
Fruad
Iron
- Joined
- Apr 18, 2025
- Posts
- 22
- Reputation
- 11
READ THIS BEFORE CONTINUING:
THIS GUIDE DOES NOT PROMOTE ANY ILLEGAL ACTIONS. ALL INFORMATION SHARED IN THIS GUIDE IS PUBLICLY AVAILABLE
THIS GUIDE'S INTENT IS EDUCATION AND TO TEACH PEOPLE HOW TO "AVOID IT HAPPENING TO YOU"
--------------------
If you're a fraudster please click off this guide as it could teach you how to social engineer crypto holder's and steal there cryptocurrencies, which could result in you stealing $100,000+ per week with very little consequence.
This is extremely bad, please click off.
Social engineer definition:
The act of manipulating individuals to gain unauthorized access to confidential information or secure areas. Exploiting human psychology rather than technical vulnerabilities, using emotions such as trust, fear, or urgency. Common methods include phishing, where attackers send fake emails that appear legitimate to trick people into revealing sensitive information like passwords. Another method is pretexting, which involves creating a fabricated scenario to elicit information from the target under the guise of a legitimate request. Baiting is another tactic, where enticing offers, such as free downloads or giveaways, lure individuals into providing personal information.
----------------------------------------------
If you're a crypto investor and keep you're cryptocurrency on a exchange you can easily buy and sell crypto on the exchange stats say that approximately 50% to 70% of all cryptocurrency assets are stored on various exchanges at any given time. This is partly due to the convenience that exchanges offer for trading, buying, and selling cryptocurrencies Unfortunately fraudsters are constantly targeting user's of common crypto exchanges and impersonating employees over the phone to steal you're crypto.
The issue is, social engineering crypto investor's is free to learn and extremely Low Risk if the threat actor practices good OPSEC and can be taught to a 12 year old with autism unironically.
This is how They do It.
Download/screenshot this guide just incase if you're intererested.
Now that we have gotten that out of the way let's get to the good stuff.
There are multiple types of Cyber Criminals when it comes to social engineering.
- The developer, the guy who codes and creates all the websites / programs used in the social engineering we will call these guys Dev's
- The data broker, this is the guy who has the databases usually this is done through them hacking the company or having insider information
- The caller, This is the guy who is making the phone calls pretending to whomever depending on what there after
- The advertiser, This is the guy who promotes the programs / opportunity to call to other lower level cyber criminal's in the community
Many times the developer of the programs sells it directly to the Cyber criminal for an upfront fee but this is not ideal for the obtainer. Here is why:
The developer usually spends days if not weeks creating the website/program's the cyber criminals will use in there crypto heist which allows him to charge a premium upfront fee which although this can generate a good income it's not nearly as profitable as charging an upfront fee + a % of every $ the cybercriminal steals from victims using the devs software or website.
A screenshot of a developer's advertisement for a email spoofer on the app telegram where these cyber criminals operate.
It's safe to say the devoloper has made 10,000$ + within the time of me writing this post, from his email spoofer.
This is the telegram social enginnering Marketplace Model
This is actually quite scaled down as this graph seems to depict a hacker to hacker to hacker pyramid scheme 99% of Fraudsters don't do this entire process and use automatically start off somewhere in the middle or just start off by calling eventsully getting there own priv data and callers while they kick up there feet and watch the crypto roll in.
The steps the cybercriminal takes to committing crypto related fraud.
Starting there journey
encrypting there pc this is important because most crypto fraudsters know there will come a day where feds might catch onto there trail and raid them and for this reason they encrypt there pc's so that the police can't simply just go thru there pc and veiw all the encrimnating shit thats on it im not gonna expain how encryption works in this thread because i cba and its common sense. they also will setup vm or rdp to store stolen funds or conduct there operations sometimes this is accompined by vpn and proxy aswell sometimes I also will not be sharing which vpn/proxy are the best you can do your own research on what vpn/proxy fraudsters like to use. Anyways if the fraudster is rich they may also have a trezor or ledger where they will store large sums of there stolen crypto. Outside of opsec fraudsters depending on where there at in the journey will take the time to join servers and chat rooms with other like minded people and start making friends this is usally how they end up finding people to work for / with.
HOW THE ATTACK IS EXCUTED A - Z FULL GUIDE (FOR THE LAZY FUCKS WHO SKIPPED TO THE BOTTOM)
1. Call up target with spoofing so it comes from offical company number
2. Convince target there account was logged into and and there's active device logged into it
3. Send target email spoofing from offical company domain containing a case id and emoployee name
4. Send target email spoofing from offical company domain containing a secure portal ( 1:1 clone of the site thats in attackers control)
5. Have target click on the site and log into there crypto exchange account and enter there seed phrase into the site
6. Walk the target through transfering there funds from there exchange into a wallet thats in the attackers control
7. Ask for external wallets such as trezor, ledger,metamask,coinbase wallet if target confirms having any of these walk them through sending out funds into the wallet thats in attackers control aswell
8. Once target has sent out all there crypto to the wallet in our control send out the crypto from the wallet thats in attackers control into a differnt wallet that only the attacker has access to
9. Once funds have hit the wallet only the attacker has access to cuts are sent out accordingly to everyone who was involved
10. Everyone depo's into stake and buys OG usernames and uses newly found wealth to flex exotic rentals and air bnbs on instagram and socials alike.
2. General tips

THIS GUIDE DOES NOT PROMOTE ANY ILLEGAL ACTIONS. ALL INFORMATION SHARED IN THIS GUIDE IS PUBLICLY AVAILABLE
THIS GUIDE'S INTENT IS EDUCATION AND TO TEACH PEOPLE HOW TO "AVOID IT HAPPENING TO YOU"
--------------------
If you're a fraudster please click off this guide as it could teach you how to social engineer crypto holder's and steal there cryptocurrencies, which could result in you stealing $100,000+ per week with very little consequence.
This is extremely bad, please click off.
Social engineer definition:
The act of manipulating individuals to gain unauthorized access to confidential information or secure areas. Exploiting human psychology rather than technical vulnerabilities, using emotions such as trust, fear, or urgency. Common methods include phishing, where attackers send fake emails that appear legitimate to trick people into revealing sensitive information like passwords. Another method is pretexting, which involves creating a fabricated scenario to elicit information from the target under the guise of a legitimate request. Baiting is another tactic, where enticing offers, such as free downloads or giveaways, lure individuals into providing personal information.
----------------------------------------------
If you're a crypto investor and keep you're cryptocurrency on a exchange you can easily buy and sell crypto on the exchange stats say that approximately 50% to 70% of all cryptocurrency assets are stored on various exchanges at any given time. This is partly due to the convenience that exchanges offer for trading, buying, and selling cryptocurrencies Unfortunately fraudsters are constantly targeting user's of common crypto exchanges and impersonating employees over the phone to steal you're crypto.
The issue is, social engineering crypto investor's is free to learn and extremely Low Risk if the threat actor practices good OPSEC and can be taught to a 12 year old with autism unironically.
This is how They do It.
Disclaimer for Admins:
Disclaimer: I HAVE NEVER DONE THIS. YOU SHOULD NOT DO THIS. CREDIT CARD FRAUD HURTS MILLIONS OF AMERICANS A YEAR.
ALL THE INFORMATION IN THIS "GUIDE" IS COMPLETELY PUBLIC, AND CAN BE LEARNT BY LOOKING AT DEPARTMENT OF JUSTICE PRESS RELEASES AND READING A COUPLE WIKIPEDIA PAGES OR READING SECURITY RESEARCH ARTICLES. NOTHING IN THIS GUIDE GOES AGAINST LOOKSMAX.ORG TOS NOR IS IT ILLEGAL AS I AM NOT PERSUADING ANYONE TO DO IT, I AM JUST DISPLAYING PUBLICLY AVAILABLE INFORMATION.
Cryptocurrency fraud is illegal and can lead to severe penalties, including significant fines for first-time offenders. Engaging in fraudulent activities related to cryptocurrency can result in criminal charges, with the average jail sentence for those convicted ranging from 5 to 10 years, depending on the severity of the offense.
ALL THE INFORMATION IN THIS "GUIDE" IS COMPLETELY PUBLIC, AND CAN BE LEARNT BY LOOKING AT DEPARTMENT OF JUSTICE PRESS RELEASES AND READING A COUPLE WIKIPEDIA PAGES OR READING SECURITY RESEARCH ARTICLES. NOTHING IN THIS GUIDE GOES AGAINST LOOKSMAX.ORG TOS NOR IS IT ILLEGAL AS I AM NOT PERSUADING ANYONE TO DO IT, I AM JUST DISPLAYING PUBLICLY AVAILABLE INFORMATION.
Cryptocurrency fraud is illegal and can lead to severe penalties, including significant fines for first-time offenders. Engaging in fraudulent activities related to cryptocurrency can result in criminal charges, with the average jail sentence for those convicted ranging from 5 to 10 years, depending on the severity of the offense.
Now that we have gotten that out of the way let's get to the good stuff.
There are multiple types of Cyber Criminals when it comes to social engineering.
- The developer, the guy who codes and creates all the websites / programs used in the social engineering we will call these guys Dev's
- The data broker, this is the guy who has the databases usually this is done through them hacking the company or having insider information
- The caller, This is the guy who is making the phone calls pretending to whomever depending on what there after
- The advertiser, This is the guy who promotes the programs / opportunity to call to other lower level cyber criminal's in the community
Many times the developer of the programs sells it directly to the Cyber criminal for an upfront fee but this is not ideal for the obtainer. Here is why:
The developer usually spends days if not weeks creating the website/program's the cyber criminals will use in there crypto heist which allows him to charge a premium upfront fee which although this can generate a good income it's not nearly as profitable as charging an upfront fee + a % of every $ the cybercriminal steals from victims using the devs software or website.

A screenshot of a developer's advertisement for a email spoofer on the app telegram where these cyber criminals operate.
It's safe to say the devoloper has made 10,000$ + within the time of me writing this post, from his email spoofer.
This is the telegram social enginnering Marketplace Model

This is actually quite scaled down as this graph seems to depict a hacker to hacker to hacker pyramid scheme 99% of Fraudsters don't do this entire process and use automatically start off somewhere in the middle or just start off by calling eventsully getting there own priv data and callers while they kick up there feet and watch the crypto roll in.
The steps the cybercriminal takes to committing crypto related fraud.
Starting there journey
encrypting there pc this is important because most crypto fraudsters know there will come a day where feds might catch onto there trail and raid them and for this reason they encrypt there pc's so that the police can't simply just go thru there pc and veiw all the encrimnating shit thats on it im not gonna expain how encryption works in this thread because i cba and its common sense. they also will setup vm or rdp to store stolen funds or conduct there operations sometimes this is accompined by vpn and proxy aswell sometimes I also will not be sharing which vpn/proxy are the best you can do your own research on what vpn/proxy fraudsters like to use. Anyways if the fraudster is rich they may also have a trezor or ledger where they will store large sums of there stolen crypto. Outside of opsec fraudsters depending on where there at in the journey will take the time to join servers and chat rooms with other like minded people and start making friends this is usally how they end up finding people to work for / with.
HOW THE ATTACK IS EXCUTED A - Z FULL GUIDE (FOR THE LAZY FUCKS WHO SKIPPED TO THE BOTTOM)
1. Call up target with spoofing so it comes from offical company number
2. Convince target there account was logged into and and there's active device logged into it
3. Send target email spoofing from offical company domain containing a case id and emoployee name
4. Send target email spoofing from offical company domain containing a secure portal ( 1:1 clone of the site thats in attackers control)
5. Have target click on the site and log into there crypto exchange account and enter there seed phrase into the site
6. Walk the target through transfering there funds from there exchange into a wallet thats in the attackers control
7. Ask for external wallets such as trezor, ledger,metamask,coinbase wallet if target confirms having any of these walk them through sending out funds into the wallet thats in attackers control aswell
8. Once target has sent out all there crypto to the wallet in our control send out the crypto from the wallet thats in attackers control into a differnt wallet that only the attacker has access to
9. Once funds have hit the wallet only the attacker has access to cuts are sent out accordingly to everyone who was involved
10. Everyone depo's into stake and buys OG usernames and uses newly found wealth to flex exotic rentals and air bnbs on instagram and socials alike.
HOW TO PROTECT YOURSELF:
1. Watch out for phishing (fake emails,calls, texts, and websites)- Don’t click random links that claim your account’s “locked” or “compromised.”
- Double check the URL of any site before you log in or enter card info.
- If something feels off, go directly to the company’s website instead of following the link.
- Your bank or service provider will never ask for your full card number, CVV, or 2FA codes by email or text.
- Remember google / crypto exchanges would never call you asking for personal information
2. General tips
- Set up instant notifications for card transactions — that way, you know immediately if something weird happens.
- Use strong passwords and 2FA on any accounts tied to your money.
- Don’t use same email for every site — the fewer places that have your data, the better.