mcmentalonthemic
Iron
- Joined
- Sep 23, 2023
- Posts
- 40
- Reputation
- 54
READ THIS BEFORE CONTINUING:
THIS GUIDE DOES NOT PROMOTE ANY ILLEGAL ACTIONS. ALL INFORMATION SHARED IN THIS GUIDE IS PUBLICLY AVAILABLE
THIS GUIDE'S INTENT IS EDUCATION AND TO TEACH PEOPLE HOW TO "AVOID IT HAPPENING TO YOU"
--------------------
If you're a fraudster please click off this guide as it could teach you how to buy and use credit cards online, which could result in you stealing $1,000/d with very little consequence.
This is extremely bad, please click off.
Carding definition:
The act of obtaining someone else's credit card information, by either by buying it off online black markets, hacking an online store, or simply looking at someone else's card and writing down the number and exp. date. Once the card info is obtained the person doing the carding will usually have a drop point (an empty house or building) and have the items ordered with the credit card shipped there to make the whole act pretty untraceable.
----------------------------------------------
If you're financially stable, have always paid off Debt and have a good credit score you can get a good credit card with good rates, stats say that 82% of Americans over 20 have a Credit Card in their name. Unfortunately, Fraudsters are constantly trying to steal your credit card information, and you could wake up with thousands of dollars taken.
The issue is, Carding is Quick Easy, Cheap, extremely Low Risk and can be taught to a 12 year old with hyper autism.
This is how They do It.
Disclaimer for Admins:
Download/screenshot this guide just incase if you're intererested.
Now that we have gotten that out of the way let's get to the good stuff.
There are multiple types of Cyber Criminals when it comes to carding.
The obtainer of Stolen credit cards, the Reseller of the Stolen CC's and then the Cyber criminal which buys them off the reseller.
We will call these Cyber criminals:
- Obtainer - the one who obtains the cards
- Reseller - The one who buys it off obtainer and sells it on a marketplace
- User - The one who buys the CCs off the marketplace and actually uses it
Many times the obtainer of the stolen credit cards sells it directly to the Cyber criminal but this is not ideal for the obtainer. Here is why:
The obtainer Usually manages to obtain the credit card details by skimming credit cards at his job (Gas station, Hotel, Convenience store [this is why you should always use contactless payment]), putting a skimmer on an ATM machine (if put in a public area like a tourist place, this can get thousands of credit cards in a single weekend, if sold for 5-10 dollars each with $6,2 average, and if 3.2k cards are collected, that is $19,840 for a sub35 dollar gadget. This is why you should always check the atms you put your card in.), or by also hacking an ecommerce site.
If the Obtainer then sells the credit card information directly to the marketplace, if the marketplace get's cracked by police, or law enforcement comissions a crypto tracing firm like Chainalysis to track the bitcoin payments, it could mean the end of the Obtainer's life as a man without a criminal record.
Even though the Obtainer can sell low tier cards for 10 dollars and GREAT cards for 50 dollars on the site, whilst only 5 dollars for low tier cards and 10 dollars for great cards if he sells it to a reseller, this is worth it as
The reseller buys in bulk, so it's gauranteed sales
The obtainer basically uses the reseller as a VPN, whichs lowers the risk he will be caught by law enforcement.
A video showing someone finding a CC Skimmer in an American 7/11
A Very famous CC skimmer video on Youtube with 24M views.
The Fraudster would have gotten thousands of CC's if this guy hadn't caught it, this is a very famous tourist destination in Italy.
This is the Credit Card Marketplace Model
Here is an Image visualizing the Credit Card marketplace model.
This is actually quite high level as this graph seems to depict a credit card fraudster using a botnet to mass use the credit cards. 99% of Fraudsters don't do this and use the cards manually as Carding is a very low knowledge fraud used by petty criminals the same way robbing gas stations is a very low level crime. The difference is, Carding pays much more and barely has any risk, which is why it's so dangerous
This image shows what the model looks like for MOST fraudsters:
The steps the USER cybercriminal takes to committing Credit Card Fraud.
1. Setting up the laptop/Pc used.
Even though this type of fraud can be done on Mobile, most (99%+) would use in a PC environment. It's like studying, it's much easier to study on PC than Mobile.
The precautions a cyber criminal takes to commit the crime is simple. These precautions serve 2 purposes:
Privacy/Opsec
To bypass outdated security.
Privacy: It isn't ideal to use windows as Windows is a very unprivate operating system with Windows Recall taking a screenshot of your machine every 10 seconds. THIS DOES NOT MEAN THE CRIMINAL CHANGES HIS OPERATING SYSTEM. Instead he would simply insert a bootable USB in his PC which would make his computer run off the USB instead his HDD. THe only other bootable operating system other than windows from USB is BSD which nobody uses and Linux.
The most used Linux OS for this is Linux Mint as it's just a linux version of windows, very straight forward, the criminal does not have to learn any linux stuff for this.
This is not a common tactic and many Cyber Criminals just go raw with Windows but Security researchers have seen many CC criminals admit to using Linux Mint USBS.
The reason they do not use TailsOS is because TailsOS forces all connections through the TOR Network which is very slow, unideal, and all TOR IPs are public with many Ecommerce sites choosing to block them.
The cybercriminal would then use a VPN, The most used VPN by cybercriminals is Mullvad. This is because it's fast and cheap, and because they don't collect logs. This has been confirmed as they were raided by German law enforcement as the German Police subpeona'd them, in which Mullvad replied "we have no logs" and German police did not believe them, they raided and low and behold, they were telling the truth. Mullvad is the only VPN provider which is confirmed to not store logs on it's users, making it seen as a better tor as the IP's aren't public and it's very fast.
The cybercriminal would use the firefox extension for mullvad as the linux installation is complicated and we are assuming the cyber criminal is a 12 year old with severe autism. He would then allow the extension to be used in private windows, put in his mullvad account number then use it on an incognito window so cookies leakage doesn't happen.
Money used so far: 11 USD (6 USD on USB [lets say 32gb], 5 USD on 1 month mullvad subscription) [this is not counting the money originally spent the laptop obviously]
2. Acquisition of Stolen Card Data
The cyber Fraudster would then go on a credit card marketplace and buy Credit card information. The price would be 10 dollars for a low tier card, 50 dollars for a high tier card with high credit limit.
Let's say the criminal splurges on 2 high tiers and 1 middle-low tier, 2 $50's, 1 $20's = 120
He would buy this in various marketplaces like the RoseRed.cc site (very publicly known marketplace that you could find from scrolling through a security researcher's twitter, Public information.
Money used so far: 131 USD [Credit cards + money used in other step]
3. Card Validation ("Bin Checking" or Testing)
Using Openweb credit card information sites, Using scripts to check their validity, small test transactions. He would also check the BIN(Bank Identification Number) to group cards by bank or country.
4.Exploitation (Purchasing Goods or Services)
Multiple ways he would do this
-Buying resellable goods (phones, gift cards, game codes)
-Booking hotels/flights (for later resale or laundering)
-Subscribing to premium services (Netflix, VPNs, etc.)
-Laundering via digital assets (cryptocurrency, NFTs, etc.)
Do this 3 times a week, 3,270*3 = 9810 = 1,401 per week. This is how dangerous this type of fraud is.
2. Avoid skimmers (devices that steal your card info at ATMs and gas pumps)
3. Use privacy-focused card services
4. General tips
PROTECT YOURSELVES AGAINST FRAUD.
THIS GUIDE DOES NOT PROMOTE ANY ILLEGAL ACTIONS. ALL INFORMATION SHARED IN THIS GUIDE IS PUBLICLY AVAILABLE
THIS GUIDE'S INTENT IS EDUCATION AND TO TEACH PEOPLE HOW TO "AVOID IT HAPPENING TO YOU"
--------------------
If you're a fraudster please click off this guide as it could teach you how to buy and use credit cards online, which could result in you stealing $1,000/d with very little consequence.
This is extremely bad, please click off.
Carding definition:
The act of obtaining someone else's credit card information, by either by buying it off online black markets, hacking an online store, or simply looking at someone else's card and writing down the number and exp. date. Once the card info is obtained the person doing the carding will usually have a drop point (an empty house or building) and have the items ordered with the credit card shipped there to make the whole act pretty untraceable.
----------------------------------------------
If you're financially stable, have always paid off Debt and have a good credit score you can get a good credit card with good rates, stats say that 82% of Americans over 20 have a Credit Card in their name. Unfortunately, Fraudsters are constantly trying to steal your credit card information, and you could wake up with thousands of dollars taken.
The issue is, Carding is Quick Easy, Cheap, extremely Low Risk and can be taught to a 12 year old with hyper autism.
This is how They do It.
Disclaimer for Admins:
Disclaimer: I HAVE NEVER DONE THIS. YOU SHOULD NOT DO THIS. CREDIT CARD FRAUD HURTS MILLIONS OF AMERICANS A YEAR.
ALL THE INFORMATION IN THIS "GUIDE" IS COMPLETELY PUBLIC, AND CAN BE LEARNT BY LOOKING AT DEPARTMENT OF JUSTICE PRESS RELEASES AND READING A COUPLE WIKIPEDIA PAGES OR READING SECURITY RESEARCH ARTICLES. NOTHING IN THIS GUIDE GOES AGAINST LOOKSMAX.ORG TOS NOR IS IT ILLEGAL AS I AM NOT PERSUADING ANYONE TO DO IT, I AM JUST DISPLAYING PUBLICLY AVAILABLE INFORMATION.
CREDIT CARD FRAUD IS AGAINST THE LAW AND CAN RESULT IN FINES FOR FIRST TIME OFFENDERS, WITH THE AVERAGE JAIL SENTENCE FOR IT BEING 28 MONTHS.
ALL THE INFORMATION IN THIS "GUIDE" IS COMPLETELY PUBLIC, AND CAN BE LEARNT BY LOOKING AT DEPARTMENT OF JUSTICE PRESS RELEASES AND READING A COUPLE WIKIPEDIA PAGES OR READING SECURITY RESEARCH ARTICLES. NOTHING IN THIS GUIDE GOES AGAINST LOOKSMAX.ORG TOS NOR IS IT ILLEGAL AS I AM NOT PERSUADING ANYONE TO DO IT, I AM JUST DISPLAYING PUBLICLY AVAILABLE INFORMATION.
CREDIT CARD FRAUD IS AGAINST THE LAW AND CAN RESULT IN FINES FOR FIRST TIME OFFENDERS, WITH THE AVERAGE JAIL SENTENCE FOR IT BEING 28 MONTHS.
Now that we have gotten that out of the way let's get to the good stuff.
There are multiple types of Cyber Criminals when it comes to carding.
The obtainer of Stolen credit cards, the Reseller of the Stolen CC's and then the Cyber criminal which buys them off the reseller.
We will call these Cyber criminals:
- Obtainer - the one who obtains the cards
- Reseller - The one who buys it off obtainer and sells it on a marketplace
- User - The one who buys the CCs off the marketplace and actually uses it
Many times the obtainer of the stolen credit cards sells it directly to the Cyber criminal but this is not ideal for the obtainer. Here is why:
The obtainer Usually manages to obtain the credit card details by skimming credit cards at his job (Gas station, Hotel, Convenience store [this is why you should always use contactless payment]), putting a skimmer on an ATM machine (if put in a public area like a tourist place, this can get thousands of credit cards in a single weekend, if sold for 5-10 dollars each with $6,2 average, and if 3.2k cards are collected, that is $19,840 for a sub35 dollar gadget. This is why you should always check the atms you put your card in.), or by also hacking an ecommerce site.
If the Obtainer then sells the credit card information directly to the marketplace, if the marketplace get's cracked by police, or law enforcement comissions a crypto tracing firm like Chainalysis to track the bitcoin payments, it could mean the end of the Obtainer's life as a man without a criminal record.
Even though the Obtainer can sell low tier cards for 10 dollars and GREAT cards for 50 dollars on the site, whilst only 5 dollars for low tier cards and 10 dollars for great cards if he sells it to a reseller, this is worth it as
The reseller buys in bulk, so it's gauranteed sales
The obtainer basically uses the reseller as a VPN, whichs lowers the risk he will be caught by law enforcement.
A video showing someone finding a CC Skimmer in an American 7/11
A Very famous CC skimmer video on Youtube with 24M views.
The Fraudster would have gotten thousands of CC's if this guy hadn't caught it, this is a very famous tourist destination in Italy.
This is the Credit Card Marketplace Model
Here is an Image visualizing the Credit Card marketplace model.
This is actually quite high level as this graph seems to depict a credit card fraudster using a botnet to mass use the credit cards. 99% of Fraudsters don't do this and use the cards manually as Carding is a very low knowledge fraud used by petty criminals the same way robbing gas stations is a very low level crime. The difference is, Carding pays much more and barely has any risk, which is why it's so dangerous
This image shows what the model looks like for MOST fraudsters:
The steps the USER cybercriminal takes to committing Credit Card Fraud.
1. Setting up the laptop/Pc used.
Even though this type of fraud can be done on Mobile, most (99%+) would use in a PC environment. It's like studying, it's much easier to study on PC than Mobile.
The precautions a cyber criminal takes to commit the crime is simple. These precautions serve 2 purposes:
Privacy/Opsec
To bypass outdated security.
Privacy: It isn't ideal to use windows as Windows is a very unprivate operating system with Windows Recall taking a screenshot of your machine every 10 seconds. THIS DOES NOT MEAN THE CRIMINAL CHANGES HIS OPERATING SYSTEM. Instead he would simply insert a bootable USB in his PC which would make his computer run off the USB instead his HDD. THe only other bootable operating system other than windows from USB is BSD which nobody uses
and Linux.The most used Linux OS for this is Linux Mint as it's just a linux version of windows, very straight forward, the criminal does not have to learn any linux stuff for this.
This is not a common tactic and many Cyber Criminals just go raw with Windows but Security researchers have seen many CC criminals admit to using Linux Mint USBS.
The reason they do not use TailsOS is because TailsOS forces all connections through the TOR Network which is very slow, unideal, and all TOR IPs are public with many Ecommerce sites choosing to block them.
The cybercriminal would then use a VPN, The most used VPN by cybercriminals is Mullvad. This is because it's fast and cheap, and because they don't collect logs. This has been confirmed as they were raided by German law enforcement as the German Police subpeona'd them, in which Mullvad replied "we have no logs" and German police did not believe them, they raided and low and behold, they were telling the truth. Mullvad is the only VPN provider which is confirmed to not store logs on it's users, making it seen as a better tor as the IP's aren't public and it's very fast.
The cybercriminal would use the firefox extension for mullvad as the linux installation is complicated and we are assuming the cyber criminal is a 12 year old with severe autism. He would then allow the extension to be used in private windows, put in his mullvad account number then use it on an incognito window so cookies leakage doesn't happen.
Money used so far: 11 USD (6 USD on USB [lets say 32gb], 5 USD on 1 month mullvad subscription) [this is not counting the money originally spent the laptop obviously]
2. Acquisition of Stolen Card Data
The cyber Fraudster would then go on a credit card marketplace and buy Credit card information. The price would be 10 dollars for a low tier card, 50 dollars for a high tier card with high credit limit.
Let's say the criminal splurges on 2 high tiers and 1 middle-low tier, 2 $50's, 1 $20's = 120
He would buy this in various marketplaces like the RoseRed.cc site (very publicly known marketplace that you could find from scrolling through a security researcher's twitter, Public information.
Money used so far: 131 USD [Credit cards + money used in other step]
3. Card Validation ("Bin Checking" or Testing)
Using Openweb credit card information sites, Using scripts to check their validity, small test transactions. He would also check the BIN(Bank Identification Number) to group cards by bank or country.
4.Exploitation (Purchasing Goods or Services)
Multiple ways he would do this
-Buying resellable goods (phones, gift cards, game codes)
-Booking hotels/flights (for later resale or laundering)
-Subscribing to premium services (Netflix, VPNs, etc.)
-Laundering via digital assets (cryptocurrency, NFTs, etc.)
5.Monetization (Resale and Laundering)
The criminal would then actually resell the stolen goods on platforms like eBay, Telegram, or local markets
Multiple Phones bought = 4,500 USD in product, sell it on stockx for 3,400 - 131 for money used = 3,269 USD in profit from stockX 1 week after sending the products.Do this 3 times a week, 3,270*3 = 9810 = 1,401 per week. This is how dangerous this type of fraud is.
HOW TO PROTECT YOURSELF:
1. Watch out for phishing (fake emails, texts, and websites)- Don’t click random links that claim your account’s “locked” or “compromised.”
- Double check the URL of any site before you log in or enter card info.
- If something feels off, go directly to the company’s website instead of following the link.
- Your bank or service provider will never ask for your full card number, CVV, or 2FA codes by email or text.
2. Avoid skimmers (devices that steal your card info at ATMs and gas pumps)
- Before using a card reader, give it a quick tug or wiggle. If it feels loose or bulky, don’t use it.
- Prefer chip readers or contactless over magstripe.
- Cover your hand when entering your PIN — hidden cameras are often used with skimmers.
- Use ATMs in well-lit, secure locations (like inside banks), not random ones in shady areas.
3. Use privacy-focused card services
- Services like Privacy.com (US-only) or Revolut (in some countries) let you create virtual cards.
- You can generate single-use cards or lock them to specific merchants — super handy for subscriptions or sketchy sites.
- If the card details get leaked, you just delete it and make a new one.
- Some banks also offer this feature in their app — worth checking.
4. General tips
- Set up instant notifications for card transactions — that way, you know immediately if something weird happens.
- Use strong passwords and 2FA on any accounts tied to your money.
- Don’t store your card info on every site — the fewer places that have your data, the better.
- Check your statements regularly. The sooner you spot something off, the easier it is to dispute.
Conclusion: Carders are bad. Plain and simple. They don’t hack the planet — they steal from regular people, ruin lives, and hide behind keyboards like cowards. Most of them rely on lazy tricks, hoping you’re not paying attention. But if you stay sharp, they don’t stand a chance.
Even if you can make 1,000s per day, it's wrong, even if it's super easy, it's wrong, even if the return on investment is like 1,000%, it's wrong, even if there is legitimately no risk, it's wrong.
Dm me on discord for any questions: @npep12
I know obtainer is not a real word btw idc
Carding is bad don't do it, protect yourself.
No, everything in Cyan is not AI generated and any comments insinuating it is will be ignored.
If this post gets taken down looksmax admins can't read.
PROTECT YOURSELVES AGAINST FRAUD.
Bump this thread.
If it gets enough bumps I may make a guide showing how EVIL people buy stuff from ecommerce sites like Amazon, then falsely refund them, essentially getting the product for free, and how YOU can avoid it happening to YOUR business.
Last edited:
