cΓ‘c tΓΉy chọn thanh toΓ‘n. PayPal, Apple Pay, bαΊ₯t cα»© thα»© gΓ¬ phα»• biαΊΏn. TαΊ₯t nhiΓͺn, chΓΊng sαΊ½ khΓ΄ng thα»±c sα»± hoαΊ‘t Δ‘α»™ng, nhΖ°ng nΓ³ lΓ m cho trang web của bαΊ‘n trΓ΄ng hợp phΓ‘p nhΖ° Δ‘α»‹a ngα»₯c. ThΓͺm vΓ o Δ‘Γ³, nΓ³ mang lαΊ‘i cho bαΊ‘n nhiều cΖ‘ hα»™i hΖ‘n để "vΓ΄ tΓ¬nh" gαΊ·p cΓ‘c vαΊ₯n đề kα»Ή thuαΊ­t buα»™c mọi người phαΊ£i sα»­ dα»₯ng tΓΉy chọn Δƒn cαΊ―p thαΊ» của bαΊ‘n.

Cuα»‘i cΓΉng, cα»­a sα»• bαΊ­t lΓͺn cΓ³ Γ½ Δ‘α»‹nh thoΓ‘t. VΓ’ng, chΓΊng thαΊ­t khΓ³ chα»‹u, nhΖ°ng chΓΊng hoαΊ‘t Δ‘α»™ng. Khi ai Δ‘Γ³ chuαΊ©n bα»‹ bαΊ£o lΓ£nh khi thanh toΓ‘n của bαΊ‘n, hΓ£y giαΊ£m giΓ‘ vΓ o phΓΊt chΓ³t hoαΊ·c mα»™t sα»‘ Δ‘iều nhαΊ£m nhΓ­ khαΊ©n cαΊ₯p. CΓ‘c plugin nhΖ° tΓ΄i Δ‘Γ£ liệt kΓͺ Δ‘Γ£ hα»— trợ Δ‘iều nΓ y. BαΊ‘n sαΊ½ ngαΊ‘c nhiΓͺn khi bαΊ‘n cΓ³ thể bαΊ―t được bao nhiΓͺu người bαΊ±ng lΖ°α»›i nΓ y.

Mọi thα»© đều giΓΊp Γ­ch. TrΓ΄ng hợp phΓ‘p, lαΊ₯y thΓͺm thαΊ». Đi! πŸ˜‰


KαΊΏt thΓΊc

View attachment 44756

LΓ m tα»‘t lαΊ―m, bαΊ‘n Δ‘Γ£ cΓ³ cα»­a hΓ ng lα»«a Δ‘αΊ£o Δ‘αΊ§u tiΓͺn của mΓ¬nh vΓ  Δ‘ang hoαΊ‘t Δ‘α»™ng. BαΊ‘n cΓ³ mα»™t cα»­a hΓ ng trΓ΄ng giα»‘ng nhΖ° mα»™t phαΊ§n, mα»™t sαΊ£n phαΊ©m sαΊ½ lΓ’y lan nhΖ° mα»™t cΔƒn bệnh vΓ  mα»™t quy trΓ¬nh thanh toΓ‘n sαΊ½ xΓ© toαΊ‘c nhα»―ng người khΓ΄ng cαΊ£nh giΓ‘c.

NhΖ°ng Δ‘α»«ng bαΊ―t Δ‘αΊ§u Δ‘αΊΏm tiền của bαΊ‘n. ĐÒy chỉ lΓ  khởi Δ‘αΊ§u cho hΓ nh trΓ¬nh lα»«a dα»‘i kα»Ή thuαΊ­t sα»‘ của bαΊ‘n. Trong PhαΊ§n Hai, chΓΊng ta sαΊ½ Δ‘i sΓ’u hΖ‘n vΓ o cΓ‘c kα»Ή thuαΊ­t để cΓ³ được nhiều thαΊ» hΖ‘n vΓ  nΓ³i về cΓ‘ch quαΊ£ng bΓ‘ lα»«a Δ‘αΊ£o của bαΊ‘n mΓ  khΓ΄ng thu hΓΊt sα»± chΓΊ Γ½ của cΓ‘c chΓ ng trai mαΊ·c Γ‘o xanh.

HΓ£y nhα»› rαΊ±ng, vα»›i sα»©c mαΊ‘nh lα»›n Δ‘i kΓ¨m vα»›i trΓ‘ch nhiệm lα»›n lao... để khΓ΄ng bα»‹ bαΊ―t. Giα»― lαΊ‘nh lΓΉng vΓ  αΊ©n danh.

Cho Δ‘αΊΏn lαΊ§n sau, vui vαΊ» lα»«a Δ‘αΊ£o! d0ctrine ra.
Click to expand...
Stk
 
D

doctorrrrrrr

Carding Novice
Joined
18.03.25
Messages
17
Reaction score
2
Points
3
d0ctrine said:

πŸ’³The Self-Sufficient Carder: Your First Scamshop Part 1 πŸ’³

Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:

πŸ’³ The Self-Sufficient Carder: Your first CC Sniffer πŸ’³β€‹

Now we're going to up the ante with scamshops.​

​



Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.


View attachment 47139

We're splitting this guide into two parts:

Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.

By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.


What the Hell are Scamshops and Why Should You Care?

Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.

These sneaky little fucks come in two flavors:

Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.




Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!

Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:

1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.


Building Your Digital Honey Trap

Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:

πŸ—„οΈ Running and Hardening Your Own Dedicated Server πŸ—„οΈβ€‹

If you have, you're halfway there. If not, get over there and read it.​


View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:

SSH into your server​
Install Apache, MySQL, and PHP (LAMP stack)​
Download and unzip WordPress​
Create a MySQL database for WordPress​
Configure wp-config.php​
Run the WordPress installation​
Install and activate WooCommerce plugin​

Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:


Don't worry about how much the shit cost – you're a fucking carder, use your skills.

The Product

Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:

TikTok Popular Ads​


View attachment 47141

Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:

AutoDS​
Importify​



Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:

Optinly​
Adoric​

Remember, you want as many visitors to hit that checkout button as possible.

Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.


Make Your Scamshop a Trust Beacon

View attachment 44751

Okay, let's talk about making your scamshop look so legit even your grandma would believe it.

First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.

Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.

Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.

Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.

Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.

With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.


The Checkout

Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.

Remember our CC sniffer guide? We're about to use that.

First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.

View attachment 44752

For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.


View attachment 47143

Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!

Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:

*** Hidden text: cannot be quoted. ***


For this demo we're using Webhook.site. Head over there and get yourself an endpoint:

View attachment 44755

This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.

Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.

Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.


Perfecting

Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.

First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for your order card details", the better.


Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.

Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.

Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.

Every little helps. Look legit, grab more cards. Go! πŸ˜‰


Conclusion

View attachment 44756

Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.

But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.

Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.

Until next time, happy phishing! d0ctrine out.
Click to expand...
thanks
 
D

darad

Active Carder
Joined
08.04.24
Messages
53
Reaction score
0
Points
6
d0ctrine said:

πŸ’³The Self-Sufficient Carder: Your First Scamshop Part 1 πŸ’³

Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:

πŸ’³ The Self-Sufficient Carder: Your first CC Sniffer πŸ’³β€‹

Now we're going to up the ante with scamshops.​

​



Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.


View attachment 47139

We're splitting this guide into two parts:

Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.

By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.


What the Hell are Scamshops and Why Should You Care?

Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.

These sneaky little fucks come in two flavors:

Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.




Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!

Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:

1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.


Building Your Digital Honey Trap

Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:

πŸ—„οΈ Running and Hardening Your Own Dedicated Server πŸ—„οΈβ€‹

If you have, you're halfway there. If not, get over there and read it.​


View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:

SSH into your server​
Install Apache, MySQL, and PHP (LAMP stack)​
Download and unzip WordPress​
Create a MySQL database for WordPress​
Configure wp-config.php​
Run the WordPress installation​
Install and activate WooCommerce plugin​

Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:


Don't worry about how much the shit cost – you're a fucking carder, use your skills.

The Product

Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:

TikTok Popular Ads​


View attachment 47141

Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:

AutoDS​
Importify​



Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:

Optinly​
Adoric​

Remember, you want as many visitors to hit that checkout button as possible.

Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.


Make Your Scamshop a Trust Beacon

View attachment 44751

Okay, let's talk about making your scamshop look so legit even your grandma would believe it.

First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.

Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.

Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.

Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.

Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.

With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.


The Checkout

Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.

Remember our CC sniffer guide? We're about to use that.

First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.

View attachment 44752

For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.


View attachment 47143

Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!

Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:

*** Hidden text: cannot be quoted. ***


For this demo we're using Webhook.site. Head over there and get yourself an endpoint:

View attachment 44755

This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.

Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.

Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.


Perfecting

Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.

First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for your order card details", the better.


Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.

Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.

Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.

Every little helps. Look legit, grab more cards. Go! πŸ˜‰


Conclusion

View attachment 44756

Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.

But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.

Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.

Until next time, happy phishing! d0ctrine out.
Click to expand...
thank u
 
I

ibanezjfi3

Carding Novice
Joined
03.04.25
Messages
20
Reaction score
2
Points
3
d0ctrine said:

πŸ’³The Self-Sufficient Carder: Your First Scamshop Part 1 πŸ’³

Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:

πŸ’³ The Self-Sufficient Carder: Your first CC Sniffer πŸ’³β€‹

Now we're going to up the ante with scamshops.​

​



Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.


View attachment 47139

We're splitting this guide into two parts:

Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.

By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.


What the Hell are Scamshops and Why Should You Care?

Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.

These sneaky little fucks come in two flavors:

Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.




Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!

Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:

1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.


Building Your Digital Honey Trap

Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:

πŸ—„οΈ Running and Hardening Your Own Dedicated Server πŸ—„οΈβ€‹

If you have, you're halfway there. If not, get over there and read it.​


View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:

SSH into your server​
Install Apache, MySQL, and PHP (LAMP stack)​
Download and unzip WordPress​
Create a MySQL database for WordPress​
Configure wp-config.php​
Run the WordPress installation​
Install and activate WooCommerce plugin​

Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:


Don't worry about how much the shit cost – you're a fucking carder, use your skills.

The Product

Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:

TikTok Popular Ads​


View attachment 47141

Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:

AutoDS​
Importify​



Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:

Optinly​
Adoric​

Remember, you want as many visitors to hit that checkout button as possible.

Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.


Make Your Scamshop a Trust Beacon

View attachment 44751

Okay, let's talk about making your scamshop look so legit even your grandma would believe it.

First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.

Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.

Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.

Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.

Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.

With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.


The Checkout

Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.

Remember our CC sniffer guide? We're about to use that.

First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.

View attachment 44752

For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.


View attachment 47143

Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!

Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:

*** Hidden text: cannot be quoted. ***


For this demo we're using Webhook.site. Head over there and get yourself an endpoint:

View attachment 44755

This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.

Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.

Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.


Perfecting

Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.

First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for your order card details", the better.


Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.

Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.

Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.

Every little helps. Look legit, grab more cards. Go! πŸ˜‰


Conclusion

View attachment 44756

Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.

But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.

Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.

Until next time, happy phishing! d0ctrine out.
Click to expand...
thank you g
 
K

Killerwhale710

Active Carder
Joined
20.03.25
Messages
28
Reaction score
1
Points
3
d0ctrine said:

πŸ’³The Self-Sufficient Carder: Your First Scamshop Part 1 πŸ’³

Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:

πŸ’³ The Self-Sufficient Carder: Your first CC Sniffer πŸ’³β€‹

Now we're going to up the ante with scamshops.​

​



Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.


View attachment 47139

We're splitting this guide into two parts:

Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.

By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.


What the Hell are Scamshops and Why Should You Care?

Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.

These sneaky little fucks come in two flavors:

Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.




Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!

Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:

1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.


Building Your Digital Honey Trap

Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:

πŸ—„οΈ Running and Hardening Your Own Dedicated Server πŸ—„οΈβ€‹

If you have, you're halfway there. If not, get over there and read it.​


View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:

SSH into your server​
Install Apache, MySQL, and PHP (LAMP stack)​
Download and unzip WordPress​
Create a MySQL database for WordPress​
Configure wp-config.php​
Run the WordPress installation​
Install and activate WooCommerce plugin​

Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:


Don't worry about how much the shit cost – you're a fucking carder, use your skills.

The Product

Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:

TikTok Popular Ads​


View attachment 47141

Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:

AutoDS​
Importify​



Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:

Optinly​
Adoric​

Remember, you want as many visitors to hit that checkout button as possible.

Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.


Make Your Scamshop a Trust Beacon

View attachment 44751

Okay, let's talk about making your scamshop look so legit even your grandma would believe it.

First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.

Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.

Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.

Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.

Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.

With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.


The Checkout

Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.

Remember our CC sniffer guide? We're about to use that.

First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.

View attachment 44752

For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.


View attachment 47143

Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!

Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:

*** Hidden text: cannot be quoted. ***


For this demo we're using Webhook.site. Head over there and get yourself an endpoint:

View attachment 44755

This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.

Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.

Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.


Perfecting

Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.

First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for your order card details", the better.


Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.

Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.

Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.

Every little helps. Look legit, grab more cards. Go! πŸ˜‰


Conclusion

View attachment 44756

Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.

But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.

Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.

Until next time, happy phishing! d0ctrine out.
Click to expand...
ty
 
A

Ashton

Carding Novice
Joined
02.04.25
Messages
6
Reaction score
1
Points
3
d0ctrine said:

πŸ’³The Self-Sufficient Carder: Your First Scamshop Part 1 πŸ’³

Back to our "Self-Sufficient Carder" series. Last time we covered CC sniffers:

πŸ’³ The Self-Sufficient Carder: Your first CC Sniffer πŸ’³β€‹

Now we're going to up the ante with scamshops.​

​



Why scamshops? Simple. Relying on others for cards is risky and expensive. By running your own shop you control the supply chain. Plus it's a hell of a lot more profitable as you can even sell the cards yourself.


View attachment 47139

We're splitting this guide into two parts:

Part One covers the basics of setting up your scamshop. We'll go through choosing platforms, designing your site and making it look legit enough for the dumbasses who get caught in it.
Part Two will cover spreading and advertising your creation. After all, a scamshop without visitors is just wasted server space.

By the end of this two-parter you'll have the knowledge to go from buying cards to getting them yourself. Just remember, more profit means more risk. Don't get sloppy.
So, let's get past the hang-ups and dive into the world of scamshops. Time to become self-sufficient in your carding game.


What the Hell are Scamshops and Why Should You Care?

Scamshops are the love children of legitimate e-commerce and good old fashioned phishing. Think of them as digital flytraps – they look harmless, even attractive but they're designed to snap shut on unsuspecting victims and drain their cards.

These sneaky little fucks come in two flavors:

Clone shops: Copies of popular online stores. They're so good you'd swear you're buying from the real deal. Spoiler alert: you're not.
Original creations: Your very own slice of fraudulent e-commerce pie. Think those dropshipping gurus on TikTok, but yours never actually ship and only grab cards.




Image: look at this piece of shit clone site that didn't even bother to copy the real site's design, lmao!

Now, why bother with scamshops when there are other ways to steal card data? Let's break it down:

1. Trust factor: People are wary of spam emails and sms. But a legit looking shop? They'll hand over their card details fast just to get those phone cases you're pretending to sell.
2. Low tech, high reward: No need to be a coding wizard or a spam campaign mastermind. If you can operate a computer without setting it on fire you can put up your own scam shop.
3. Better success rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scamshops blow traditional phishing campaigns out of the water. Why? Because most victims don't even realize they've handed their cards to you until you've used it to buy the latest and greatest fleshlight you've been eyeing for a while now.


Building Your Digital Honey Trap

Setting up a scamshop isn't hard but it does take some skill. First things first: you need a solid base. If you've already read my guide on setting up your own server, find it here:

πŸ—„οΈ Running and Hardening Your Own Dedicated Server πŸ—„οΈβ€‹

If you have, you're halfway there. If not, get over there and read it.​


View attachment 44750
With your server up and running, it's time to build your fraudulent storefront. We're going with WordPress and WooCommerce because they're easy and popular. Here's the quick and dirty setup:

SSH into your server​
Install Apache, MySQL, and PHP (LAMP stack)​
Download and unzip WordPress​
Create a MySQL database for WordPress​
Configure wp-config.php​
Run the WordPress installation​
Install and activate WooCommerce plugin​

Now you have the basic shop setup, it's time to make it look good. Grab some premium themes from these sites:


Don't worry about how much the shit cost – you're a fucking carder, use your skills.

The Product

Next up: find your golden goose product. You want something that'll go viral on social media. Check out these links for inspiration:

TikTok Popular Ads​


View attachment 47141

Once you have your winner, find it on AliExpress or Alibaba. Swipe their images and put that product on your WooCommerce store. If you want a full store with multiple products, you can use:

AutoDS​
Importify​



Now it's time to polish your digital turd. Write engaging product descriptions – use AI if you can only write like a 1st grader. Install some conversion boosting plugins like:

Optinly​
Adoric​

Remember, you want as many visitors to hit that checkout button as possible.

Speaking of pricing, since you're not really selling anything, you can give as much discount as you want, just don't go crazy. 100% discount screams "SCAM" and makes everyone suspicious. Keep it believable – 30-50% off. You want your marks salivating, not suspicious.


Make Your Scamshop a Trust Beacon

View attachment 44751

Okay, let's talk about making your scamshop look so legit even your grandma would believe it.

First off, reviews. You can't just put "Best product ever!" a hundred times and call it a day. No, you need variety. Get yourself a review generator plugin and go wild. Mix it up with some 4 star reviews, maybe even a 3 star here and there. Make it believable, for christ's sake.

Now, social proof. People are sheep and sheep follow the herd. Slap some fake social media feeds on your site. Show off those fake followers. Make it look like you're the next big thing in whatever nonsense you're selling.

Here's something you can't skimp on: SSL. That little padlock in the address bar that makes people feel all warm and fuzzy about entering their card details. Use Let's Encrypt - it's free and legit. No excuses.

Don't forget the boring stuff either. Privacy policy, terms of service - yeah, I know, it's a phishing site, but it needs to look real. Use a generator to spit out some legalese. Nobody reads that crap anyway, but it needs to be there.

Finally, spin a tale about your "company". Create an "About Us" page that'd make Shakespeare weep. Use AI to generate some fake team bios and photos. Use photos of real beautiful people, you absolute moron.

With your scamshop looking legit and professional, you're ready for the piece de resistance: the checkout process where the real magic happens. Let's get into how to turn your digital turd of a site into a card-harvester.


The Checkout

Now that your scamshop looks good, it's time to set up the money maker: the checkout. This is the most important part of teh whole process.

Remember our CC sniffer guide? We're about to use that.

First rule of thumb: don't store your stolen cvvs on the same server as your shop. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.

View attachment 44752

For our checkout we're using the public CheckoutWC. Because it looks like Shopify, so it adds an extra layer of legitimacy to your card harvesting store. More trust equals more conversions, and more conversions mean more card details for us.


View attachment 47143

Image: A sample of the checkout page of CheckoutWC, which looks a lot like Shopify!

Now, here's where things get hot. I've coded up a plugin that acts as a card details forwarder, forwarding those cvvs to an endpoint of your choice. I used to sell this for a couple of hundred dollars, but consider it my retirement gift to you my children, download here:

*** Hidden text: cannot be quoted. ***


For this demo we're using Webhook.site. Head over there and get yourself an endpoint:

View attachment 44755

This endpoint is where we will be posting our card details. Webhook.Site provides a panel which lists every posted data to this endpoint. This, and remember this is only a demo purpose, will be our panel for the mean time.

Replace the URL in the class-bravo-sender.php file with your new endpoint. Drop that plugin into WordPress, activate it and set it as your payment processor in WooCommerce.

Go ahead and test. Buy an item and checkout. If you did everything right you should see the card details in your Webhook.site panel.


Perfecting

Now our card-grabbing plugin will do the heavy lifting, but we need to make sure people actually get to that point.

First off, one-page checkout is your new best friend. It's already supported by CheckoutWC. The fewer clicks between "Buy Now" and "Thank you for your order card details", the better.


Remember, its 2024 not 1999. Your checkout better work smoothly on mobile or youre leaving money on the table. Test that shit on every device you can get your hands on.

Here's a trick: offer a bunch of payment options. PayPal, Apple Pay, whatever's popular. They won't actually work, of course, but it makes your site look legit as hell. Plus, it gives you more opportunities to "accidentally" have technical issues that force people to use your card-stealing option.

Lastly, exit-intent popups. Yeah, they're annoying as fuck, but they work. When someone's about to bail on your checkout, hit 'em with a last-minute discount or some urgency bullshit. Plugins like I've listed already supports this. You'd be surprised how many people you can catch with this net.

Every little helps. Look legit, grab more cards. Go! πŸ˜‰


Conclusion

View attachment 44756

Well done, you've got your first scamshop up and running. You've got a store that looks the part, a product that will spread like a disease and a checkout process that will rip off the unwary masses.

But don't start counting your money just yet. This is just the beginning of your journey into digital deception. In Part Two we'll go deeper into the techniques to get more cards and talk about how to promote your scamshop without getting the attention of the boys in blue.

Remember, with great power comes great responsibility... to not get caught. Stay frosty and stay anonymous.

Until next time, happy phishing! d0ctrine out.
Click to expand...
txxxxx
 
You must log in or register to reply here.
Top Bottom