xoxo345
Content Viral Loop Creator
2
MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1
300 XP
Please leave a like if you liked this. If you're new to cracked.io and don't have an account to view this post yet, up here.
This is a simple fraud method for complete beginners. It's not a no effort free money life hack etc, but it gives results if you are not a lazy ass. I have done this successfully. This is a well known and simple method, so if you have any experience, you will not probably learn anything new. Make sure you practice good OPSEC. BASIC WEB DEVELOPMENT SKILLS ARE REQUIRED, YOU CAN LEARN THOSE SKILLS ON YOUTUBE AND ELSEWHERE.
Step 1: Build a phishing page using HTML, CSS and Javascript. It does not have to be perfect, but create something as credible as possible. What you try to get with the phishing page depends on who you are targeting and how realistic the story is in the scam. You should try to receive the information entered on the phishing site immediately after the form is submitted, because once you put the site online (explained later), it may get banned, so you should use Disord webhooks, Telegram bots, Matrix bots etc. to receive the victim info immediately. You should put on the phishing site things like "Secured by Norton", "Confirmed virus-free by McAfee", "Uses military-grade 256-bit AES and TLS encryption", and all the other crap that people fall for somehow. Do not ask people about their social security number and other obvious scams in the form, but credit cards for payment or online account authentications would work, it depends only on what scam you send people. Some scams include you have to pay taxes, you have to update your package delivery, and your account has suspicious activity. This will not deceive most people, but it is okay, this is a numbers game, you just have to find enough people to fall for it. If you send your scam out to 10k people and 10 fall for it, it's fine. Try to avoid grammatical errors, long loading times, shitty and unprofessional designs, and other red flags. If you're not good at English, use a spell checker and ChatGPT. You can copy the phishing pages from Github and make changes or even visit urlscan.io and other web sites to find existing phishing pages, you can download them and make some changes. But do not create exact copies of the existing phishing pages, they do not work immediately when downloading and can be automatically detected by antiviruses.
Step 2: You will need to create a lot of accounts on different free hosting services, because these services have a lot of limits, and some will ban you. Just Google "free hosting provider", "free VPS", similar things. Upload your phishing site on each account you make. You have to make sure that free hosting things accept https, because some people trust anything with https.
Step 3: If the free hosting service allows you to connect a domain name, use freenom to get a domain name and try to make the domain as close to an authentic website possible, this tricks people that does not understand domain names.
Step 4: Find as many e-mail addresses to spam as you can, this forum has a lot of e-mail lists and you can find e-mail lists online. You can also use e-mails from data breaches and comoblists (if someone is in a combolist, their password is probably weak, so they might have bad tech skills, which is good). If you want to go to spearphishing, find e-mail addresses and use https://thatsthem.com to adapt the scam to certain people.
Step 5: Use a lot free webmail accounts to send your scam out to all the victims. Use the bcc field instead of the to or cc field. This will require manual work, but you can do it eventually if you're patient, most services limit how many emails you can send at once, so you'll need a lot of accounts. There's tutorials on here and other websites about how to make webmail accounts on Tor and VPN which you will need for OPSEC. Try to change the emails up sometimes so they don't get instantly set to the spam folder. You can also try to spoof emails from a legitimate domain (look up how to do that if you don't know), but every mail provider used by more than 0.01% of people will detect this unless the website you spoof is stupid and hasn't set up basic email verification.
Step 6: Once you receive details from victims, cash out. If you receive credit cards, use cards to buy money or gift cards (for a big operation, this will be impractical, but works at first, also do not purchase a lot at once if you have credit cards, fraud detection from the bank could happen). You can go online and sell stolen accounts, but make sure to authenticate to stolen accounts, change the password and email (use password manager for the account passwords, offline manager like keepass!), disconnect other logged in sessions, and turn on multi factor authentication (when someone buys the account, disable multi factor authentication and give your customer the login details), you don't want the victim regaining access, although they could get access back even if you do this, expect to lose some accounts you steal.
This is not an effective scam because most people won't fall for it, but you'll get victims if you do it enough. You need to reinvest some of the money from this on paid hosting and domain names so that you can be more effective and get working on other scams, this whole scam is a pain and you don't want to stick with it forever unless you're a patient person. It becomes easier if you make enough money to upgrade your scam, but it is a pain in the ass, no matter what.
If you use this, do not call yourself a 1337 H4X0R, it's a way to get money, it doesn't make you a hacker, I am so fucking fed up with script kiddies downloading some script on GitHub and telling everyone "I am super leet hacker I will pwn you and you should fear me!!!". Also an interesting fact, a good way to get the police in your door is to go and boast about how much money you stole and make yourself an annoying person. Keep that in mind, I am not trying to discourage you, but don't be an unlikeable person, for the sake of yourself and everyone around you.
This is a simple fraud method for complete beginners. It's not a no effort free money life hack etc, but it gives results if you are not a lazy ass. I have done this successfully. This is a well known and simple method, so if you have any experience, you will not probably learn anything new. Make sure you practice good OPSEC. BASIC WEB DEVELOPMENT SKILLS ARE REQUIRED, YOU CAN LEARN THOSE SKILLS ON YOUTUBE AND ELSEWHERE.
Step 1: Build a phishing page using HTML, CSS and Javascript. It does not have to be perfect, but create something as credible as possible. What you try to get with the phishing page depends on who you are targeting and how realistic the story is in the scam. You should try to receive the information entered on the phishing site immediately after the form is submitted, because once you put the site online (explained later), it may get banned, so you should use Disord webhooks, Telegram bots, Matrix bots etc. to receive the victim info immediately. You should put on the phishing site things like "Secured by Norton", "Confirmed virus-free by McAfee", "Uses military-grade 256-bit AES and TLS encryption", and all the other crap that people fall for somehow. Do not ask people about their social security number and other obvious scams in the form, but credit cards for payment or online account authentications would work, it depends only on what scam you send people. Some scams include you have to pay taxes, you have to update your package delivery, and your account has suspicious activity. This will not deceive most people, but it is okay, this is a numbers game, you just have to find enough people to fall for it. If you send your scam out to 10k people and 10 fall for it, it's fine. Try to avoid grammatical errors, long loading times, shitty and unprofessional designs, and other red flags. If you're not good at English, use a spell checker and ChatGPT. You can copy the phishing pages from Github and make changes or even visit urlscan.io and other web sites to find existing phishing pages, you can download them and make some changes. But do not create exact copies of the existing phishing pages, they do not work immediately when downloading and can be automatically detected by antiviruses.
Step 2: You will need to create a lot of accounts on different free hosting services, because these services have a lot of limits, and some will ban you. Just Google "free hosting provider", "free VPS", similar things. Upload your phishing site on each account you make. You have to make sure that free hosting things accept https, because some people trust anything with https.
Step 3: If the free hosting service allows you to connect a domain name, use freenom to get a domain name and try to make the domain as close to an authentic website possible, this tricks people that does not understand domain names.
Step 4: Find as many e-mail addresses to spam as you can, this forum has a lot of e-mail lists and you can find e-mail lists online. You can also use e-mails from data breaches and comoblists (if someone is in a combolist, their password is probably weak, so they might have bad tech skills, which is good). If you want to go to spearphishing, find e-mail addresses and use https://thatsthem.com to adapt the scam to certain people.
Step 5: Use a lot free webmail accounts to send your scam out to all the victims. Use the bcc field instead of the to or cc field. This will require manual work, but you can do it eventually if you're patient, most services limit how many emails you can send at once, so you'll need a lot of accounts. There's tutorials on here and other websites about how to make webmail accounts on Tor and VPN which you will need for OPSEC. Try to change the emails up sometimes so they don't get instantly set to the spam folder. You can also try to spoof emails from a legitimate domain (look up how to do that if you don't know), but every mail provider used by more than 0.01% of people will detect this unless the website you spoof is stupid and hasn't set up basic email verification.
Step 6: Once you receive details from victims, cash out. If you receive credit cards, use cards to buy money or gift cards (for a big operation, this will be impractical, but works at first, also do not purchase a lot at once if you have credit cards, fraud detection from the bank could happen). You can go online and sell stolen accounts, but make sure to authenticate to stolen accounts, change the password and email (use password manager for the account passwords, offline manager like keepass!), disconnect other logged in sessions, and turn on multi factor authentication (when someone buys the account, disable multi factor authentication and give your customer the login details), you don't want the victim regaining access, although they could get access back even if you do this, expect to lose some accounts you steal.
This is not an effective scam because most people won't fall for it, but you'll get victims if you do it enough. You need to reinvest some of the money from this on paid hosting and domain names so that you can be more effective and get working on other scams, this whole scam is a pain and you don't want to stick with it forever unless you're a patient person. It becomes easier if you make enough money to upgrade your scam, but it is a pain in the ass, no matter what.
If you use this, do not call yourself a 1337 H4X0R, it's a way to get money, it doesn't make you a hacker, I am so fucking fed up with script kiddies downloading some script on GitHub and telling everyone "I am super leet hacker I will pwn you and you should fear me!!!". Also an interesting fact, a good way to get the police in your door is to go and boast about how much money you stole and make yourself an annoying person. Keep that in mind, I am not trying to discourage you, but don't be an unlikeable person, for the sake of yourself and everyone around you.