spam4log
New Contributor
VIP
- Joined
- Jun 9, 2022
- Threads
- 0
- Post Replies
- 1
- Status
- offline
- Last seen
Bank log spamming tutorial
Spamming for Bank Logs is a rewardful but extremely daunting process. If you understand the methodology to properly acquire logs at scale it will allow you to sell and utilize your logs for black-hat use cases. In this article I will teach you how to properly spam for Bank Logs.
If you liked this guide. Please check out our cashapp carding method 2022
How to Spam for Bank Logs?
In order to spam for Bank Logs you will need to have made a phishing website in order to trick visitors into thinking it is legitimate and then submitting they're details under that fallacy. You need to collect the bank logs from the backend of the phishing website and then run a background check and then login to their bank accounts based off the data you have retrieved. This must all be completed quite swiftly, as you don’t want them to find out while you are active inside of the account.Always enable your VPN when phishing and retrieving data as your digital footprint could be tracked if you aren’t utilizing proper security measures.
Let me give you a quick check list in order to complete the spamming operation.
Table of Contents
- What is Bank Log Phishing/Spamming?
- Necessities for Spamming for Bank Logs
- Using VPN while Phishing for Security Purposes
- SMTP (Simple Mail Transfer Protocol)
- SUTS (Spamming Using Text Scripts)
- Creating Email List
- Hosting 1:1 Cloned Pages
- Spamming for Bank Logs
- Build a compelling Phishing Page
- Purchase Secure Web Hosting for Phishing Pages
- Execute Spamming Operation
- Using Your Bait to Effectively Phish Targets
- Sustaining Phishing Operational Perpetuity
We use Email & SMS as the medium of choice to send fake pages (phished pages) to targets in order for them to think they are logging into their real bank account when clicking the messages. The data will consist of all the typical things that users enter when logging into their bank accounts like their bank account username, bank account password, and email used for login. The data that we aggregate from these users are inherently “Bank Logs” as after the
bank log phishing page has captured all of this data, their accounts can be accessed remotely for malicious purposes.
The phishing website is a 1:1 clone of the real banking login portals used by real banks. The code is simply swapped and used on a fake page made by you with a similar domain name so the user would never suspect that its fake.
Necessities for Spamming for Bank Logs
You will need a set of tools in order to begin spamming, and in this article we will be going through all of them.Using VPN while Phishing for Security Purposes
VPN’s or “Virtual Private Networks” will mask your activities relative to all your activities involving the spamming operation from top to bottom. Your real IP address will not be attached to any of the hacking operation, and it will be impossible for any law enforcement to link it back to you. I recommend that you have a VPN active at all times when both setting up and executing spamming operations. If you are interested in learning more about cashapp carding, we have a section on the website.
SMTP (Simple Mail Transfer Protocol)
Did you know that when a specific email account sends out too many emails that get reported the account @ gets flagged by internal email provider systems, that the account gets blacklisted/banned? When you are spamming for logs you are emailing thousands of prospective targets waiting for them to get converted.A lot of them could potentially report your email address. Having SMTP will help mitigate this error happening and blocking your email addresses from getting into their main inbox. Without having SMTP in your strategy you will never be able to scale your operations, so keep that inside of your toolbox.
SUTS (Spamming Using Text Scripts)
You need a message that is within the email or text message that is within the message to the prospective targets. Without a spamming text script, you will not be able to convince them that the message is real. The text scripts typically consist of trying to sound like whatever the real banks would say.The scripts need to have some sense of “utility” meaning when the user sees the email script, it feels as if they need to make some sort of update or micro-optimization to their bank account in the next coming days otherwise their account will be under some particular distress. An
example of such can be a script like “Your Bank Account as Suspicious Transactions…Please
Login to Resolve”, scripts like these promotes the aspect of urgency and lifts your conversion levels.
Creating Email List
The next thing you need in your toolbox is a list of emails to spam. These emails can’t be spawned arbitrarily, the emails have to be high-quality and real. Luckily theres an oasis of websites that sell and distribute real users email addresses. Theres plenty of other routes to find active email addresses such as hiring hackers to hack companies databases and extractemail’s from there. I suggest that you do your own research on how you would like to collect emails.
Don’t use email generators nor other forms of getting emails in a fake way, your phishing messages will never ever convert and it will be intrinsically worthless.
Another way you can add to your email list is by running Facebook campaigns to make users sign up for offerings, then using those emails you get from the Facebook campaigns to run your spamming operation off of.
Hosting 1:1 Cloned Pages
As mentioned before a “Cloned Page” is simply a lookalike webpage of the login portals that real banks use for users when they login.The users will be entering their login data on these cloned pages which will then get funneled to you. The goal of the webpage is to serve as your singular and primary phishing site after their emails are spammed.
There will be a rate in which these users actually click through on the email after you send it to them. We call that the “click-through-rate” if they don’t click on your email with the cloned page, they didn’t click through and that will go against the overall rate and vice versa if they actually click through.
This rate is extremely important, and you will have an accurate rate on how much traffic your Cloned Page is receiving realistically versus how many spammed emails you have sent out. This rate will be traced both through the mediums of communications of both Email and SMS messages.
Spamming for Bank Logs
This next session of the article will overview the step by steps of conducting the spamming operation from an operational level, and will be actionable by simply following the next steps that I’m going to explain.Where to Buy Bank Logs
In the past i use to spam all my bank logs, but now i get them from R2D2Logz on the forum. You can buy from him here1.Build a compelling Phishing Page.
One of the most important things you should do before any of the creation phase of Phishing Pages, is simply choosing the exact bank branch you would like to target to make pages off of. Go with the bigger banks in the US, such as: Chase, Wells Fargo, Capital One etc. This is because if most Americans use one of these banks, the likelihood of them clicking through it is higher because theres a higher chance they might just randomly click through on it.The phishing clone page needs to be a 1:1 copy of the real banks login portals, luckily there are pre-made templates where you can copy and paste the UI/UX and related code. Once you have acquired these templates from dark web markets, you need to start installing the code and user interfaces onto your domain.
The next important aspect of the phishing page that correlates with the aesthetics of the cloned page is the domain. Domains reinforce the legitimacy of the look of the phishing page. The phishing page needs to look like the real website, therefore the domain needs to look close to the domain of the actual bank for instance “capitalone.com" is a real banking website, a
fake domain you could utilize would be something like “capitaIone.com" if you can’t tell the difference, besides of a “L” in “Capital” in the real one; I utilized a capital “i” instead.
Whilst many of these domains are already taken, you do enough work you will be able to make website domains that look shockingly similar but maybe a little bit different. The differences can be rather large, users are stupider than you think.
2. Purchase Secure Web Hosting for Phishing Pages
You need to use a Web hosting platform that will not ban your domain if they find out that you are purchasing domains for malicious use-cases.
I would suggest any and all hosting platforms that have bitcoin as their sole method of purchasing domains. These web hosting platforms tend to not mind blackout users as much as the ones that don’t.3. Execute Spamming Operation
As stated before the spamming emails need to be relatively familiar to the users you are sending these emails out to. Meaning your script needs to be 1:1 with the real banks, your phishing page needs to be tailored with good-looking URL , and the SMTP needs to be good enough that you don’t end up inside of spam folders.4. Using Your Bait to Effectively Phish Targets
Your click-through-rates will not always be high. In fact below 30% of the people that receive your spamming emails will even open it. This is not a problem because if only 50% of the 30% of the people that opened your spamming email fill out their information of a thousand people spammed. That’s 300 people that opened your email, and if 150 people filled out their information, the avg value of a bank log on the black market is $200.00 and 150x $200 is $30,000 in profit. This is assuming that you aren’t just using all of the logs for yourself…which would of course be even more profit if you cashed them out.5. Sustaining Phishing Operational Perpetuity
Redundancies could arise from lowering click through rates or host closing your domain. Therefore being one step of ahead of these issues will be the difference between your spamming operation only being effective for a weeks span or forever into the future.To mitigate against redundancies, acquire a full-stack team in order to operate your operations smoothly without any issues falling through the cracks.
Conclusion
Once you understand spamming, you will quickly understand that it is by far one of the most profitable sectors of the blackhat space once you meet proficiency. It’s one thing to hear about it, but theres another thing to do it.I suggest you practice until you see promising results. Once you see results, quickly scale your operation and hire a team. As you won’t even need to cash-out the logs yourself, you can easily sell on the black market and become a money machine.
Good luck on your journey.