This post is by a banned member (officialsz) - Unhide
OP 18 April, 2022 - 02:00 AM
Reply
(15 April, 2022 - 01:43 AM)sdoin Wrote: Show MoreThanks for posting, particularly your info on opsec.
After having account flagged, I am in the process of setting up and ageing stealth accounts
From what I have researched the following is required
* fresh bank account
* fresh mobile and sim with data
* fresh email
* drop address or locker
from what I have come across its advised NOT to use a VPN due to having different IP address each time logging into the stealth acc?instead just use mobile data
do you have anything else to add to this or do differently?
I'd greatly appreciate if you expand more on your opsec set up: Host > VPN > VM > RDP > Proxy. and how you implement this?
yeah using a drop is good so it doesn't link you to any addresses that have previously successfully or unsuccessfully attempted a refund. the issue with fresh mobile device and sim is that it's a long process, are you going to buy a new device every single time? you could just use an antidetect browser and the profiles serve as a new identity everytime so it saves you not only time buy money. an antidetect browser that i'm currently using is dolphin anty. yeah companies can detect a vpn from a mileaway, a lot of vpns don't provide you with a stable, local residential proxy so it's useless. it's only recommended to use before connecting to your rdp or virtual machine so it acts as an extra layer of security and further hiding your real ip from being leaked. yeah use a vcc.
in regards to the set up you can connect your host (main pc) to mullvad vpn then download a virtual box and install windows 10.iso file on it and on the virtual machine you connect to an rdp which can be bought from rdp.sh then you buy a local proxy. i've transitioned to brightdata but its 300 a month, you can use 911.re for your proxies.
This post is by a banned member (Grapepist) - Unhide
19 June, 2022 - 03:28 PM
Reply
I've just started getting into Refunding and SE, and I've been learning as I go, and this post has tremendously been a help to me, since I've bought couple mentorships, and none of them has talked about most of things you've talked about here. Thank you!
This post is by a banned member (knucklehead513) - Unhide
01 September, 2022 - 02:56 AM
Reply
(18 April, 2022 - 02:00 AM)officialsz Wrote: Show More (15 April, 2022 - 01:43 AM)sdoin Wrote: Show MoreThanks for posting, particularly your info on opsec.
After having account flagged, I am in the process of setting up and ageing stealth accounts
From what I have researched the following is required
* fresh bank account
* fresh mobile and sim with data
* fresh email
* drop address or locker
from what I have come across its advised NOT to use a VPN due to having different IP address each time logging into the stealth acc?instead just use mobile data
do you have anything else to add to this or do differently?
I'd greatly appreciate if you expand more on your opsec set up: Host > VPN > VM > RDP > Proxy. and how you implement this?
yeah using a drop is good so it doesn't link you to any addresses that have previously successfully or unsuccessfully attempted a refund. the issue with fresh mobile device and sim is that it's a long process, are you going to buy a new device every single time? you could just use an antidetect browser and the profiles serve as a new identity everytime so it saves you not only time buy money. an antidetect browser that i'm currently using is dolphin anty. yeah companies can detect a vpn from a mileaway, a lot of vpns don't provide you with a stable, local residential proxy so it's useless. it's only recommended to use before connecting to your rdp or virtual machine so it acts as an extra layer of security and further hiding your real ip from being leaked. yeah use a vcc.
in regards to the set up you can connect your host (main pc) to mullvad vpn then download a virtual box and install windows 10.iso file on it and on the virtual machine you connect to an rdp which can be bought from rdp.sh then you buy a local proxy. i've transitioned to brightdata but its 300 a month, you can use 911.re for your proxies.
Hello, I would like to say thank you for this post as it really clarifies the entire structure of it without complicating or overlooking things like a lot of posts do. I also wanted to ask where does Whonix fall in the setup order you presented, since you also mentioned dolphin anty works similar? 911.re has also permanently been shut down so I'm looking for other proxy alternatives, so far I have found socksescort.com but i want to know if it's reliable. Thank you again
This post is by a banned member (Zwereli) - Unhide
12 November, 2022 - 05:14 PM
Reply
(07 April, 2022 - 03:01 AM)officialsz Wrote: Show MoreJust a quick introduction. I don't want to come across as a prideful and stuck up person but I'm a refunder who in the most humblest way can say I've mastered the art of refunding effectively. Some of you may have recently accessed my opsec guide through a previous leak in one of the refunding groups that I'm in.
From being able to bypass all anti-fraud detection (systems companies have in place that link you to previous refunds - what literally 99% of refunders struggle with) and having literally automated my refunding process, I think it's time to share some of the lessons I've learnt and provide some tips that could potentially benefit refunders from beginner to advanced level. I've spent over 100 hours reading books on Cybersecurity, Social Engineering.
The stuff I'll be going through has been used by the elite hackers and figures like Edward Snowden just to reinforce the idea that this is life changing information.
Some of you buy "methods" which I find so stupid, there isn't a secret sauce to claim that you received a flipping empty box, it's just how you word it (which I'll be including below too on the key details to mention to reps).
My goal of this post is to educate you on the process of refunding and fill in the gaps in your knowledge. I can't include everything I know but I hope this helps at least one person. If it doesn't then I'll try create a video guide showing in detail my whole process, none of that written guide bullshit that overwhelms you and leaves you more confused than before. Remember information overload is as harmful as having no previous knowledge of a concept.
NOTE: I know they'll be people who will copy and paste this for their own financial gains so I've purposely left out the tools I use :)
Anyway without further a due let's dive in on how you can master the art of refunding
Before starting I'll explain some of the terms used throughout so you can familiarise yourself with them and know what I'm talking about.
Opsec - Opsec is process used to achieve anonymity. It allows you take on a new identity every time and anything you do becomes untraceable. If you're a refunder that has encountered IP bans, orders not going through, having an opsec in place will resolve this.
A good opsec set up provides you with a new and clean IP and to websites you're a completely different person. Using just proxies is a flaw in itself because things like WEBRTC can leak the IP of your original device that you're looking to spoof. Even things like you Mac Address that most of you forget to change which is essentially a piece of code assigned to each device that identifies what devices are connected to a network.
IP - is a network address that is used to identify your location, it reveals your ISP (internet service provider) and a geographical estimate of where you're located
Whonix - A tool that you can integrate with a windows virtual machine to completely anonymize your internet traffic
The 3 things I've learnt doing over 8k worth of refunds every single month without barely any fails:
1. To effectively refund and prevent being linked to other account a good opsec set up is required - using new phone and SIM is cost and time effective also your location can easily be pinpointed through the signals that your cell phone transmits to cell phone towers. A good opsec set up usually looks like this. Host > VPN > VM > RDP > Proxy.
There's tools like whonix that anonymizes your traffic by utilising tor nodes which means the process of changing sims and using 4g data is not needed. DON'T LET THESE GUYS WITH NO BRAIN CELLS TO YOU TO BUY A PHONE AND USE A SIM. It can easily be traced, companies store blacklisted IPs on their system so as mentioned above as soon as they see a device in the same area attempting to buy from the website then the order will just get cancelled.
2. Having a script to reference - a lot of you try to wing it and become discouraged when faced with problems that reps throw at you, I've found having a script that includes all the possibilities you may encounter with an answer to each issue very useful.
There key details you to mention when creating your scripts which I'm sure some of you are aware of but for those who aren't then when it comes to claiming EB (empty box) it's important to mention the condition of the exterior packaging, not mentioning it will lead to the company you're attempting to refund to believe a crime has been committed and will almost always result in the company telling you to contact authorities.
Details like birthday gifts aren't as important as you think, the only purpose they serve is to gain some sort of empathy from the representatives handling the case. When it comes to DNA (did not arrive) the key detail to mention is that you spoke to neighbours and that you were actively on the lookout for package so you would be aware if any parcels were delivered.
Same theme as EB, failure to mention will lead them to suspect that someone has intercepted with the delivery process and that a crime has been permitted which results in them telling you to contact authorities.
Another detail that will make or break your refunds is mentioning that you spoke to the courier and they assured you that the package was delivered in the same condition that you received and upon inspection they saw that no signs of tampering was on the package. This is for EB BTW <<<<.
Word this in any way you want but that's how your script should go.
4. Keep it simple - refunding is not complicated. it's a two step process. opsec + method. I myself used to overcomplicate it, binging Bobs Refunding Guide (which even though everyone bashes it, it's one of the best guides for beginners. It is a bit overwhelming but look at it for what is is), immersing myself in all these communities trying to find new methods....there's no such thing as new methods (I'll explain this at the end).
To end this: I would also like to address something that I see being constantly mentioned. "methods', refunding isn't in no way shape or form like carding, EB will forever be around due to the nature of how a business operates, as long as companies continue to employ people then human error will be a common thing.
People get tired and lazy due to being assigned long shifts and companies acknowledge this, the only time "methods" die out is if you're doing FTID as most companies adapt and have systems in place to prevent it.
Feel free to ask questions below regarding opsec or troubleshooting your ongoing refunds below in the comments, I'll answer it to the best of my ability!
Also any proof can be provided regarding my claims :)
You can contact me via telegram: stayscheminn
Y not just have the host PC connect to a RDP nd proxy though?
Isn't it better to manually configure a browser yourself with extension and settings that cover over what a antidetect browser does?
Also how many times do you use a drop, once you found one before moving on to the next?
This post is by a banned member (Nu9uri) - Unhide
02 April, 2023 - 07:27 AM
Reply
(07 April, 2022 - 06:52 AM)officialsz Wrote: Show More[quote="Wheelsupbd" pid='18894508' dateline='1649301377']
Nice post! You made some very valid points too. I'm in the process of learning stronger OpSec to get into carding. What would you recommend as far as names/types of VPN and stuff to use? Appreciate that bro! I would recommend using Mullvad VPN, they are currently the most secure vpn provider and don't store any logs, as you're doing carding you have the option to purchase their service using crypto just for that extra layer of security so nothing ends up being traced back to you. As far as carding the set up I recommend is. Host > VPN > Virtual Box > Whonix Integrated with Windows VM > RDP > Proxy. I would probably look into using Linux as your main operating system too. Quebes is the most secure but is more aimed for advanced people, I'm currently using Ubuntu, it's very easy to navigate and beginner friendly :)
This post is so helpful.
With this set up (Host > VPN > Virtual Box > Whonix Integrated with Windows VM > RDP > Proxy), don’t I need to change MAC address? Whonix will take care of?
This post is by a banned member (famupsusa) - Unhide
03 April, 2023 - 10:59 AM
Reply
Wonderfully explained. Thanks for the tips brother.
|
