Carders steal money from your bank card. You've probably seen a lot of ads on the Internet selling new things or equipment from the United States, Europe, and so on. But they hardly guessed that a significant part of them is published by carders. We tell you what kind of dark business it is, and how carders work.
Warning: This article is for informational purposes only. Theft and fraud are punishable by law.
Previously, many carders worked with American eBay via PayPal, to which someone else's card was linked. Now eBay in the US and PayPal have tightened the rules, but carders have not gone anywhere – they have moved to work with other countries, for example, Germany, France, Italy, etc.
Carders have their own gurus, Telegram channels and training courses where they teach you how to correctly turn black schemes. And it also generates revenue, sometimes more than directly from carding. In general, the industry is trending.
On the darknet, you can buy these cards for 300-500 rubles. In addition, carders pay for a VPN with the ability to choose a server (preferably accurate to the state or at least to the country) and other means of anonymization.
Another option is to organize a phishing campaign. The bank's page with the login form is copied, or a fake app is created and a link to it is distributed via spam.
A user who is concerned that their card may be blocked; the bank asks for confirmation of the transaction; a transfer has been received from someone who is not known – goes to a fake website or launches a fake application. The carder takes the entered data and transfers all the money to itself. Or waiting for big receipts to make the most of it.
Judging by the discussions on the darknet, a carder spends 5-10 thousand rubles at the start. This includes paying for VPNs, ipsocks tunnels, hacked accounts and computer access, "callers" who communicate with sellers or the bank's support service in the right language, and document scans for intermediaries. And also "stuffing bumps" – far from the first map, everything goes smoothly.
Another option is to work from an Android smartphone emulator or virtual machine. After driving in, it is enough to remove the software to cover your tracks.
[HEADING=3How to order products from someone else's bank card[/HEADING]
American and European stores often do not ship goods to customers in Russia, Ukraine, Kazakhstan, and other former Soviet countries if they were ordered from a PayPal account linked to a card that belongs to a citizen of the United States, Canada, or European countries. Large stores and payment systems have anti-fraud systems that block suspicious transactions.
In addition, carders create "self-registers". A hacked bank account is purchased, PayPal is registered for it, and your phone number, address, and email address are indicated. You can often take out a loan on such an account, and not just spend the available positive balance.
However, recently this option is practically not used, because PayPal in most cases rejects registration and linking of a bank account.
Large stores have begun to fight against carders, but smaller stores are not so active in resisting scammers. Virtually all stores that offer gift cards or certificates are under attack. Ordering items and equipment directly from someone else's account is more likely to be "wrapped up".
Finally, there are cryptocurrency exchanges that allow you to buy coins relatively anonymously, then sell them and withdraw money to your card. Transactions in cryptocurrency are non-refundable, so the system will not be able to automatically return money to the cardholder.
When you make a card payment, the cashier or merchant can view and remember the data without being noticed. For some sites, when ordering products, the card number and CVV2 written on the back are sufficient. But the carder can go further and install its own "reader" to read all the card data.
So if you suddenly lose money from your bank card a few hours or days after visiting the store, who will you think of? Certainly not to the cashier or seller…
To do this, carders use drops. These are people who are at the lowest level in the chain and do the dirtiest work: cash out money, provide their data for receiving parcels, send parcels to carders, etc.
Carders give drops a minimum of information and practically do not contact them. So even if the drop is tracked down, it will have an alibi at the time of hacking into the bank account or withdrawing money from the card. And he won't be able to tell you anything about Carder either. As a result, the crime will remain unsolved.
However, even if the police descend on the carder's home, the employees will still have to prove the fact of committing a computer crime. And if there are no traces, then there is no trial.
They are most often caught on correspondence in instant messengers, the presence of data from other people's cards and accounts, malicious software builds, etc. But if you use portable software, anonymization tools, self-destructing messages, and cryptographic messengers, it will be difficult to prove something.
Money transfers alone are not sufficient proof. Witness statements, too. If the carder can pretend to be a drop or intermediary, he will quickly retrain from an accused person to a witness.
Think before you click on the links. Set limits for online payments, and don't forget about antivirus software on your Android smartphone and Windows computer.
You can also use one card for everyday purchases, and the second for storing larger amounts of money, and if necessary, transfer money from the second to the first. If you have any suspicions about illegal debiting of funds, call the bank to block the card and start an investigation.
Warning: This article is for informational purposes only. Theft and fraud are punishable by law.
What is carding?
By and large, carding is the theft of money from a card to your own card, account, account in a payment system, as well as the purchase of goods using someone else's credit card. Most often, carders use cash withdrawals, purchases of branded clothing or electronics.Previously, many carders worked with American eBay via PayPal, to which someone else's card was linked. Now eBay in the US and PayPal have tightened the rules, but carders have not gone anywhere – they have moved to work with other countries, for example, Germany, France, Italy, etc.
Carders have their own gurus, Telegram channels and training courses where they teach you how to correctly turn black schemes. And it also generates revenue, sometimes more than directly from carding. In general, the industry is trending.
How do carders work?
First of all, they need the card number and authentication data (password from a bank account, VDV for cards with 3D Secure, CVV2/CVC2, etc.). Often carders buy a database and check the relevance of information in it, or choose passwords using brute force or other methods.On the darknet, you can buy these cards for 300-500 rubles. In addition, carders pay for a VPN with the ability to choose a server (preferably accurate to the state or at least to the country) and other means of anonymization.
Another option is to organize a phishing campaign. The bank's page with the login form is copied, or a fake app is created and a link to it is distributed via spam.
A user who is concerned that their card may be blocked; the bank asks for confirmation of the transaction; a transfer has been received from someone who is not known – goes to a fake website or launches a fake application. The carder takes the entered data and transfers all the money to itself. Or waiting for big receipts to make the most of it.
Judging by the discussions on the darknet, a carder spends 5-10 thousand rubles at the start. This includes paying for VPNs, ipsocks tunnels, hacked accounts and computer access, "callers" who communicate with sellers or the bank's support service in the right language, and document scans for intermediaries. And also "stuffing bumps" – far from the first map, everything goes smoothly.
What is a"drive-in"?
This is the process of entering card details in a form on the store's or payment system's website. In order not to take risks, carders use hacked computers of ordinary users to drive them in. Then they are cleaned of logs or get rid of iron.Another option is to work from an Android smartphone emulator or virtual machine. After driving in, it is enough to remove the software to cover your tracks.
[HEADING=3How to order products from someone else's bank card[/HEADING]
American and European stores often do not ship goods to customers in Russia, Ukraine, Kazakhstan, and other former Soviet countries if they were ordered from a PayPal account linked to a card that belongs to a citizen of the United States, Canada, or European countries. Large stores and payment systems have anti-fraud systems that block suspicious transactions.
But this does not stop scammers.
They order a gift card (e-gift) from the victim's card, and then receive the code of this gift card from the victim's hacked email. The order is made directly from your account, but using the gift card code.In addition, carders create "self-registers". A hacked bank account is purchased, PayPal is registered for it, and your phone number, address, and email address are indicated. You can often take out a loan on such an account, and not just spend the available positive balance.
However, recently this option is practically not used, because PayPal in most cases rejects registration and linking of a bank account.
Another option is to use an intermediary.
Of course, in theory, the intermediary can turn the parcel back if the store calls them and indicates that carding is taking place. But you can accidentally make a mistake in the intermediary's phone number. This increases the chance that the parcel will pass through.Large stores have begun to fight against carders, but smaller stores are not so active in resisting scammers. Virtually all stores that offer gift cards or certificates are under attack. Ordering items and equipment directly from someone else's account is more likely to be "wrapped up".
Carders don't just order things
You can not only order physical goods from these cards, but also withdraw money. There are casinos, online games, and other virtual money transfer options.Finally, there are cryptocurrency exchanges that allow you to buy coins relatively anonymously, then sell them and withdraw money to your card. Transactions in cryptocurrency are non-refundable, so the system will not be able to automatically return money to the cardholder.
A supermarket cashier can also be a carder
Supermarket cashiers and shop assistants usually don't have high salaries. But if they do carding, they get 5-10 times more money.When you make a card payment, the cashier or merchant can view and remember the data without being noticed. For some sites, when ordering products, the card number and CVV2 written on the back are sufficient. But the carder can go further and install its own "reader" to read all the card data.
So if you suddenly lose money from your bank card a few hours or days after visiting the store, who will you think of? Certainly not to the cashier or seller…
What do the police think?
Usually, a full-fledged investigation begins only if the carder has stolen a significant amount of funds – more than $ 1,000. Usually, after that, the FRB sends a request to the police. And the request contains IP addresses, names, sending addresses, and other information about a potential criminal.To do this, carders use drops. These are people who are at the lowest level in the chain and do the dirtiest work: cash out money, provide their data for receiving parcels, send parcels to carders, etc.
Carders give drops a minimum of information and practically do not contact them. So even if the drop is tracked down, it will have an alibi at the time of hacking into the bank account or withdrawing money from the card. And he won't be able to tell you anything about Carder either. As a result, the crime will remain unsolved.
Why carders avoid punishment
Practice shows that if a carder works through a VPN, proxy and other services, and also complies with Internet security rules, it is almost impossible to prove his guilt. But everyone is wrong…However, even if the police descend on the carder's home, the employees will still have to prove the fact of committing a computer crime. And if there are no traces, then there is no trial.
They are most often caught on correspondence in instant messengers, the presence of data from other people's cards and accounts, malicious software builds, etc. But if you use portable software, anonymization tools, self-destructing messages, and cryptographic messengers, it will be difficult to prove something.
Money transfers alone are not sufficient proof. Witness statements, too. If the carder can pretend to be a drop or intermediary, he will quickly retrain from an accused person to a witness.
What should I do now?
Some people think that carding is easy money and impunity. But in reality, stores and payment systems are increasingly opposed to them. And no one canceled the criminal penalty.Think before you click on the links. Set limits for online payments, and don't forget about antivirus software on your Android smartphone and Windows computer.
You can also use one card for everyday purchases, and the second for storing larger amounts of money, and if necessary, transfer money from the second to the first. If you have any suspicions about illegal debiting of funds, call the bank to block the card and start an investigation.
