CARDER.MARKET - CARDING FORUM FOR PROFESSIONAL CARDERS
NEW CARDING CHAT IN TELEGRAM

Self-sufficient carder: your first scam shop

Carder

Member
Back to our Self-Sufficient Carder series. Last time we looked at CC sniffers: Self-Sufficient Carder: Your First CC Sniffer.

Now we're going to up the ante with scam shops.

Why scam shops? It's simple. Relying on others for your cards is risky and expensive. By running your own shop, you control the supply chain. Plus, it's damn profitable since you can even sell the cards yourself.

site.jpg


We’ll be splitting this guide into two parts:

Part one covers the basics of setting up your scam shop. We’ll cover choosing platforms, designing your site, and making it look legit enough for the morons who fall for it.
Part two will be all about distributing and advertising your creation. After all, a scam shop without visitors is just a waste of server space.

By the end of this two-part guide, you’ll have the knowledge to go from buying cards to earning them yourself. Just remember, the more profit, the more risk. Don’t be sloppy.
So let’s get past all the hurdles and dive into the world of scam shops. It’s time to become self-sufficient in your carding game.

What are scam shops and why should you care?

Scam shops are the love children of legitimate e-commerce and good old phishing. Think of them as digital flytraps — they look harmless, even attractive, but they’re designed to slam into unsuspecting victims and drain their cards.

These sneaky little bastards come in two flavors:

Clone stores: copies of popular online stores. They’re so good, you’d swear you were buying from the real thing. Spoiler alert: they’re not.
Original creations: your own slice of the e-commerce scam pie. Think of those dropshipping gurus on TikTok, but yours never actually ship the goods and only grab the cards.

trash.jpg


Image: Look at this shitty clone of a site that didn’t even bother to copy the design of the real thing, I’m laughing!

So, why bother with scam shops when there are other ways to steal card details? Let’s break it down:

1. Trust Factor: People are wary of spam emails and text messages. But a legit-looking store? They’ll quickly hand over their card details just to get those phone cases you’re supposedly selling.
2. Low Tech, High Reward: You don’t have to be a coding genius or a mastermind behind spam campaigns. If you can operate a computer without setting it on fire, you can open your own scam shop.
3. Higher Success Rates: While sniffing is still the king of live card collection due to the guaranteed validity of the cards, scam shops blow traditional phishing campaigns out of the water. Why? Because most victims don’t even realize they’ve given you their cards until you use them to buy the latest and greatest Fleshlight you’ve had your eye on.

Building Your Digital Honeytrap

Setting up a scam shop isn’t hard, but it does require some skill. First things first: you need a solid foundation. If you’ve already read my guide to setting up your own server, you’ll find it here: Starting and Hardening Your Own Dedicated Server.

If so, you’re halfway there. If not, go there and read it.


1723802018630.jpg


Once you have your server up and running, it’s time to create your scam store. We choose WordPress and WooCommerce because they’re easy and popular. Here’s a quick and dirty setup:
  • SSH connection to your server
  • Install Apache, MySQL, and PHP (LAMP stack)
  • Download and unzip WordPress
  • Create MySQL Database for WordPress
  • Configure wp-config.php
  • Run the installation
  • Install and activate the plugin

Now that you have a basic store setup, it's time to make it look good. Grab a few premium themes from these sites:

Don't worry about how much this shit costs - you're a fucking carder, use your skills.

Product

Find your golden product. You need something that will go viral on social media. Check out these links for inspiration:

tiktok.jpg


Once you find your winner, search for them on AliExpress or Alibaba. Swipe their images and list that product on your WooCommerce store. If you want a full store with multiple products, you can use:

THJb7EN.jpg


Now it’s time to polish your digital trash. Write compelling product descriptions — use AI if you can only write like a first-grader. Install a few conversion-boosting plugins, such as:

Remember, you want as many visitors as possible to click on the checkout button.

Speaking of prices, since you’re not actually selling anything, you can give as many discounts as you want, just don’t go crazy. A 100% discount screams “SCAM” and makes everyone suspicious. Make it believable – 30-50% off. You want your reviews to make people salivate, not suspicious.

Make your scam shop a beacon of trust.

boxes-1.jpg


Okay, let’s talk about how to make your scam store look so legit that even your grandma would believe it.

First, reviews. You can’t just write “Best product ever!” a hundred times and say no. No, you need variety. Get yourself a review generator plugin and go wild. Add a few 4-star reviews, maybe even a 3-star one every now and then. Make it believable, for heaven’s sake. Now,

social proof. Humans are sheep, and sheep follow the herd. Add some fake social media channels to your site. Show off those fake followers. Make it look like you’re the next big thing in whatever crap you’re selling.

Here’s something you can’t skimp on: SSL. That little padlock in the address bar that makes people feel warm and fuzzy when they enter their credit card details. Use Let’s Encrypt — it’s free and legit. No excuses.

Don’t forget the boring stuff. Privacy policy, terms of service – yes, I know, it’s a phishing site, but it has to look real. Use a generator to spit out some legalese. No one reads that crap anyway, but it has to be there.

Finally, write a story about your “company”. Create an About Us page that would make Shakespeare cry. Use AI to generate some fake biographies and photos of the team. Use photos of real, beautiful people, you complete idiot.

Once your scam store looks legit and professional, you’re ready for the final step: the checkout process, where the real magic happens. Let’s break down how to turn your digital turd of a site into a card collector.

Checkout

Now that your scam store looks good, it’s time to set up your revenue stream: the checkout. This is the most important part of the entire process.

Remember our guide to CC sniffers? We’re going to use it.

First rule of thumb: don't store stolen cvvs on the same server as your store. If your host finds out about your operation and pulls the plug, you'll lose everything faster than a snowman in hell.

banner-772x250.jpg


For checkout, we use the public CheckoutWC. Because it looks like Shopify, it adds an extra layer of legitimacy to your card collection store. More trust means more conversions, and more conversions mean more card data for us.

wccheckout.jpg


Image: An example of a CheckoutWC checkout page that looks a lot like Shopify!

Now here's where things get interesting. I wrote a plugin that acts as a card data forwarder, forwarding those cvvs to the endpoint of your choosing. I used to sell this for a couple hundred bucks, but consider it my retirement gift to you kids, you can download it here:

DOWNLOAD: Bravo To Charlie Card Harvester Plugin:

For this demo we're using Webhook.site. Go there and get your endpoint:

whook.jpg


This endpoint is where we’ll publish our card details. Webhook.Site provides a dashboard that lists all of the data sent to this endpoint. This, and remember this is just for demo purposes, will be our dashboard for a while.

Replace the URL in the class-bravo-sender.php file with your new endpoint. Drag this plugin into WordPress, activate it, and set it as your payment processor in WooCommerce.

Go ahead and test it out. Buy a product and checkout. If you’ve done everything correctly, you should see the card details in the Webhook.site dashboard.

Getting Better

Now our card grabber plugin will do all the heavy lifting, but we need to make sure people actually get to this point.

First off, one-page checkout is your new best friend. It’s already supported by CheckoutWC. The fewer clicks between “Buy Now” and “Thank you for your order card details,” the better.

People are lazy. Don't give them a chance to reconsider their stupid decision to trust your site.

Remember, this is 2024, not 1999. Your checkout needs to work smoothly on mobile or you’re leaving money on the table. Test that shit on every device you can get your hands on.

Here’s a trick: offer a ton of payment options. PayPal, Apple Pay, whatever’s popular. Sure, they won’t actually work, but it will make your site look legit as hell. Plus, it gives you more opportunities to “accidentally” run into technical issues that will make people use your card-stealing option.

Lastly, exit-intent popups. Yeah, they’re annoying as hell, but they work. When someone’s about to abandon your checkout, hit them with a last-minute discount or some urgent crap. Plugins like the ones I listed already support this. You’d be surprised how many people you can snag with that net.

Every little bit helps. Look legit, grab more cards. Go! 😉

Conclusion

Well done, you have your first scam shop up and running. You have a shop that looks right, a product that will spread like a disease, and a checkout process that will rip off the unwary masses.

But don’t start counting your money just yet. This is just the beginning of your journey into digital fraud. In Part 2, we’ll take a closer look at methods for getting more cards and talk about how to promote your scam shop without attracting the attention of the guys in blue.

Remember, with great power comes great responsibility… don’t get caught. Stay anonymous.

Until next time, happy phishing!

(c) Telegram: d0ctrine
 
Last edited:
Back
Top