Since the dawn of the Internet, tutorials showing would-be scammers how to fleece others have been available online. But for novices who can’t be bothered to scour the Net for these far flung but free resources, the tricks of the trade now can be learned through the equivalent of community college classes in e-thievery, or or via intensive, one-on-one online apprenticeships.
Take the program currently being marketed on several fraud forums — it’s called Cash Paradise University (see screen shot below). For $50, a newbie scammer can learn the basics of online fraud, such as hiding one’s identity and location online, and how to obtain reliable stolen credit card numbers. For a $75 fee and an investment of about 2 to 3 hours, one can become fluent in the ways of “Skype carding,” or selling hacked and newly-created Skype accounts that have been loaded with funds from stolen credit cards.
The prices go up as the fledgling fraudster progresses from the Scam 101 courses to the more crafty classes, which naturally depend on the earlier courses as prerequisites (“for those who passed the basic,” admonishes the Scam U. professor). Learning the basics of “carding” merchandise — such as intercepting the shipments and selling the loot online — requires an investment of four to six hours and at least $250, with course materials adding as much as $150 to the cost of the class.
Tackling the tenets of cashing out stolen credit card numbers using Internet gambling sites could take up to seven hours of study time and require a $300 admittance fee. The master class — learning how to bootstrap and build out a botnet of computers infected with the ZeuS Trojan — can take upwards of 18 hours of classroom instruction, and cost at least $500 (although a copy of ZeuS bot builder is not included in the price of tuition!).
According to this fraud instructor’s profile on a top scammer forum, more than a dozen novice hackers have already paid for and progressed through the course work, and most appear to be giving their teacher high marks.
“Please note: due to change in the place of stay, I’ll be offline on 12-13 September,” the headmaster of CPU says to potential new students. “Classes take place from September 14, do not waste! Good luck in business.” For those ADHD students who need more individual attention, there is private tutoring available starting at $20 extra per class.
But don’t count paying for the classes with a (stolen?) credit card: This institution only accepts irreversible forms of payment, such as Western Union or virtual currencies like WebMoney and Liberty Reserve.
Have you seen:
I’ll Take Two MasterCards and a Visa, Please…When you’re shopping for stolen credit and debit cards online, there are so many choices these days. A glut of stolen data — combined with innovation and cutthroat competition among vendors — is conspiring to keep prices for stolen account numbers exceptionally low. Even so, many readers probably have no idea that their credit card information is worth only about $1.50 on the black market.
It is of course disappointing that such business exist and it has (potential) customers. But I find almost equally disappointing that, If I would look to register a regular computer user (our parents) to a security course learning them how to avoid e-scams and keep their computer virus free, I would not find anything comprehensive at those price points (50-250USD). Anything available in this area is more expensive while still give their students the impression they know something about security rather than useful knowledge.
If the picture is not yet clear to anyone: stealing a credit card, or cracking a web server, or hacking into a Skype account is not simply “fun” for teenage hackers good at programming or server administration. It is organized crime and money. This blog has shown quite a few examples. I hope the right people are reading this and there are good chances for the good guys to develop and improve with a speed similar to how the crime is developing.
Waste of money, I would say. All the information is available for free in the “Manuals” section of any decent carders’ forum.
Well, like any subject area, the information is available, but quality instruction and course materials can make a big difference in how quickly one masters it. And time is money.
Getting entry into the underground scenes is not like it used to be — like turning into the right alley and knocking at the right back door.
I’ve posted here before that there is something really organized regarding the training the next gen cons – I think its ex-intel and mafia backed.
Perhaps these sites are the gateway but remembering that most of the stuff discussed thus far here have been on wares sites and notrious BBS’ for years– now its faster hustles on older scams.
Someday all this will be archived at textfiles.com like all the other flotsom of the crime syndicates.
Anyhow textfiles: aka Jason Scott’s “your stealing it all wrong” presentation is a great historical refresher of how the gangs are always exploiting/despising the other.
Probably this gang is being called sellouts or snitch’s or narcos.
There is never honour among thieves.
For those wanting to just learn and not scam, I wonder if these “courses” are worthwhile?
I was wondering the same thing, it would be very interesting to see what they deem important to teach a developing scammer. The individual counseling maybe even more so…
And I was wondering how many of the enrollees are from law enforcement. “Know your enemy” – then arrest them.
I think Scam University might be giving its graduates a brighter future than most 4-year schools. These are reasonable tuition prices combined with practical skills that make you relevant in the modern economic landscape immediately. Nowadays all the burger flippers and fry guys are current MBA holders and former CEOs, you can’t compete with just a BFA in Liberal Arts.
Enough sarcasm. I will ruefully point out that the bad guys can get trained for a tenth of the price of, say, SANS training bootcamps. I should ask the subcontractor that owns me– I mean, pays me– to get me some cheap training here. At least I’ll be able to say with confidence that I know fraud when I see it!
What a hilarious piece!
I’ve been reading: Burglars On The Job: Streetlife and Residential Break-ins by Richard T. Wright and it studies why people commit these burglaries, how they do it, and how they choose a target. I would love to read or suggest an investigative report be done on the people who commit these types of crimes. For example most people choose who/what house they rob because they know them/it and they know their schedule. I would bet that there would be a lot of similarities between these forms of crime.
>>…most people choose who/what house they rob because
>>they know them/it and they know their schedule.
Because most criminals are young men, robbing from those in their immediate environment?
>>I would bet that there would be a lot of similarities
>>between these forms of crime.
I doubt it. “Know your target” pays when there’s limited targets in your area and you need to succeed against them. When you have an unlimited number of victims available (especially with no chance of being caught) you compensate for low success rates with automation and volume, like spammers do.
Maybe once they latch onto a $uper big victim, then spending extra time to pull off a “single” is worth it. I’d like to know how they find those victims. Are they searching for them directly? Or just sifting them out of the giant mass of victims they pick up already?
It’s interesting that this hacker thinks he can make more training people than using his own skills. We can almost start to guess how much he was (not) making by stealing. Or it’s just another con, it’s not like you can demand a refund.
If I want to get rid of java on our PC, is using the Add/Remove Programs feature adequate, or do I also need to alter the registry, as many web pages devoted to the topic suggest?
Oops–posted my previous post here, rather than under the entry about java, by mistake. Should I repost it over there?
I term this as scam too. Why should you extract a lot of money from people in a way of securing them from loosing there money in the hands of scam artist and hackers. This is unfair and know that your updates are not enough, in fact this is type of scam and phishing I did at 2008, now this update can not protect any of you including the owner of this website and it’s administrator if I try use my latest technique to scam and hack you. But in all I have repented and I wish you will also repent to find the face of your God. I know very well that this is scam website, and it is desire to get peoples credit and PayPal information including there email address to sell to scams. The pictures you have here is from google search. and the names that are here are not existing. However, you don’t have Satisfied Seal in your website. No physical contact address is here, this of your (Krebs on Security LLC P.O. Box 3073 Merrifield, Va 22116) address is not your address rather Navy Federal Credit Union. This is ghost website and I know your business very much than you think you know. Kindly pull this website down before I do proper investigation on you. Stop fooling people. Scam and Hack has been there in the begining before we came to earth, and it will continuing until the end of earth. This is Formal Demonhunter. But my name now is Jesus-hunter