Who are carders?
These people are stealing money from your credit card.
You have probably seen a lot of ads on the Internet about the sale of new things or equipment from the United States, Europe, and so on. But they hardly knew that a significant part of them is published by carders.
We will tell you what this dark business is, and how carders work.
What is carding?
Largely, carding is stealing money from a card to your card, account, account in the payment system, as well as buying goods using someone else’s credit card. Most often, carders use cash withdrawals, purchases of branded clothing or electronics.
Previously, many carders worked with American eBay via PayPal, which was linked to someone else’s card. Now eBay in the US and PayPal have tightened the rules, but carders have not gone away – they have moved to work with other countries, for example, Germany, France, Italy, etc.
Carders have their gurus, channels in Telegram and training courses where they teach how to correctly turn black schemes. And it also generates revenue, sometimes more than directly from carding. In General, the industry is trending.
How do carders work?
First of all, they need the card number and authentication data (Bank account password, VDV for cards with 3D Secure, CVV2/CVC2, etc.). Often, carders purchase the database and check the relevance of the information in it or pick up passwords through brute force or other methods.
In the darknet, you can buy card data for a low price. Besides, carders pay for a VPN with the ability to select a server (preferably accurate to the state or at least to the country) and other means of anonymization.
Another option is to organize a phishing campaign. The Bank’s page with the account login form is copied, or a fake application is created and a link to it is distributed via spam.
A user who is concerned that their card may be blocked; the Bank asks to confirm the operation; a transfer is received from someone unknown – goes to a fake website or launches a fake app. The carder takes the entered data and transfers all the money to itself. Alternatively, waiting for big receipts to make the most of it.
Judging by the discussions in the darknet, the carder spends 5-10 thousand rubles at the start. This means paying for VPNs, ipsocks tunnels, hacked accounts, and computer access, «callers» who communicate with sellers or the Bank’s support service in the desired language, and document scans for intermediaries. As well as «stuffing cones» – not from the first card everything goes smoothly.
What is a drive-in?
This is the process of entering card data in a form on the store’s website or payment system. To avoid risks, carders use hacked computers of ordinary users to drive them in. Then they are cleaned of logs or get rid of iron.
Another option is to work with an Android smartphone or VM emulator. After the drive-in, it’s enough to delete the software to cover your tracks.