It seems to me that many scammers are more than aware of scambaiting and that some of the smarter ones are putting some effort into safeguarding their systems. Setting up VMs for remote connections now requires altering device names at the very least, this led me to wonder if some of these douchbags are smart enough to start using VMs themselves…
So.
Question #1:
Is it possible that they could do this?
Question #2:
Is it possible that we can see through this, assuming that they go as far as masking device friendly names?
Question #3 (Which just occurred to me. (And is more of a ramble than a question...)):
How long before these thieving bastards decide to spend a little money on hiring someone that knows what they're doing to further proof their systems? Or even gather as much info on baiters as possible and learn how to better protect themselves?
For now it doesn't seem as though these guys are putting a lot of thought in to doing this, but...
I learnt about hiding VMs from watching a youtube video, nice one @JimBrowning11 very educational!
I'm pretty sure that his videos along with @NeeP and others would be on the compulsory viewing list of any scam-terprise that I would (Theoretically) launch onto an unsuspecting world.
So if a few hours of youtubing has taught me how to set up and mask VMs, set up BOBrtc, source numbers and URLs, generate creditcard details that pass basic verification and spot some of the baiters traps and scammer mistakes, what's to stop them from doing the same?
Question #4:
Am I overthinking this?
Question #5
VPN> Linux> VM> Win10_Offline> OOshutup> Device_Friendly_Name_Change> BOBrtc> "Adjust"_System32> Firefox_Chrome_Iexplore> RAT_scripts_Macros> Clear_Logs> Capture_Card_Activated> Go_Fishing. Am I missing anything?
Question #1:
Yes it's possible that they are using VMs themselves. I didn't recognize any trend so far as to that every scammer or at least more and more are using it. I've seen it already maybe 2 years back that they use that. Call centers have a few smart people who set up the phone system, PC network etc and I definitely think they can also set up VMs for everyone. It's smart in fact as you need to configure the system just once and then copy over the image to every computer. Even legit companies these days are using virtual machines for their desktop machines often running in a cloud.
I don't think so that many scammers are doing it but not sure.
Question #2:
You can pretty much always see if it's a virtual machine. I doubt they go through the hassle and do the disguise like shown in Jim Browning's video as they don't have any benefit of doing so. "Stupid" victims wouldn't even know what a virtual machine is and thus wouldn't look for the clues and "smart" people who know are most likely scambaiters who wouldn't fall for it anyway. The problem for detection is just how much time you have. If they let you connect to their computer in Teamviewer they'll instruct you to switch sides and then you have only a few minutes before they get suspicious. So you can't spend your time on checking if it's a VM. Instead, you download files, delete them and do some... stuff... ;)
Question #3:
Scammers do watch my videos and certainly also Jim's but I don't think they really care much about proofing their systems. I mean some call centers have policies to not run any .exe file and they blocked it systemwide but apart from that, I haven't noticed really anything.
Many things of what Jim and I teach is not really beneficial for the scammers. What can they do with BobRTC for instance? Anyway, it's blocked for Indians and the only numbers that are allowed to call are scammers themselves. We don't have a big problem if scammers decide to call other scammers. Win-win for us. And some things they can't avoid. For example, they always have to put their phone numbers on their website otherwise not even victims can find them. So even if they know that we are targeting them and visiting their website they can't do much about it. CheapFlightsFares would be an example of that. As long as they put their number on their website they are vulnerable to prank calls. If they would stop doing that to combat scambaiters then they'd also shut the stream of real clients. They can't escape.
Question #5:
If you're using VMware you should add this to your .vmx file to change the BIOS info: `SMBIOS.reflectHost = "TRUE"
SMBIOS.noOEMStrings = "TRUE"
smbios.addHostVendor = "TRUE" `
Apart from that I think you're fine. The rest is upon your liking like put more trash programs on your PC to make it look like you're really using it. Prank programs maybe if that's what you like. Random desktop icons, files etc. :)