Scam Number: 08
Scammer’s Website or Email: https://gowebmyntra.com/contact-us.html/https://bestfiveantivirus.online/
Additional information about this scam:
Over the past few weeks, I investigated and exposed a scam call center operating out of Delhi, India, using a combination of advanced ethical hacking tactics. These scammers were impersonating tech support agents and financial institutions to exploit innocent people around the world. Here’s how I systematically dismantled their operation:
1. Social Engineering Recon
- I initiated contact by posing as a potential “employee” via fake job listing responses and WhatsApp communication.
- I leveraged pretexting techniques to gather internal details—Wi-Fi SSIDs, employee roles, network topology, and even physical layouts.
- Manipulated insiders into oversharing on LinkedIn and job boards—classic OSINT extraction.
2. Physical Accuse & Insider Intel
- Through coordination with a local contact, we verified the building location physically.
- Photos and videos of the entrance, camera placements, and internal operations were recorded for validation.
- Insider dropped a USB Rubber Ducky payload device in their HR workstation.
3. Reverse Connection Payload
- Embedded a custom reverse shell (Python + PowerShell) in a fake “CRM tool” demo sent to the target as part of the job onboarding process.
- Once executed, the payload:
- Established an outbound reverse shell over port 443 (bypassing most firewalls).
- Delivered persistence via registry key + scheduled task combo.
- Allowed full RCE access to internal systems.
4. Intelligence Collected
- Recorded over 40GB of call logs, victim PII, scam scripts, and audio files.
- Extracted internal call software credentials, SIP VoIP logs, and backend admin panel access.
- Mapped out a full scam funnel: lead gen > initial call > fake payment portal.
5. Reporting & Exposure
- All data was securely handed over to cybersecurity authorities and local enforcement.
- Exposed their operation via a GitHub repo + a YouTube documentary (redacted sensitive victim info).
- Blacklisted their IPs, domains, and phone numbers through global threat intel sharing.
