- Joined
- Jun 16, 2020
- Messages
- 1,059
- Likes
- 882
- Points
- 813
STEP 1: TARGETING
Before you do anything, you need to pick your target, and you need to have a clear goal in mind and a reason to target them, mostly people SIM SWAP crypto holders, for obvious monetary reasons, your going to want to go to the binance or coinbase instagram or twitter accounts, and look at the profiles, this is the OSINT or recon phase, you can also go to cracked.io or some other cracked account form and look at leaked crypto accounts, and reverse search the emails
step 2: OSINT/CSINT
this is the phase where you want to do research on the account you want to target, look on the twitter or Instagram profiles and look at who flexes money, who doesn't who seems rich who doesn't, ETC, and you need good information gathering skills for this part OSINT stands for Open Source Intelligence, and it relies on searching for information that is publicly available, some tools for this include https://analystresearchtools.com/ shows all the OSINT tools you really need, CSINT or (Closed Source Intelligence) is a much lesser known version of OSINT, and its information gathering, on something that isn't open to the public, just like the name suggests, there are plenty of database searching tools and background checkers that cost money and the information is not openly available, that's one example, the following information you really need for a successfully SIM SWAP is
Phone number
and carrier
but if your trying to social engineer the carrier its going to require a lot more information then that, but once you got the information, you can move on to step 3
STEP 3: BURNER PHONE
your going to want to buy a new phone first, a phone with absolutely zero data on it, and dont login to any of your personal accounts on it, or do anything on it
I don't suggest using an IPHONE as a burner phone, use android, and buy a completely blank SIM just for this, and if your smart you will buy a new phone each time and destroy the last
STEP 4, SWAPPING THE NUMBER
OKAY, so there are multiple ways to do this, one option is to pay somebody at the carrier the victim is registered with to swap there number to a SIM card in your control, or you can go the hard route and try to trick the carrier by phone call, but once you got it moved, time for step 5
STEP 4: LOGGING INTO THE DESIRED ACCOUNT
if you can use Tails Linux, use that
its best to use an RDP/VPS server for logging into the account, however most if not all of them cost money
try to use Tor and a good VPN with it, just so your untraceable as possible, and then login to the account by resetting the password on
the account your trying to hack, and by doing that, you can login with the 2FA code,
and also, make sure the RDP/VPS is registered with as much fake data as you can, and destroy you RDP server once your done, or if your an OPSEC god, you will
cancel your VPS subscription and start a new one each time
step 4/5: LAUNDERING THE MONEY
The reason I say step 4/5 is because most people SIM SWAP crypto accounts so they steal whats in it, once your logged in the account, dont be to excited when you see the amount, because there is a certain way you have take the money out, first you have to create a separate bitcoin wallet address, and then your going to send the money to that spare one, and then your going to find a BITCOIN MIXER, that will automatically launder the money for you, there are some on the dark web AKA the TOR network, that you can find on thehiddenwiki.org, thats my best suggestion, because of the anonymity of TOR, and after you launder the bitcoin, your going to want to send it to your main wallet address
STEP 5: DESTROY THE EVIDENCE
your going to want to destroy everything and leave no trace, you are going to want to destroy the SIM card, you have, and destroy the burner phone
destroy it really bad, make it so there is only ashes left, so there is no trace of the crime, because to convict somebody of wire fraud or cybercrime, they need A LOT
of proof, and if you where a wise man, and you followed all these steps, they will barely have evidence it was you, and then delete your RDP server, and you could cancel the subscription with your VPS after that, but make sure the server is deleted before hand.
Before you do anything, you need to pick your target, and you need to have a clear goal in mind and a reason to target them, mostly people SIM SWAP crypto holders, for obvious monetary reasons, your going to want to go to the binance or coinbase instagram or twitter accounts, and look at the profiles, this is the OSINT or recon phase, you can also go to cracked.io or some other cracked account form and look at leaked crypto accounts, and reverse search the emails
step 2: OSINT/CSINT
this is the phase where you want to do research on the account you want to target, look on the twitter or Instagram profiles and look at who flexes money, who doesn't who seems rich who doesn't, ETC, and you need good information gathering skills for this part OSINT stands for Open Source Intelligence, and it relies on searching for information that is publicly available, some tools for this include https://analystresearchtools.com/ shows all the OSINT tools you really need, CSINT or (Closed Source Intelligence) is a much lesser known version of OSINT, and its information gathering, on something that isn't open to the public, just like the name suggests, there are plenty of database searching tools and background checkers that cost money and the information is not openly available, that's one example, the following information you really need for a successfully SIM SWAP is
Phone number
and carrier
but if your trying to social engineer the carrier its going to require a lot more information then that, but once you got the information, you can move on to step 3
STEP 3: BURNER PHONE
your going to want to buy a new phone first, a phone with absolutely zero data on it, and dont login to any of your personal accounts on it, or do anything on it
I don't suggest using an IPHONE as a burner phone, use android, and buy a completely blank SIM just for this, and if your smart you will buy a new phone each time and destroy the last
STEP 4, SWAPPING THE NUMBER
OKAY, so there are multiple ways to do this, one option is to pay somebody at the carrier the victim is registered with to swap there number to a SIM card in your control, or you can go the hard route and try to trick the carrier by phone call, but once you got it moved, time for step 5
STEP 4: LOGGING INTO THE DESIRED ACCOUNT
if you can use Tails Linux, use that
its best to use an RDP/VPS server for logging into the account, however most if not all of them cost money
try to use Tor and a good VPN with it, just so your untraceable as possible, and then login to the account by resetting the password on
the account your trying to hack, and by doing that, you can login with the 2FA code,
and also, make sure the RDP/VPS is registered with as much fake data as you can, and destroy you RDP server once your done, or if your an OPSEC god, you will
cancel your VPS subscription and start a new one each time
step 4/5: LAUNDERING THE MONEY
The reason I say step 4/5 is because most people SIM SWAP crypto accounts so they steal whats in it, once your logged in the account, dont be to excited when you see the amount, because there is a certain way you have take the money out, first you have to create a separate bitcoin wallet address, and then your going to send the money to that spare one, and then your going to find a BITCOIN MIXER, that will automatically launder the money for you, there are some on the dark web AKA the TOR network, that you can find on thehiddenwiki.org, thats my best suggestion, because of the anonymity of TOR, and after you launder the bitcoin, your going to want to send it to your main wallet address
STEP 5: DESTROY THE EVIDENCE
your going to want to destroy everything and leave no trace, you are going to want to destroy the SIM card, you have, and destroy the burner phone
destroy it really bad, make it so there is only ashes left, so there is no trace of the crime, because to convict somebody of wire fraud or cybercrime, they need A LOT
of proof, and if you where a wise man, and you followed all these steps, they will barely have evidence it was you, and then delete your RDP server, and you could cancel the subscription with your VPS after that, but make sure the server is deleted before hand.