First, I’d like to address my absence in the scambaiting scene. No, I’m not gonna pull the “personal issues” card that everyone on the internet throws when something goes wrong. I’m focusing on my final exams, and, if everything works, my entry for a good university. I can’t promisse I won’t come back, but I can’t promisse that I will be back either. I’m also focusing on privacy and security. I defend that what you are doing shouldn’t be viewed, logged or sold unless you want it to.
I'd also like to thank everyone in the community. Anyone willing to respond to an email or pick up the phone and waste some scammer's time becomes part of the community for life.
With that out of the way, I'd like to cite a quote which fits perfectly to the context of this post:
"Give a man a sword and you can make him a warrior. Teach a man to forge and you can raise an army."
I was taught how to forge, and for that, I shall make you my army.
These are the sites where I find all the numbers I post on Scammer.info for convinience:
who-called.me
badnumbers.info
everycaller.com
findwhocallsyou.com
All of the numbers you find within these domains HAVE to be called in order to verify if it is in fact a scam, and what type of scam is running. Only then, you may post them on Scammer.info for further exposure.
REMEMBER - DO NOT TARGET INNOCENT PEOPLE.
Basic social engineering will help you alot when talking with a scammer. Pretending to be their perfect demographic target (people in their 50s who believe they are talking with someone legit), playing dumb, along with mid talk delays will do: "Sorry, my dog is barking at the door again. Let me go ahead and pick him up, otherwise he is gonna start scatching it again." - take a 5-10 min break. Just make him waste his time as long as you can.
Found the scammer's IP Address? Search for their ISP and get in contact with them. Found a scammer's website? Search for their domain and get in contact with them. Where do I find their ISP or domain? Simple: Who.is
Who.is is a very powerfull tool. It's purpose is to get hold of all the website's public information. Maybe you'll find names, but the crucial is to get their ISP or domain.
Found a phishing scam? Take a look at gotphish.com
There is no point in calling the authorities. Corrupt to the core, they are bribed by scammers to have their mouth shut, keeping the scam scheme running. Very few times you see them take any action.
Are you a pop-up hunter? Here are some tips. Always:
They are finding ways to hijack the browser entirely, while also installing remote administrator tools/trojans on a victim's PC.
If you have a decent PC, you might consider running a virtual machine. I say "decent" because it will need enough power to host a computer inside your computer. Why having one? For various reasons, including scambaiting, in this case. You can simulate a computer, a virtual decoy, and have the scammer toy with it. Your goal, while setting up your VM, is to "stealth" it. Search for it. Maybe I'll do another thread on setting up a vm and steathing it, but I'll leave the challenge for you to find a way yourself.
A virtual machine is, in a short term, a test lab. Got hold of a suspicious file? Run it on your VM and see what he does. Want to scambait a technical support agent? Get him on your VM and have him do his show safely.
What happens in your VM stays in your VM. This means your physical machine - your personal files - will be safe from scammers, leaving them to only mess with the virtual machine you put in front of them.
Any questions? Feel free to ask here. You can also ask questions at TLS (Scammer.info's Discord Server).
Any constructive tips are always welcome.
Happy hunting.