I'm new here.

I’m new please Play nice…Ok, So, yes… I have been watching Youtube and discovered (Probably by accident) a thing called ScamBaiting.

It does look very interesting, I'm wondering if there is a list of Australian Based or Indian based numbers that I can call from my phone?

My idea is; have a second number ($2 sim) and make up a totally non-existent persona to fill in the details, online or at events anywhere you think the list might be for sale, competitions, machos promos etc.
Kind of in the same way as everyone has several email addresses for spam.
Except this will be bit more involved, the phone will be not with me throughout the day as I work. But I might get a few numbers to call back... Or might get a scammer calling me after hours.

I have a few questions:

#1 Can I use Skype? I have a mixer and intend to add sound FX where needed.
#2 Does Skype assign a number to you, if that get blocked can it be changed?
#2a My intention is use a mobile phone, but I have just realised that might be costly if I was on the call for 2 hours, although a cheap plan in our days is all inclusive anyway.

I see the guys online have a Virtual Machine running
#3 Can this be done on a iMac? I can see a huge benefit with keeping these scammers talking to me not a poor granny.

In some ways I'm driven to do this as a reply from my parents getting several calls each day from scammers, they are wise enough to know better but sadly some seniors are ripped off.
In other ways I can see some great fun in playing with them while they think I'm following their request thus holding them up and stopping them scamming anyone else.
Also to help raise awareness among my peers and others.

As I mentioned I have a pretty full-on arsenal to get these scammers moving.....
iMac, Mixer, voice transformer and a very long story for scammers...

I just need some help protecting my IP address and true Identity.

Can you guys point me in the direction of some software that might assist?
I need to achive a Virtual Machine, VPN, Conceal my phone number. The standard tech stuff.

TIA.

Regards

@ScamExposed#90964 Hey welcome onboard I guess many people join scambaiting through YouTube videos. Even me I started by watching Jim Browning and back in the days Lewisstech.

**#1 Can I use Skype?** Yes you can use it, it's free!
**#2 Does Skype assign a number to you, if that get blocked can it be changed?** That's the drawback of Skype: they have like a pool of numbers out of which you randomly get assigned a number each call. But the pool seems to be rather small so I see many scammers who have blacklisted Skype numbers by default so you cannot reach them. Also the number cannot be changed manually.
**#2a My intention is use a mobile phone? ** Depending on your country there might be flatrates for calling but either way it's gonna cost.
We suggest to use TextNow ( https://www.textnow.com/messaging ) as it has an website interface and Android/iOS app where you get a free US number and you can make free calls to toll-free and non-toll-free numbers in the US. Note it requires you to be from the USA or have an American IP to sign up. If you are not, request here someone to create an account for you. This requirement seems to be just upon account creation, once that is done you can use it from anywhere.
You get one phone number that will be assigned to you. If you go inactive for more than 2 weeks then you'll lose your number and next time you're active you can choose a new number. So best solution would be to create 2-3 TextNow accounts and cycle through the accounts, always keep one account inactive so you can get a new number if you require one.
Another alternative is Talkatone. Same thing, only difference is that it doesn't have a web interface, just exists as app. And you can "burn" your number 1x for free and then you pay $1 for a new one if you wish to.
I heard also about https://www.citrustel.com/ which is a pure web UI based service and doesn't need registration at all. Not really tried it though.

**#3 Can this be done on a iMac?** Yes, Oracle's VirtualBox does exist for iMac ( https://www.virtualbox.org/wiki/Downloads ) and probably VMware Workstation aswell but I haven't checked it.

**#4 I just need some help protecting my IP address and true Identity. ** Usually (in 99% of the cases) scammers are pretty dumb and don't have the time to go after individual scambaiters. They're there to crack sales, if they dont they get taunted by their bosses, and every minute wasted is a minute they're missing out on their next call.
So usually it's safe without VPN however if you want to be safe you can use Windscribe ( https://windscribe.com/ ), it's a free VPN, if you confirm you email address you'll get 10GB traffic per month.

You can use skype and link the number to your sim card number. Then use skype out and their rates (free for most popups). It doesnt matter if the prepaid sim card gets abandoned, Im using skype out with a phone number that has been out of service at least 5, maybe 10 years. You can also use Skype (or google voice) and verify a number you obtained elsewhere, like textnow.com, though Im not sure that is available in Australia. Using a VPN you can always pretend to be in the US and get a textnow number, then feed that in to skype or google voice.

Speaking of VPNs, Im going to disagree with NeeP, and highly recommend you get a good VPN. While its true most tech scam operators are clueless and pose no real danger, IMO its not worth the risk of revealing your IP as its always possible you encounter someone skilled and dedicated. And even if they are neither, many are rich enough to hire someone if they really wanted to. Yes, its unlikely, but VPN will also help with things like getting phone numbers on VoIP services and if you are going to pretend to be in a different country, scammers wont be able to see you are lying just from your IP. Besides, VPNs are useful beyond just scambaiting and not that expensive. just get one. I use NordVPN myself and Im quite happy with them.

I have no experience with Mac. But would you install windows or macos in the VM?

@NeeP#90968 wow great informational post!

@Vertigo#90982 but IPs are basically meaningless unless a government agency who has the power to contact your ISP to get the info which client was using that specific IP address at the given time. Residential IPs are dynamic and change all the time, for me it’s each router disconnect/restart. And they are not very precise in giving geo/location information. For example you could see London but not which street or area of London.

I’ve baited even big companies like America Geeks without VPN and never had a problem.

Also most scambaiters don’t cause enough damage to be interesting for the scammers to pursue. Especially if the scambaiter calls different scammers every time like most people do I guess.

NordVPN is keeping logs and, same as explained with the ISP above, they could reveal your IP to the authorities.

My IP hasnt changed in 6 months. But even if it changes more frequently, there is no guarantee the scammer wouldnt launch an immediate attack. What could they do? Normally no more than any other hacker at any other time, I dont want to overstate the risk; but the difference is you could be targeted and especially if you run windows, its unlikely you are invulnerable. Even if you feel confident about your PC, they could also target your router (old routers are REALLY vulnerable), 3d printer, whatever. Things could get even worse if any of the recent CPU exploits find their ways in to usable hacking tools, in that case giving access to our VMs could reveal information, passwords etc on our host OS. Granted, this is serious concern even with VPN, and a VPN offers only limited extra security in this scenario, and but whatever little it could help, I’ll take it.

As for authorities, Im not suggesting using a VPN shields you from them. Although NordVPN does claim not to log anything: https://support.nordvpn.com/General-info/Features/1047407432/Do-you-store-any-logs.htm
I wouldnt count on it when authorities are involved, but as we are not peddling nuclear weapons, thats not my big concern. Maybe if you use call flooders its a different story, but Im sure people doing that know how to protect themselves.

Thank you for the great information, I was experimenting with a VPN last night seems ok.

Next to buy a $2 SIM and build a persona perhaps via skype or an old phone.

The idea to harvest many numbers is place yourself (not your main number) online where ever you can...
I’m building a persona loosly based on a late grand parent...

So, when getting involved in these competitions or where ever you know the details will be sold, you can fill in all the details as this other person...
Often they only ask for name, email, phone number...

I’m pretty close to being setup.

Should be interesting.

@Vertigo#91025 VPN does not protect against CPU exploits or any other exploit meantioned by you. It just cloaks the IP identity which again usually changes pretty fast, maybe depending on your internet service provider. I have never heard about some scambaiter’s router being attacked by a scammer. The maximum script kiddies can do is like DDoSing an IP but these services are paid so you would get an internet outage of maybe max 5min lol.

But true, if your IP doesn't change so fast by default, it's probably better to cloak it. It seems you're having internet via TV cable and not DSL. It's just for scambaiting alone I don't think it's viable to spend so much money for NordVPN when that's just some "hobby". I mean yeah you can use the VPN for everything but that's just me, I wouldn't pay that much for only a little bit increase of security. That said, I do have a lifetime of some VPN provider but it was quite cheap and it's a lifetime cuz I love to pay 1x and then never again. Fuck subscriptions :P

@NeeP#91063 "VPN does not protect against CPU exploits or any other exploit meantioned by you. "

No, of course not, but if the exploit provides them with passwords for your windows admin account or RDP or whatever, that info is a whole lot less useful if they dont have your IP.

As for routers; my point was not that scammers particularly likely to target routers, but that if they want to target you specifically, and have your IP address, even if your PC is super well protected, chances are very high your (and my) router is vulnerable:
https://threatpost.com/threatlist-83-of-routers-contain-vulnerable-code/137966/

Exploits could turn a router in to a network sniffer, make it part of a botnet, or just provide access to your home network which most likely contains a lot of legacy or poorly protected devices that havent seen a security patch in years. Anything from NAS drives, wifi doorbells, security cameras, (3d) printers or even smart TVs.

People tend to connect everything to the internet and then underestimate their exposure. A VPN is certainly no miracle solution, but for a few bucks per month, I would at least strongly consider it, even regardless of scam baiting. For netflix and torrenting alone its worth it ;)

It’s worth mentioning again though: these people are usually idiots. They want your easy money, not a botnet of your devices. I advocate security in computing to the point where it’s my major in college, but if you encounter a very tech savvy scammer, they’ll probably just find out you’'re using a virtual computer and hang up. I’ve played with a lot of detection and clues are everywhere.

Speaking of which, on virtualbox, you need to edit your registry (or rebuild the source for vbox but who the fuck does that???) and change the bios to something else EVERY SINGLE BOOT (or make a batch file to do it at startup). If scammers knew what they were doing, they'd just do a registry search for keywords related to vbox, but they're not and it's pitiful.
While I'm at it, The registry editor (regedit) is actually a really useful tool for VM obfuscation in general. One thing you can do is delete win+r run history so they don't see all your variations on "iexplore www.helpme.net" and "hh h" and "www.fastsupport.com" and... etc. I've had better scammers who checked device names for anything vbox, so changing all the friendly names on your devices can help. There are various guides on that great tool we all share called google.

Here's what's dangerous that they CAN and DO do. Scammers, if they get very pissed at a caller, will look up the data on the number and call 911 stating that the person who lives at the location of the number is armed and dangerous (or the like) causing a swat team to arrive. DO NOT USE YOUR REAL NUMBER! again, Textnow, and entirely fake location details.
oh, and I shouldn't even have to say this but
*67 DOES NOT HIDE YOU FROM TOLL FREE NUMBERS DO NOT USE IT EITHER!

Tag: promotion
It's rare, but I just had an encounter where scammers ripped a password off my vbox (for fortnite. feel free to hack Arthur's account) https://youtu.be/yipxTVgKxMg?t=682. Don't log in to any real accounts on your virtualbox. We also try to keep scammers away from the website, so I sometimes remove it from my search history if I visit it on the VM, even if I don't log in. I transfer files through my webserver instead of google docs or emailing them. Shared folders and clipboards aren't a huge danger, but they're not the safest either. If, like most muggles, you don't have a webserver, you can use public pastebin links, provided you're copying text that isn't private.
Tag: /promotion

Oh yeah, and most residential internet using Dynamic IP, so even without a VPN, odds are they're gonna have trouble if you reboot your router or wait however long it takes for your ISP to cycle you. It's actually quite annoying because it means I have to continuously update my DNS for my webserver.

This has been rambly but I hope I helped.

Youtube: https://www.youtube.com/channel/UC9HxH2qIxvdY_IewWZ2BrGw/
Patreon: https://www.patreon.com/Alphactory
;n;

Destroy them.

>

It’s worth mentioning again though: these people are usually idiots

The agents, yes. But to restate my point, if you are successful at wasting a lot of their time, or even do worse like rat-ing them or deleting their files, you cant discount the possibility the people in charge may want to take revenge. We have already seen some take legal action, if they can hire a lawyer, they can also hire a skilled hacker in India. They can certainly afford it.

>

Speaking of which, on virtualbox, you need to edit your registry (or rebuild the source for vbox but who the fuck does that???) and change the bios to something else EVERY SINGLE BOOT (or make a batch file to do it at startup)

Nope. My VM is hidden 99% and rebooting doesnt change anything. device manager, msinfo32 and dxdiag are entirely clean, except for the easter eggs I put in there (device manager has a Scammer Detector device) and with one exception I only noticed recently, a driver name in dxdiag, but thats probably an easy fix. It took a lot of googling and trial and error, and it may also depend on the OS (Im using win10). Remind me, what is it that resets upon reboot on your VM? Maybe I remember how I fixed it.

From memory, I used several techniques; changing the BIOS information is done by running some vbox commands in the command line. No compilation needed. Changing device and driver names, I did by editing some inf files in windows/inf and registry keys for the dac and video chip. I believe I even posted that here.

That said, If you search the registry for vbox, you will still find plenty of entries, so its not impossible to detect. But at least it wont show up in their remote diagnostics using gotoassist, or in any of the apps they use to prove I have problems on my machine.

Thank you all once more.

A lot of this went over my head, I consider myself Tech Savvy but I will fumble through the rest.

Might be simpler just to keep them off my computer for the short term, build a Virtual Box when I find my feet in this dark world of Scamming & ScamBaiting.

In the short term I'll use a Voice Transformer, phone number spoofing tool for my mobile (not my main number) totally and intentionally place the number and details in places that could/will end up in Scammers hands.

I have been working through getting the mixer/voice transformer and iMac to work together happily.
Nailed that so far... Given I'm no Audio Engineer, again that's also a fumble....
Lucky for me I have some ability..

And well you guys to help guide me through.

Take care.