How to find Fake Microsoft scumbags

Quick intro; skip if you don’t give a shit. <3
Been here for over a year, but I only started posting recently. I used to just call up Indian tech support scammers and yell “bhenchod” into the mic, but now that I have more time, I’m trying to get better at effective scambaiting (aka going for more wasted time more than quick laughs). I’m a hobbyist programmer, and also currently studying cybersecurity. I feel like social engineering isn’t really my strong suit, so my #1 goal right now is to waste >2 hours in 1 call, and if I ever reach that, I’ll try and reverse connect my way into a call center for the first time. So yeah, that’s what’s up for me on here.

Intro over, now to the reason you clicked here: I’ve posted 5 of the same exact popup with different phone numbers now, and literally 0 other posts, so I believe a proper tutorial is due. Also, I guess I don’t want to look like an “inside scammer” for finding the same exact type of popup 5 times and get banned. Here’s how I did it without an insider:

1. Disable any extensions that block scam sites OR pull up Incognito Mode (and disable blocking extensions if they’re allowed to run in Incognito)
I usually disable uBlock Origin, because it’s annoying to keep hitting “Allow (temporary)” on every popup that gets blocked. Better yet, if you feel up to it, do this stuff in an incognito tab. It’s not really something I’d recommend doing in a VM unless you have a beefy computer and there’s such little lag that it doesn’t justify the risk of a drive-by download. Incognito Mode also has the benefit of resetting cookies when you close and reopen the window, which can be useful for scam sites that ban you via cookies/localStorage rather than IP.

2. Pick a popular site people use a lot.
Don’t discriminate between sites “old people” use a lot. I have sometimes found fresh popups from Twitter, and old people don’t use Twitter nearly as much as those other sites you probably immediately thought of.

3. Screw with the URL a bit
Make common typos, like replacing Ls with Is or 1s, or replacing Os with 0s. Slightly less effective is the easier option of just inserting a random or duplicate letter. Also, one of my favorite strategies is to add a couple Ws before the domain, as if you forgot to press the dot after WWW, although that usually works better with 2 or 4 Ws for some reason.

4. Try the site
If it redirects you, keep trying it! If it redirects you to the same site over and over again, clear your cookies to make sure it’s not remembering you. If it remembers your IP instead of using client-side stuff, I wouldn’t recommend using a VPN. It’s not worth the time and usually gets filtered by DDoS protection. @terriblename said a pretty good tip in the replies: you can enable tethering on your phone with mobile data and get some easy legit-looking IPs on your computer, and if you search for these popups often, it’ll prevent you from being marked as spam as well. If it says the site can’t provide a secure connection, click on the address bar and change the https:// to http://. Often times, your router will warn you about scams and phishing sites via a man-in-the-middle type popup before visiting the site, and since it’s running MitM it screws with HTTPS, which was designed specifically to prevent your average “Starbucks WiFi” black hoodie Macbook script kiddies from doing that exact sort of thing with fake login screens.

5. Ignore One-Sided Scams
Many scams attempt to fool you into doing something without any way of wasting time for the creator. These are NOT what we’re looking for right now. If you have the time, report the sites to the hosts, but if I were to report every single “download this virus pls” page I’ve seen in the past week, I’d still be writing emails to this very moment. Reporting those pages isn’t really worth the time if you’re specifically searching for fake tech support, because of the sheer number of them and how easy it is to make a new one. If you find fake forms asking for contact info, you can fill it in to be put on some scammer’s contact list, and you’ll probably receive more spam to bait later, but those will rarely lead to human scammers (sometimes you’ll be asked to input antivirus info or whatever and THEN it’ll give you a number for “support” on your “next setup steps,” so actually read the page before closing it because “durrrrr form bad hahaha form = no phone number here, let’s move on guys.” Pages will often daisy chain scams together infinitely, sending you on to a different sponsored scam after you finish giving them your info, so if you are in a chain of 3+ different sites asking for your data, just give up. Forms leading to numbers is already kinda rare for this sort of scam, and chaining post-scam redirects together is usually something only survey “human verification” scammers do. TL;DR don’t download viruses thinking you’ll meet a human lmao. You’re here to waste THEIR time, not the other way around.

6. Post the number here, and have fun!
This tutorial assumes you already have a VM set up and are familiar with the actual scambaiting process, so I won’t explain any of that. All I ask of you is to contribute back to this forum, because often times the numbers I find here are down. That being said, MAKE SURE THE NUMBER YOU FOUND WORKS! On the bright side, if it’s down, that’s usually due to them not wanting to put up with our prank calls and shutting down the number. If you’re able to scambait and don’t have to do anything, it’s probably a good idea to wait for the scammers to “figure you out” first, so nobody calls them and warns them of prank callers. A lot of these clowns don’t even block you, and usually you get sent to a different scammer on your second call, so rain hell on their phone line until they finally take the time to block your number. As usual, I’m just gonna give a reminder that you SHOULDN’T USE YOUR REAL NUMBER. (probably posted here a million times, so I won’t explain why. do some research lol)

Ext
Being a programmer, I’m considering writing a script to automatically find scam sites. I’d make it replace/shift URL characters similar to how password crackers slightly change letters in guesses. Then, it would just get rid of all the 404 garbage, and you could look through em. It could also find the HTTP status code 302, 308, or whatever it’s called and show you each page that redirected, which is a good sign of a scam (or maybe the page just uses JS to redirect, in which case I’m kinda screwed) If you guys are interested, I could get started on it soon.

[size=4]- Dex (aka Yuri)[/size]

Excellent write up with a lot of good info and advice. Thanks!

Good work explained and good info … Thanks

cool thanks

Great tutorial! I’d be really interested in a script. I’m not so good at programming, but I do like the prospect of using an automated script to find scam sites! That way, I won’t have to search for typosquatted domains anymore!

I used to use gen.sober.monster for this, but it doesn’t work as well as it used to with popup finder set 1 and 2 so I think the most efficient way to do this is create a list of these domains and then open a bunch at once

If you open these urls which are porn ads, they can redirect to popups as well. I use this chrome extension to open multiple at once and you have to allow notifications for the scam redirects for them to go to a popup. I use this chrome extension to block images and video but I also have a very long blocklist I created of things that aren’t a popup or a redirect to one to save time. There are a bunch of other things I do but I don’t want to make this too long

https://puwpush.com/popunder/in/click/?mid=2265136887&pid=0&site=23578849&sc=US&subid=0&sid=0&cid=10289&price=0&is_cpm=1&cpm=2.7&ecpm=2.592&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=0&ver=&ver_c=&refdom=txxx.com&hostname=auc-popunder-hz-1&site_id=-1&spot_id=0&utm_source=&utm_medium=&utm_campaign=&utm_content=&expirationTimestamp=null&created_at=0000-00-00&auction_queue=0&burl=undefined&ip=&testab=0&capping=0&min_cpm=0.7389662&ttl=0&space_id=3686480&adblock=0&url=https%3A%2F%2Fkts.vasstycom.com%2Fin%2Fd%2F%3Fidzone%3D693973%26ad_sub%3D0%26site_id%3D0%26user_id%3D11fb230648804094073338ce3c962156%26zone%3Dssp_pop%26bid%3D2.7000%26tds_min_pr%3D2.7000%26sp%3D0.7389662%26utm1%3D%26utm2%3D%26utm3%3D%26utm4%3D%26screen_resolution%3D1920x1080%26p%3Dhttps%253A%252F%252Ftxxx.com%252F%26ad_tags%3D%26mo%3D%26ve%3D
https://11637.cuculf.name/jCJCDIc4NQ7nZtdxoEWUMWYX08lc_d2MePYSfpPIF5gVNprB9t8A8siLUIM1fYfJlYoGJaMlg_XoQe_mT7K_WxaXmKfcubGdcgVxS7kuLXNvtMggooaHjwZEaUCO2IWnAQdtIA?kws=exclusive%2Cpremium%2Ccams%2Ccontent&abl=0&fsb=0&pageUri=https%3A%2F%2Fcamcaps.to%2F&referer=
https://flare.vtube.to/jSFDCoY3NAzlZtdxoEWUMWYX08lV_NmHevpYfo_FTpcVY5Sc9YhXo8KHV4NqfdeYko4EdqJyh63rEu_gSuW7NS6VmqTApLmJbQMcLr8kJHphv8pLrnSaL40lq_L5pUdCqqP9fiU?kws=&abl=0&fsb=0&pageUri=https%3A%2F%2Fcamcaps.to&referer=
https://11637.sparksne.com/hy1ODoc2PArnZtdxoEWUMWYX08lc_d2MePYSfpPIF5pAPpTC9dgH_cKKB99leNeelI9TcfJw1vu-RrrnHefuWxaXmKfcubCdcghxSL0uLntvsckgokyp1PVilO_wdU3-2fPYkw?kws=exclusive%2Cpremium%2Ccams%2Ccontent&abl=0&fsb=0&pageUri=https%3A%2F%2Fcamcaps.to%2F&referer=

Yep that’s pretty much what I do. Their DDoS protection thing gets kinda annoying though, when it detects I’m opening those pages a lot and keeps redirecting me to that one PrEP site or job postings instead of actual popups.

image500×416 33.8 KB

Also, I’ve found DNSTwister kinda does the same job as that script I was planning on making. Maybe I can still make the script to detect this specific type of scam by checking the page title tag, but I’m pretty busy and that site will do fine for now.

Thanks for those extra links, by the way.

It is best if you have access to multiple residential ip addresses. What I do is tether my phone to get a different ip address and then if I need a different ip I can toggle airplane mode and then I get a new ip address. I’d recommend not finding popups on your home internet btw as it will make your ip quality score worse Proxy Detection Test | Detect Proxies With Our IP Lookup | IPQS. If your ip quality score gets worse, you will stop getting served popups as much and you will get captchas throughout the internet.

Download TuxlerVPN for free and enjoy 10 residential IP switches a day. Subscribe to the premium version for 100 IP switches a day ($9.99 USD/month). Personally I use this VPN as it’s P2P-powered and “borrow” other residential users IP to find popups. They not only have IPs of USA but many countries worldwide. It’s kinda slow though, is the only downside, can’t seem to go above 5 Mbps.

Non-Affiliate Link: https://www.tuxlervpn.com
Affiliate Link (If you want to support me): https://www.tx10trk.com/HCZ3GL/2CTPL

yea pretty important tip, imma put that in the post

… Where did you take this Links Bro ? … lol…

Good tips – see my post How to get scam popups
This list is pretty extensive and I’ve found several MS fake support scams. Important to turn off popup blocking and advertisement blocking.

Yooo I’ve never heard of OpenMultipleURL! That’s gonna be pretty useful. What I used to do is just middle click the folder containing all the scam bookmarks, but that requires actually saving the bookmarks which gets annoying when you just want google.com to autocomplete correctly. How in the world does that thread have 0 likes?

From porn websites

Thanks man for the advice! I have already messed with 3 dudes on my virtual machine today.

It makes it a heck of a lot easier to just copy/paste the list and hit “go”. Just make sure you allow your browser to open up multiple tabs and youre good to go. Why that post has no likes? No idea, but that’s OK. Im glad to know Ive taught at least one person something new

I use this chrome extension I linked in a previous post to do the same thing a little bit faster https://chrome.google.com/webstore/detail/openlist/nkpjembldfckmdchbdiclhfedcngbgnl?hl=en