Social Media Used by Carders to Promote Phishing Schemes: A Detailed Analysis

S

Student

Professional
Messages
588
Reaction score
250
Points
63
Carders are cybercriminals who specialize in stealing, using, or selling credit card data. Social media has become a key tool for distributing phishing schemes due to its wide audience reach, automation capabilities, and relative anonymity. Below is a detailed analysis of the platforms used, how carders exploit them, example schemes, and additional aspects, including the technical and social mechanisms that make these platforms attractive to attackers. This analysis is intended for educational purposes to raise awareness of cybercriminal methods and protection measures.

Main Social Media and Their Use by Carders​

1. Telegram​

  • Why it's popular: Telegram provides a high degree of anonymity thanks to end-to-end encryption in secret chats, minimal content moderation, and the ability to create channels/groups with thousands of members. This makes it a key hub for coordinating and promoting phishing schemes.
  • How to use:
    • Channels and groups: Carders create channels where they sell phishing kits (ready-made kits for creating fake websites), databases (logs, passwords, card numbers), and malicious links. For example, a channel might advertise "Phishing as a Service" (PhaaS), offering beginners ready-made phishing tools for $50–$200.
    • Bots: Automated bots generate phishing links that mimic popular services (PayPal, banking websites, gaming platforms like PUBG or Roblox). Bots can also collect victim data entered on fake pages.
    • Data trading: Carders sell "valid" credit cards (CCs) or "dumps" (full card data, including CVV) in closed groups. Prices range from $5 per card to $500 for a "premium" card with a high balance.
  • Examples of schemes:
    • A phishing bot offers "free skins" for games, redirecting the victim to a website that requires card details or logins.
    • Groups disguised as "investment clubs" promote fake cryptocurrency platforms where victims lose money or data.
  • Features: Telegram allows for rapid scalability, as channels can have up to 200,000 members, and bots operate 24/7. In 2024, approximately 35% of carding-related phishing attacks were coordinated through Telegram (according to Group-IB).

2. Facebook​

  • Why it's popular: Its huge audience (approximately 3 billion users) and targeted advertising capabilities make Facebook an ideal platform for mass phishing. Hacked accounts and fake pages are easily created and used to distribute spam.
  • How to use:
    • Fake Profiles: Carders create accounts imitating famous people, brands, or tech support to lure victims into phishing traps.
    • Spam in groups: Thematic groups (for example, about cryptocurrency or shopping) publish posts with phishing links. Hacked accounts can send up to 47 posts per hour, tagging friends, to increase their reach.
    • Fake Advertising: Carders use paid advertising to promote phishing sites, disguising them as legitimate offers (such as discounts on Amazon or Netflix).
  • Examples of schemes:
    • Giveaway scams that promise an iPhone or cryptocurrency for registering on a website that requires card details.
    • Fake job postings where the victim is asked to provide an SSN (Social Security Number) or bank information, supposedly for registration.
  • Specifics: Facebook actively combats phishing, but the platform's scale and automation (bots, scripts) allow carders to bypass moderation. In 2023, approximately 20% of phishing attacks on users originated on Facebook (according to the APWG).

3. Instagram​

  • Why it's popular: A visual platform with a young audience (18-34 years old) and the ability to quickly spread through stories and posts. Account hacking and the creation of fake profiles is a common practice.
  • How to use:
    • Phishing Stories: Short videos or links in Stories redirect to fake websites promising discounts, subscribers, or gifts.
    • Hacked accounts: Carders use hijacked profiles to send phishing links via direct messages or posts.
    • Influencer scams: Fake accounts impersonating bloggers promote "sponsored" offers that lead to phishing sites.
  • Examples of schemes:
    • Posts about "growing followers" for a small fee, where the victim enters card details on a fake website.
    • Stories with fake promo codes leading to clones of popular online stores.
  • Features: Young people often trust visual content, making Instagram an effective platform for targeted attacks. According to ZeroFox, approximately 15% of phishing links in 2024 were distributed through Instagram.

4. Twitter (X)​

  • Why it's popular: The short message format and the ability to quickly interact (retweets, replies) allow carders to quickly distribute phishing links. The platform is also popular for crypto scams.
  • How to use:
    • Angler Phishing: Carders create fake support accounts (e.g. @PayPalSupport instead of @@paypal) and respond to user complaints by offering to click a link to "solve the problem."
    • Trending spam: Phishing links disguised as news or memes are published under popular hashtags.
    • Crypto scams: Posts about "free giveaways" of cryptocurrency (BTC, ETH) require sending a small amount or entering data on a phishing site.
  • Examples of schemes:
    • Tweets featuring fake cryptocurrency giveaways from "Elon Musk" linking to websites stealing crypto wallet keys.
    • Responses to bank posts with phishing links imitating official websites.
  • Features: Rapid spread via retweets and weak real-time moderation make X vulnerable. By 2025, approximately 10% of phishing attacks were linked to this platform (according to PhishLabs).

5. TikTok​

  • Why it's popular: Viral content and a young audience (Gen Z) make TikTok an ideal platform for targeting less experienced users. The platform's algorithms facilitate rapid spread.
  • How to use:
    • Video scams: Short videos promise easy money (for example, through "sponsorship" or "TikTok coins"), redirecting to phishing sites.
    • Fake trends: Carders use popular hashtags to promote links disguised as challenges or giveaways.
  • Examples of schemes:
    • A video featuring "free verified status" for registering on a website that steals data.
    • Videos about "quick money" through investments that lead to fake crypto platforms.
  • Features: Young people often don't verify links, and the visual format makes the schemes more convincing. TikTok has become a growing platform for phishing, with attacks expected to increase by 25% in 2024 (according to Fortinet).

6. VK​

  • Why it's popular: In the Russian-speaking segment, VK remains the largest social network with active communities and weak moderation compared to Western platforms.
  • How to use:
    • Communities: Carders create groups disguised as jobs, investments, or discounts to distribute phishing links.
    • Private messages: Hacked accounts send spam with phishing links to friends.
    • Advertising: Fake ads for products or services redirect to phishing sites.
  • Examples of schemes:
    • Groups offering "jobs without experience" with a requirement to pay a deposit or provide card details.
    • Posts about "discounts on electronics" that lead to Ozon or Wildberries clones.
  • Specifics: VK's local popularity and user trust make the platform vulnerable to regional attacks. According to Kaspersky, approximately 8% of phishing attacks in the CIS in 2024 were linked to VK.

Technical and social aspects​

  1. Automation:
    • Carders use bots and scripts to create mass accounts, publish posts, and send messages. For example, on Telegram, bots can generate thousands of unique phishing links per hour.
    • Social engineering such as "urgent" offers or "limited discounts" increase the likelihood of clicks.
  2. Social engineering:
    • Carders exploit users' trust in familiar brands, celebrities, or friends. For example, a hacked friend's account sending a phishing link raises less suspicion.
    • Emotional triggers (greed, fear, curiosity) are used for manipulation: "You've won an iPhone!" or "Your account is blocked, follow the recovery link."
  3. Dark Web and coordination:
    • Carders use darknet forums (such as Hydra or Exploit) to purchase tools and coordinate attacks, and social media to scale them. For example, a phishing kit purchased for $100 can be configured to attack via Telegram or Instagram.
  4. Cross-platform attacks:
    • Carders combine platforms: for example, they lure victims through an Instagram post, redirect them to a Telegram bot, and then to a phishing website. This complicates tracking.

Statistics and trends (2023–2025)​

  • According to the Anti-Phishing Working Group (APWG), in 2024, 43% of successful phishing attacks on organizations began from social media or email.
  • Telegram and WhatsApp make up about 50% of coordination platforms for carders (Group-IB, 2024).
  • The rise of phishing through TikTok and Instagram is linked to the increase in mobile attacks (growth of 30% in 2024, Fortinet).
  • In the CIS, VK and Telegram remain leaders in the number of local phishing schemes (Kaspersky, 2024).

How to protect yourself: Recommendations for users​

  1. Technical measures:
    • Enable two-factor authentication (2FA) on all social media and financial service accounts.
    • Use anti-phishing tools: Browser extensions (e.g. Netcraft, F-Secure) or antivirus software with anti-phishing protection (Kaspersky, Norton).
    • Check the URL: Make sure the site is legitimate (e.g. use https:// and check the domain manually).
  2. Behavioral measures:
    • Don't trust offers that sound "too good": Free gifts, 90% discounts, or "easy money" are red flags.
    • Don't click on suspicious links: Even if they come from a friend, check with them personally.
    • Check accounts: Fake profiles often have few posts, strange names, or recently created pages.
  3. Monitoring and response:
    • Monitor accounts: Use services like Have I Been Pwned to check for data leaks.
    • Report phishing: Use the platforms' reporting features (e.g., the "Report" button on Instagram) or contact authorities: ftc.gov (USA).
  4. Education:
    • Stay up-to-date on new schemes through resources like APWG, Group-IB, or Kaspersky Daily.
    • Educate your friends and family, especially the young and elderly, who are more likely to be victims.

Conclusion​

Social media is a powerful tool for carders due to its accessibility, scale, and automation capabilities. Telegram leads as a hub for coordination, Facebook and Instagram for mass distribution, X and TikTok for rapid attacks, and VK for localized schemes in the CIS. Understanding these methods and implementing basic security measures (2FA, link verification, anti-phishing) significantly reduces the risk of becoming a victim. For further research, I recommend resources from Group-IB, APWG, and local cybersecurity portals.

If you'd like to delve deeper into a specific platform or see examples of real-world phishing attacks, let me know!
 
  • Like
Reactions: Man
You must log in or register to reply here.

Similar threads

S
What is Phishing and How is it Used to Steal Card Data? (Phishing Methods, Attack Examples, Protection from Phishing Sites)
Replies
0
Views
116
Student
S
S
Adapting Carders to Biometric Authentication Systems: A Detailed Analysis
Replies
0
Views
55
Student
S
S
A detailed analysis of the joint operation by banks and cyber police against carders in 2023
Replies
0
Views
104
Student
S
S
An example of a case where carders used fake websites to collect bank card data during sales
Replies
0
Views
56
Student
S
S
A detailed case study: How retailer Koton identified and prevented phishing attacks on its website
Replies
0
Views
67
Student
S
Back
Top