I just ran through the process twice with a scammer on a VM I’m running. Below is some information I gathered throughout the call, and basically an overview on how it went.
This is my fist attempt at retrieving info from scammers.
I noticed that both GoToAssist and AeroAssist are not traceable from Wireshark because the only repetitive IP that I got was to the mutual IP that their servers use in order to maintain a secure environment.
While I didn't retrieve any damaging information I have the extension for a technician, two of the websites they use for their fake anti-virus, and the account information they use to log in when trying to process payment
WeBio-Tech-Help.com/login
ID: A1124
KEY: d38022fa1bcf43f32493824e0ec8283a
Rebecca (EXT.2354)
Livetechnician.com/customplan
Key: 34232
Type: Copmuters
Issue: Windows
Sub Issue: Browser Issue
I gave a false generated CC to them for payment and then acted insulted when they told me it declined. They told me to check my e-mail (which I had given to them as a fake e-mail) on the machine they were viewing. I mocked a sudden shutdown and GoToAssist wouldn't reconnect.
I then got connected to a technician who used AeroAssist as an attempt to download GoToAssist.
He told me that I had to give them another card or try to call my bank. I then pulled up a separate scammer database where numbers are provided on the VM he was viewing. He tried to disconnect, but I then exaggerated the amount of information I drew from them.
He then tried to corrupt vital OS files from my VM, at which point I pulled up notepad to tell him he wasn't smart,
Here are all the numbers I have on them:
Rebecca:
888 389 7614, ask for Rebecca. Ext. 2354 and if they ask for a reason, you were disconnected
All others:
888 309 6869
888 592 8805
*Rebecca's key for LiveTechnician is no longer in operation*