Hi! I was talking to a scammer over the phone and he wanted me to install QuickViewer, but I said that QuickViewer wasn’t installing so he made me install AnyDesk. He connected to my VirtualBox computer, and on the tab which shows the person connected, there was an ID at the bottom. The ID looked like this: Screenshot by Lightshot (I can’t really show his ID because I don’t want anyone to connect to his computer). Can I somehow access his computer with this ID? Thanks to the people who comment!!
4 Likes
The problem is, you don’t want to break the law. If you were to do this it probably wouldn’t be the most legal thing also you most likely wouldn’t access his computer.
1 Like
Yes, it is possible. We can try to invite the scammer using Anydesk.
Also when we invite, the IP becomes visible in wireshark. That provides the location. IP is visible whether the scammer accepts or rejects.
Do you have the phone number of the scammer?
3 Likes
To add to this, you can also disguise yourself as either the scammer’s partner in crime (colleague) or as the scammer’s boss. I would just disguise myself as MICROSOFT TECH SUPPORT or something like that, or if you find the criminal company’s name, use that and it might trick the scammer.
Just a thought by the way.
2 Likes
I am going to reply to the 2 comments.
1st comment: I don’t really think that a scammer would call the Kolkata police or FBI on me. That would probably expose their whole scam.
2nd comment: I will try to invite the scammer using AnyDesk. Can you use GlassWire instead of Wireshark? If so, can you use GlassWire (or Wireshark) on your host computer and get the scammer’s IP on your Virtual Machine? Yes I still have the phone number of the scammer but they are not picking up right now. It is 12:24 AM as I am currently writing this comment, so it’s pretty obvious as why they are not picking up.
1 Like
You can really only hope he accepts whenever you try to connect via his ID.
A more viable method is while he’s connecting a window asking you to allow or deny him will show up. You can get his ID from there.
So as he’s trying to connect. You can open AnyDesk on your main computer (outside the VM) and connect to that ID and ask the scammer to accept, and the moment he accepts, you have to accept on your VM. If you do it quick enough the naive scammer will not notice you’ve connected as your VMs desktop appears before he has a chance to read the other window. This is how Scammer Payback does it. Of course, it only works with new scammers or those who just don’t know.
If you just so happen to have an ID then there’s nothing you can really do than hope he accepts during active hours.
6 Likes
Yes GlassWire or Wireshark (on host pc) will reveal their IP even if they reject connection request.
3 Likes
Unless it’s going through AnyDesk’s servers, which it almost always will.
–Edit below this line–
I decided to check if I was right, I connected from my phone to an azure vm via AnyDesk (didn’t connect through 7070) and checked on WireShark, I got results that looked like this
84753 375.163365 10.10.10.8 203.10.96.34 TLSv1.2 516 Application Data
95152 400.896757 203.10.96.34 10.10.10.8 TCP 60 443 → 61113 [ACK] Seq=42379 Ack=3757141 Win=1963 Len=0
(10.10.10.8 is my LAN ip) so is that it?! is 203.10.96.34 my ip?! well no, it’s AnyDesk, one quick way to check is if you go to http://203.10.96.34/
3 Likes
HELLO SIR THIS IS JOHN SMITH WITH MIKROSOFT
SIR THESE ARE ALL THE “FOREIGN IP’S” ON YOUR COMPUTER TRYING TO HACK YOU!
Sir Please Send X30 $500 Vanilla Gift Card and X30 $500 Apple ITunes Gift Card and then we will fix it.
3 Likes
Wow that sounds awesome
1 Like
I kept testing. the only times I was able to get the other desktop’s IP is when I connected via LAN. Or I was connecting to a desk with the port 7070 port fowarded (A very rare case so don’t ever expect to get a scammer’s IP this way. Still though I’d recommend to try, geoip the IP and if it’s anywhere inside India you probably have a scammer’s ip)
2 Likes