Category Archives: Carding

Advanced Fiat Drainer: Automated Brand Impersonation on Peer-to-Peer Marketplaces

This entry documents a live, multi-stage financial phishing and asset draining operation hosted on transient infrastructure (chilw-order.lat). The interface targets regional consumers of major Japanese classifieds and peer-to-peer marketplaces, specifically cloning the infrastructure of Jimoty (jmty.jp). The Attack Vectors and Social Engineering Heuristics The vector utilizes a sophisticated deployment of manufactured account urgency to neutralize …

Continue reading “Advanced Fiat Drainer: Automated Brand Impersonation on Peer-to-Peer Marketplaces”

A phishing campaign targeting Depop sellers

This set of screenshots shows a phishing campaign targeting Depop sellers. The scam uses a fake “orders suspended” notification and a counterfeit support chat to trick victims into providing full credit/debit card details and billing information. Threat Analysis: Depop Phishing – Fake “Orders Suspended” & Card Harvesting How the scam works: Fake Suspension Notice (1st …

Continue reading “A phishing campaign targeting Depop sellers”

Tise.com fake page detected

Anatomy of a Marketplace Phishing Scam: The Scamsite Intermediary Method This image captures a live instance of a highly convincing phishing campaign targeting users of Tise (tise.com), a popular Norwegian and Nordic second-hand marketplace. The layout mimics an official security notification, utilizing precise brand elements to manipulate the victim under a manufactured state of urgency. …

Continue reading “Tise.com fake page detected”

Tech Support / Flight Booking Scam

Anatomy of a High-Tier Support & Billing Scam: The Trapped Invoice Method This image captures a live instance of an aggressive, targeted financial fraud operation known as a “Tech Support / Flight Booking Scam.” Unlike generic mass phishing, this method relies heavily on multi-channel social engineering and highly customized billing infrastructure to bypass traditional security …

Continue reading “Tech Support / Flight Booking Scam”

Fake Secure Payment (Correos)

Phishing Alert: The “Fake Secure Payment” Scam This screenshot illustrates a sophisticated phishing attack targeting sellers on classified ad platforms (like OLX, Vinted, or Wallapop). Here is how the scam works and how to stay safe: 1. The Setup The scammer contacts a seller pretending to be a buyer. They claim they have already paid …

Continue reading “Fake Secure Payment (Correos)”

Bazaraki Phishing – Fake Account Verification Scam

This screenshot shows a phishing page impersonating Bazaraki, a major classifieds platform in Cyprus. The page uses a fake account restriction notice to pressure victims into providing personal and financial information. Threat Analysis: Bazaraki Phishing – Fake Account Verification Scam How it works:The victim receives a message claiming their Bazaraki account has been restricted and …

Continue reading “Bazaraki Phishing – Fake Account Verification Scam”

The Courier Guy Phishing – Small Fee & Card Data Harvesting

This screenshot shows a phishing page impersonating The Courier Guy, a South African courier service. The victim is told that a parcel has an outstanding balance of R15.99 and must be paid immediately. The page then requests full credit/debit card details (cardholder name, card number, expiry date, CVV) along with the card issuer bank and …

Continue reading “The Courier Guy Phishing – Small Fee & Card Data Harvesting”

Poshmark Phishing – Fake Account Restriction & Card Harvesting

This set of screenshots shows a phishing campaign impersonating Poshmark, a popular online marketplace for second‑hand goods. The scam uses a fake “account restricted” notification and a fake support chat to pressure victims into providing full credit/debit card details, personal information, and contact details. Threat Analysis: How the scam works (multi‑step flow): Fake Order Summary …

Continue reading “Poshmark Phishing – Fake Account Restriction & Card Harvesting”

Fake Ditchit card verification page detected

The fake DitchIt card verification scam is a high-level phishing threat targeting users on classified marketplaces, utilizing fake, secure-looking checkout pages to steal full credit card details and cardholder information. This fraud technique often involves directing users off-platform, requesting balance verification, and harvesting data to drain user accounts. Target: Users of DitchIt (Marketplace & Resale …

Continue reading “Fake Ditchit card verification page detected”

United Overseas Bank Limited (UOB) phishing page revealed

A high-fidelity phishing campaign targeting United Overseas Bank (UOB) users in Southeast Asia utilizes fraudulent SMS and email links to harvest login credentials and SMS OTPs through cloned websites. These sites, often using lookalike domains like “uob-security-update.com,” aim to steal credentials and authorize fraudulent transactions by mimicking the UOB TMRW app or web portal. The …

Continue reading “United Overseas Bank Limited (UOB) phishing page revealed”