Carding is a term used to describe an unauthorized use of victim’s credit card, bank account, and other financial information. Another valuable data is considered PayPal, Uber and Netflix-related information that can be used for money laundering. Once the hacker gets required information, he/she tries to use it for making illegal purchases or uses carding forums, malicious websites, and other distribution points for selling it. For withdrawing the money without victim’s approval, these criminals make bank transfers or use other methods capable of helping them to obtain goods without making payment. Each of these activities leads the victim to the money loss. Typically, people who are behind such activity seek to reveal as much information as possible.
Carding is implemented with the help of various methodologies. In the very beginning, it was based on stolen credit cards that can be used to make illegal purchases until they are cancelled. However, now the main method that is used for stealing credit card information, financial data, and other sensitive details is related to malware. However, this is not the only way used by carders. They can also steal people’s personal information with the help of phishing. This trickery is based on fake websites that pretend to legitimate institutions, such as banks, universities, hotels, online shops and similar major institutions. Also, spam and misleading email messages have also been actively used for tricking PC users into revealing their personal and financial data, such as logins and passwords.
To stay safe from this extremely dangerous activity, users should start following safe browsing practices. You should always use a reputable anti-spyware, stay away from illegal websites, avoid browser redirections and misleading pop-up ads, and ignore spam or emails from unknown people for protecting your personal information. We believe that it is too valuable to be revealed for malicious parties.
The history of the carding fraud
The term “carding” was introduced in the 80s when people have started suffering from the loss of their credit card-related information. It is known that the first carding frauds were initiated with the help of insiders who called people to make them reveal their credit card details. In the 90s, hackers started using AOL Dial-up accounts that became useful tools for stealing needed information. Once AOL added “no one working at AOL will ask for your password or billing information” notification to each of its messenger communications, hackers stopped using this method.
In the 2000s, 150 Russian hackers from Odessa introduced “CarderPlanet”, which soon has become one of the most popular financial data websites. Within the several years, this site turned into the biggest marketplace of the stolen credit with more than 7,000 members and over 1.7 million stolen credit card numbers. This gang managed to cause more than $4.3 million of losses and was shot down in 2004, after 28 arrests of its members.
Russian-speaking forums are still dominating over English forums. They are mostly used for selling confidential data, such as credit card details, banking data, logins and similar information. For trying to protect themselves, carders use only private messaging systems, encrypted emails and forums, proxy networks, private VPNs and chatrooms. Nowadays, the most of money that is exported with a help of carding is transferred in a form of bitcoins. However, hackers can also rely on traditional wire services, such as the Western Union and MoneyGram.
Methods that are used by carders to steal sensitive information
- Malware. Malware that is mostly used for carding includes these categories: Trojan horses, rootkits, backdoors, etc. Each of these viruses can be installed on the system without any permission asked and then used to get the backdoor access to the system. These viruses can hide deep in the system as long as they need to collect the required amount of personal data. They can track their victims by recording their keystrokes or taking the screenshots of their desktops while they are using the Internet. After collecting financial information and other sensitive data, they send it to their remote server. The latest threat to watch out is “Backoff virus”, which is set to track PC users and steal their credit card data.
- Phishing. People engaged in carding sometimes use phishing websites to trick users into revealing their financial information. These sites look like real login websites because they are developed by grabbing images from real websites and using URLs that are very close to the real ones. Also, victims can also receive fake email messages resembling reputable companies. They seek to make the victim reveal his/hers credit card number, expiration date, and similar sensitive information.
- Carding forums. If the carder is not willing to use malware or if he/she simply does not know how to do that, he/she can use carding forums to receive needed information. Such forums have already become marketplaces used for such illegal activities as exchanging information related to stolen credit or debit card account numbers and similar data. The membership on such sites is usually paid, and only online nicknames can identify each of carders.
Protecting yourself from carding
- If you believe that a credit card fraudster targets you, you should waste no time and contact your bank. Please, let them know about your issues.
- If your business was affected, you should also let all your customers know about that. Asking them to change their passwords and another login information is always a good idea.
- To avoid programs that are used for identity theft, you should install a reliable anti-spyware. We highly recommend the following tools that have been tested by our team and received the biggest ranking: Reimage, Malwarebytes Malwarebytes.
- Don’t forget to update your programs (security software as well) to avoid vulnerabilities. These “holes” can be used for installing new malware on your computer that can additionally be used for tracking you and stealing your personal data.
- Stay away from illegal websites, suspicious Facebook pages and email messages from unknown senders. Each of them can lead you to the loss of your sensitive information, including your financial data.
Latest carding viruses added to the database
Information updated: 2017-05-11