• XSS.stack #1 – первый литературный журнал от юзеров форума

We develop our own private fraud methods easily - Beginner level

Отслеживать
zarma200 сказал(а):
i see , but please can i pm you bruh, i just need small guidance because they seems to be asking me for
Membership Number which i do not know how to get it
No. Please leave the discussion here. If other people have the same question, it allows them to read the response- not to mention allowing for others who may be more informed contribute... Anyways, I tried to be explicit in detailing that the idea was not to mimic my example, but rather implement a similar analytical approach to obtain your goal. Nevertheless, I suppose whatever you're getting stuck at is due to the fact you should be entering the rewards from the credit card/account login. For example:

Checking - Acct 1234 -Balance 10,000.00
Savings - Acct 1235 - Balance 2,600.00
Wells Fargo Cash Back Credit - Acct 4200 - Balance 605.00 - Rewards 1,337 points

If you see an additional, separate link for rewards, that means the customer has already set up an account to use them, and your efforts (at least in my workflow) are futile.
 
DimmuBurgor сказал(а):
No. Please leave the discussion here. If other people have the same question, it allows them to read the response- not to mention allowing for others who may be more informed contribute... Anyways, I tried to be explicit in detailing that the idea was not to mimic my example, but rather implement a similar analytical approach to obtain your goal. Nevertheless, I suppose whatever you're getting stuck at is due to the fact you should be entering the rewards from the credit card/account login. For example:

Checking - Acct 1234 -Balance 10,000.00
Savings - Acct 1235 - Balance 2,600.00
Wells Fargo Cash Back Credit - Acct 4200 - Balance 605.00 - Rewards 1,337 points

If you see an additional, separate link for rewards, that means the customer has already set up an account to use them, and your efforts (at least in my workflow) are futile.
thank you again once again for you reply and idea but the rewards site i was trying to enroll in is https://businesscard.wellsfargorewards.com/ui-wf/#/proddetailpage/b2074 and it was this wells fargo 485620 i bought
 
ghostmarket09 сказал(а):
I always see posts on forums with people looking to buy "methods" and my inbox is filled with this also. This might seem like an easy and fast way for beginners but you would benefit much more from developing your own. I do not see anyone sharing this info so I will share my methodologies with you. This is a basic beginner lesson on fraud methodology, the building blocks to create your own unsaturated and private methods and be capable and independent and dangerous without relying on anything but your mind. If this is popular i will post more on this for intermediate and advanced perhaps.


I work in fraud only as a hobby now and passion but it was my first love and when i started this work there were no methods to buy or be given, just instruction and some tips. You usually worked as a drop to establish trust and rep before any advice would be given in those days. Most worked revolved around carding and reships then, were not discussing this today. Today i will give you a valid and working foundation that you can use as a framework to develop your own private and unique methods forever. This is not a method, this is one way that methods are made.



So where to begin? Creativity helps, without a creative mind you can still succeed but creativty is like having a cheat code. If you are not creative then here are some shortcuts:
A. Search reddit for posts with keywords like account hacked, wallet hacked, bank hacked, bad security app, no otp, no 2fa, deposit stolen, deposit redirected and things along these lines. Look at the newest posts and skim the story and comments. Often you will find a target to explore and the weakness already explained from the users complaint . In the comments many times users will complain the same security issues exists with their bank/store/payroll/ etc as well.

B. Check credit/points/miles/churning blogs like drofcredit. I've found many easy gems there before anyone knew about or abused them. Cardless.com, shopyourway.com/giftcards made $100k+ with this one and wrote this article, $75 uber vouchers exploit i looped for hundreds of them in less than 24 hours, all kinds of referral programs that i checked and found it worthwhile to automate and much more. New programs and partnerships often have bugs and flaws you can exploit and following these blogs keeps you in front of the line.

C. Take an idea of some method you used to know and remix it for a new one easily. This is the easiest and quickest and most overlooked way for beginners and i recommend it. For example if you used to work with payment processors and cashouts like stripe or whatever oversaturated crap then take a moment and break it down into pieces and check google. Search for something like "payment processors for attorneys". So now you have specific niche results and a new but familiar world opens up to you.



We see our first result is a website called clio. Grab some logs with this domain and test logging in for security like otp or unrecognized device. After brief testing we see there is no security when logging in and can try unlimited attempts no problem!





We find an account with recent pay history from clients:

Посмотреть вложение 39900


We use our brains and explore to find where payments are deposited and can we edit it to our drops easily and unnoticed:
'

Посмотреть вложение 39901


Посмотреть вложение 39902


So far this is looking quite promising and we are finding this live, took 5 minutes while writing this post and i share with you.

From here we attach our bank drop, but first we check settings for notifications and disable, if there is a mobile app we login and check again for notificxations disabled.
For something like this I recommend cashapp drops with account/routing number since payments are not high and cashapp accepts anyname deposits up to 25k mismatch is fine.
We leave all the details the same but input our account+routing and save. Then enable notifications once more. We do this to as many as possible to get proper test results and see
how much simple abuse we can do to make our job easier.


We check in a few days for direct deposits from clio. Then we collect the lawyers money until he notices and cuts us off.



This is a very small example of a very large and diverse field that it is very easy to have success in as long as you arent lazy, or stupid and are honest with yourself and where you stand. Dont lie or exaggerate, and never offer advice or post help on topics you have not mastered and are certain your are not supplying misinformation.


If you dont know how to get logs for targets you find then i will help you out, just post your target in the thread and ill respond with logs for you. You should build up a large database of your own though eventually which can be made out of even all the free log dumps on a vps. Your targets should never be mainstream anyway so public logs are fine for you.

Let me know if everyone would be interested with more in depth, advanced methdology.


PS After further looking at clio it appears the built in credit card processor for charging clients might be even better with fast deposits and high amounts are normal. Or perhaps you could extort the attorneys for a payment as well since all the law firm confidential data is apparently available as well. Be creative, this was just quick writeup​
this is a good post keep it up
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх