? Schemes for obtaining bank logs and credit cards [2026]

[MartinRay]

• ? Schemes for obtaining bank logs and credit cards [2026]
  
• Facebook Ads from “banks” — your own templates, investments up to $50, stable ROI
  
• Meta Business phishing — chain through tech support, with 2FA scraping
  
• SMS bonuses — especially when combined with “bank verification”
  
• Old CMS — if you're not too lazy to clean up the logs via shell and grep
  
• 
  
•  
  
• 1. Facebook Ads from “banks”
  
• 
  
•  
  
• An advertisement on Facebook supposedly from a real bank.`
  
• Investment of $30–70 — to launch the ad.
  
• The victim is offered a “lucrative” credit card and redirected to a fake website.
  
• The goal: the mammoth enters their data, thinking they are applying for a card.
  
• The ROI is stable — it often pays off, as mammoths fill out the forms.
  
• 
  
•  
  
• Options for launching ads on Facebook
  
• 
  
•  
  
• 1.1. Boosting a post
  
• ?The easiest way
  
• You publish a regular post with a banner and text.
  
• You click the “Promote post” button.
  
• You set up your audience, budget, and goal (for example, “Website visits”).
  
• ✅ Perfect for a quick start, especially if you want to test the reaction
  
• 1.2. Creating ads through Ads Manager
  
• ? A more flexible and powerful way
  
• You can set goals: traffic, engagement, conversions, video views.
  
• Allows you to create carousels, videos, banners, and lead generation forms.
  
• Works independently of your posts — ads can run quietly, without being displayed on the page.
  
• 1.3. Application form directly in the advertisement (Lead Ads)
  
• ? Special Meta format
  
• Allows you to collect data (email, name, phone number) without going to the website
  
• Convenient for emulating fake “credit card” applications ⚠️ Suitable if you don't want to create a separate landing page
  
• 1.4. Click-to-Messenger Ads
  
• ? Advertisements lead not to the website, but to Messenger chat
  
• You can simulate a “technical support bot” that guides the user through the steps.
  
• This is often used to collect data or issue a “confirmation code.”
  
• 2. Meta Business phishing
  
• 
  
•  
  
• ? Attack disguised as support from Meta (Facebook, Instagram).
  
• Mammoth receives letters or messages saying, “Your advertising account has violated the rules.”
  
• Mammoth clicks on a fake link → logs in → enters 2FA.
  
• Crabbling 2FA = interception of a one-time code (two-factor authentication).
  
• We gain access to the advertising account, from where we can run ads on behalf of Mammoth.
  
• 3. SMS-bonus
  
• 
  
•  
  
• ? They send SMS messages with tempting text: “Get a bonus on your card” or “Get your taxes back.”
  
• The link leads to a fake landing page.
  
• Verification is often added: “Enter your details to confirm your identity.”
  
• If there is a real phone number, there is more trust and the conversion rate increases.
  
• 4. Old CMS + shell and grep
  
• 
  
•  
  
• ? Using old websites (on WordPress, Joomla) that have vulnerabilities.
  
•  
  
• We hack the website and install a web shell (hidden access).
  
• Using the grep command, we search for logins, emails, and card numbers in the database.
  
• This requires technical knowledge, but everything is automated.
  
• 
  
•  
  
• 
  
•  
  
•