Lord777
Professional
- Messages
- 2,577
- Reaction score
- 1,563
- Points
- 113
Online money theft is common and very common. Victims are bank customers with active accounts and plastic cards attached to them. Find out what online carding is and take measures to protect yourself from hackers. Use two-factor authentication and keep your password and PIN secret. Fraud is characterized by the use of a person's debit or credit payment card without their consent. The carder gets access to bank information and uses other people's money. This article describes in detail the methods of carding, basic schemes and recommendations for protecting against such types of fraud.
Article content:
In fact, this is the theft of funds from an individual's bank account, which is linked to a debit or credit payment card. Usually, theft is carried out through Internet access by obtaining information about the owner of the plastic — first name, last name, passwords for logging in to accounts linked to stores on the Network, PIN codes, and other information. Question: carding what is it in simple words? This means getting access to the owner's personal data and using funds from a bank card without their knowledge.
Most often, scammers act in two ways:
But the development of Internet technologies contributes to greater sophistication of scammers, sometimes their victims are attentive people who maximize the security of their savings and savings. For example, when an online store is hacked, all identified and registered users automatically become easy prey for carders, since a payment card is attached to the account.
Basic scheme used by carders:
Fraudsters extraction of personal data does not depend on the actions of the victim. In most cases, such information is sold via the Darknet or is generated to order — For example, bank employees with access to customers personal information can sell databases with addresses, phone numbers, card numbers, and bank account status. On the Darknet, you can buy phone numbers, lists with the names of alleged victims, and a specific amount of plastic storage media with an indication of the amount.
The development of e-commerce has crossed a 30-year milestone, and simultaneously with the appearance of the first online stores, the first carders appeared. In the 1990s, the schemes were fairly simple due to the lack of secure banking for merchants. 30 years ago, carders worked according to the scheme: they created non-existent plastic cards and used them to pay for purchases in online stores. The lack of real money in the account of the owner of the trading service was not immediately detected, and reconciliation with the issuer was carried out approximately once a month.
More sophisticated fraudulent schemes for stealing money from bank accounts have now been developed. In addition to the basic method with a call to the cardholder, other methods are common: plastic cards, two-factor authentication, MCSC,VBV, and fulka.
Two-factor authentication is popular, but also imperfect — access to a card account can be obtained through fake cookies or using virus software embedded in a computer or smartphone. You need to install modern antivirus programs that ensure the correct operation of electronics and mobile devices.
Specially designed malicious programs are embedded in user accounts with linked payment data and read the information. For example, a Google account that contains passwords for accessing online stores, social networks, and a linked payment card-all information gets into the Darknet, is sold, and leads to loss of money.
Fake cookies are no less dangerous because they perform the functions of the original — they read actions and information about the user. The information obtained contains enough benefits for hackers and is also used by carders to gain access to other people's money on a bank card.
There are two key types of carding - with physical access to payment card data and remote theft of money. Both methods are used, and sometimes part of the blame lies on the carelessness of the owner of the money account.
Physical access. It sounds strange, but even now they steal bags and purses that contain plastic cards, to which a piece of paper with a written PIN code is glued. Other physical access options include forgetting your card at an ATM in front of strangers, losing an envelope with your password, or remembering the password you entered when paying for goods at the checkout counter in a store. Or you withdraw money using an ATM at night in a secluded, relatively crime-prone place. If you are forced to withdraw money from your account by physical threats — this is carding cash, which refers to the type of physical access. Remote carding is the theft of money from the account of the owner of a plastic card.
Quite often, appeals to the police do not bring the proper effect. Internet scammers think through every step and protect themselves from liability as much as possible. For example, the Criminal Code provides for an article and responsibility for such actions, but it is often impossible to physically find the culprit.
Carders use multi-factor protection, log in to the Internet via different IP addresses using VPN services, and use schemes with intermediaries. For example, a carding drive - in can lead the police to a drop — a person who receives goods from a store, but is not a cracker.
(c) https://profunds.ru/carding
Article content:
- What is carding?
- General carding scheme
- The most common carding schemes
- Types of carding
- How carders avoid punishment
- You are a victim of carding: what should I do?
- Frequently Asked Questions
- What is important to remember
What is carding?
In fact, this is the theft of funds from an individual's bank account, which is linked to a debit or credit payment card. Usually, theft is carried out through Internet access by obtaining information about the owner of the plastic — first name, last name, passwords for logging in to accounts linked to stores on the Network, PIN codes, and other information. Question: carding what is it in simple words? This means getting access to the owner's personal data and using funds from a bank card without their knowledge.
Most often, scammers act in two ways:
- transfer other people's money to their bank account;
- make purchases in online stores, paying for them with someone else's card.
But the development of Internet technologies contributes to greater sophistication of scammers, sometimes their victims are attentive people who maximize the security of their savings and savings. For example, when an online store is hacked, all identified and registered users automatically become easy prey for carders, since a payment card is attached to the account.
General carding scheme
As a rule, carding the work of scammers on the Internet operates according to certain well-established schemes, which are improved and changed as banking technologies develop. Despite the precautionary measures, making payments through secure bank gateways with the HTTPS protocol, fraud works quite successfully. There are different schemes for accessing money on a card account.Basic scheme used by carders:
- the carder purchases a database with access to the personal data of payment card holders, which contains the personal information of the alleged victims — phone numbers, first name, last name;
- the carder's representative calls the person on the phone, introduces himself as an employee of the banking security service and reports any suspicious actions regarding the plastic card;
- the victim is confused and does not confirm the actions claimed by the fraudster;
- after that, the caller reassures the cardholder, declaring an attack of fraudsters, offers help in protecting the card account — you need to dictate a 4-digit code that was sent via SMS.
Fraudsters extraction of personal data does not depend on the actions of the victim. In most cases, such information is sold via the Darknet or is generated to order — For example, bank employees with access to customers personal information can sell databases with addresses, phone numbers, card numbers, and bank account status. On the Darknet, you can buy phone numbers, lists with the names of alleged victims, and a specific amount of plastic storage media with an indication of the amount.
The most common carding schemes
The development of e-commerce has crossed a 30-year milestone, and simultaneously with the appearance of the first online stores, the first carders appeared. In the 1990s, the schemes were fairly simple due to the lack of secure banking for merchants. 30 years ago, carders worked according to the scheme: they created non-existent plastic cards and used them to pay for purchases in online stores. The lack of real money in the account of the owner of the trading service was not immediately detected, and reconciliation with the issuer was carried out approximately once a month.
More sophisticated fraudulent schemes for stealing money from bank accounts have now been developed. In addition to the basic method with a call to the cardholder, other methods are common: plastic cards, two-factor authentication, MCSC,VBV, and fulka.
Carding with plastic cards
The cards used have different classifications: for example, they can be debit or credit cards. All plastic cards contain basic and detailed information about the owner:- last name and first name in Latin;
- time interval to use;
- a variety — for example, Mastercard;
- name of the issuing bank;
- The three-character security code is CVV.
MCSC, VBV, and two-factor authentication
MCSC and VBV are two-factor authentication methods that are common mainly in Western countries, and SMS codes and phone numbers are not used. The cardholder creates a special security password on their ATM or bank account. MCSC and VBV methods have disadvantages due to repeated use and often cause fraud on the part of carders. Two-factor authentication via sms code is less vulnerable to hacking.Two-factor authentication is popular, but also imperfect — access to a card account can be obtained through fake cookies or using virus software embedded in a computer or smartphone. You need to install modern antivirus programs that ensure the correct operation of electronics and mobile devices.
Specially designed malicious programs are embedded in user accounts with linked payment data and read the information. For example, a Google account that contains passwords for accessing online stores, social networks, and a linked payment card-all information gets into the Darknet, is sold, and leads to loss of money.
Fake cookies are no less dangerous because they perform the functions of the original — they read actions and information about the user. The information obtained contains enough benefits for hackers and is also used by carders to gain access to other people's money on a bank card.
Fullz
The most expensive type of information on the Darknet and special hacker forums is fulks or fullz. This is hacker terminology, meaning the most complete information about a person. This includes data:- passport and other identity cards;
- last name, first name and patronymic of the bank's client;
- address of residence, registration and date of birth;
- email details and phone numbers;
- all details of existing payment cards;
- list of transactions on the card account.
Other schemes
Some methods of fraud are not considered well-known and widespread, but they also apply to carding. For example, BlackBox is a sophisticated method used by experienced hackers. A small computer is connected via a special wire to an ATM and cash is transferred to their own accounts. Payment terminals are also hacked in the same way. Unfortunately, it is impossible to protect yourself from such carding schemes.Types of carding
There are two key types of carding - with physical access to payment card data and remote theft of money. Both methods are used, and sometimes part of the blame lies on the carelessness of the owner of the money account.
Physical access. It sounds strange, but even now they steal bags and purses that contain plastic cards, to which a piece of paper with a written PIN code is glued. Other physical access options include forgetting your card at an ATM in front of strangers, losing an envelope with your password, or remembering the password you entered when paying for goods at the checkout counter in a store. Or you withdraw money using an ATM at night in a secluded, relatively crime-prone place. If you are forced to withdraw money from your account by physical threats — this is carding cash, which refers to the type of physical access. Remote carding is the theft of money from the account of the owner of a plastic card.
Duffel carding
The clothing method is called carding drive-in-this is the purchase of various items on trading platforms on the Internet without the consent of the cardholder. Vbeevers work according to a long-established scheme — the purchase is paid for using someone else's card, and delivery is made out to fake addresses through legal services. Intermediaries receive the product and resell it — the chain can be quite large or consist of one person. As a rule, carders prefer to work with foreigners who have two-factor authentication of payment cards that are not linked to a phone number.Electronic payment systems
In this case, it means the theft of monetary assets from electronic wallets. Hackers use two methods with payment systems:- hacking a real user's account;
- they are registered under someone else's data, which is taken from fulki.
Adding funds to your SIM cards
Carders use several SIM cards, which they top up using an international service. The money comes from a hacked account. You can use the money in your phone account to pay for online purchases, cash out, and conduct other transactions — The variation depends on the mobile operator and the fraudster's capabilities.Phishing
Creating fake websites or pages of banks, online stores, and other services where you need to enter your payment card details. As a rule, the URL differs by a single letter or characters and may be misleading due to inattention of the user. One of the phishing methods is to send emails to the cardholder on behalf of the bank with a request to confirm the details using a PIN code.Vishing
An analog of phishing is called scam carding — this is a method in which scammers use the most common scheme — phone calls. In this way, they lure out your card details, ask you to enter the code you received on your phone, and steal money from your bank card account.Skimming
Carders can install special equipment on ATMs that is invisible to visitors. When the card is inserted into the slot, the data is read and stored on the skimmer. They also use special keyboard attachments and miniature cameras to get PIN codes. Particularly advanced hackers use fake ATMs. When performing actions with the card, a person sees an error and thinks that the ATM is not working.Shimming
An improved version of skimming. The method is completely identical, but the so-called "pwm" inside the device may not be noticed even by employees of the bank's technical service. "Pwm" is a thin miniature device that reads data from a payment card using an ATM.How carders avoid punishment
Quite often, appeals to the police do not bring the proper effect. Internet scammers think through every step and protect themselves from liability as much as possible. For example, the Criminal Code provides for an article and responsibility for such actions, but it is often impossible to physically find the culprit.
Carders use multi-factor protection, log in to the Internet via different IP addresses using VPN services, and use schemes with intermediaries. For example, a carding drive - in can lead the police to a drop — a person who receives goods from a store, but is not a cracker.
You are a victim of carding: what should I do?
The first step is to notify the bank and block the card, and the second is to contact the police. Unfortunately, victims of carding become aware of the fraud after it is committed. Accordingly, it is unlikely that you will be able to return the money. But you need to protect yourself from future attacks of this kind. After contacting the bank and the police, you must take the following actions:- change passwords for all accounts;
- cancel all online payment card bindings;
- use two-factor authentication using a phone number for all merchant profiles and accounts.
Frequently Asked Questions
What is drive-in carding?
This is duffel carding, in which stolen money is used for shopping in online stores.What is phishing and skimming?
Phishing — fake websites of trading platforms or banks that lure out payment card details. Skimming — reading of plastic card data at ATMs using special equipment.Who are carders on the Internet?
These are scammers who steal money from bank customers payment cards.What is important to remember
Carding is a common method of fraud, which partially flourishes due to inattention and negligent attitude to your personal data. Protect your personal and payment information as much as possible — try to stay ahead of carders and avoid getting caught in their networks. Be careful with phone calls from the bank, do not enter any software codes on the Internet, and check information about online stores.(c) https://profunds.ru/carding
