This time I could keep them busy for about 4:30 hours (but including an hour pretending to be at the gift store when i was not on the phone). TL;DR: because I pretended not to have an eMail account, they tried to setup one. While doing this, they were using the following number for verification, which all didn't work, except for the last one:
- 1-315-202-1311
- 1-315-702-6722
- 1-347-233-6099 verification error message: "This phone number has been used too many times."
- 1-304-873-8432
- 1-315-702-6722
- 1-855-952-0595 this is also the number he told me to call once a month for maintenance
- 1- might be interesting, because it might be not a VOIP number and connected to the scammer persons
Video:
https://www.youtube.com/watch?v=MnuSGtCxtdo
I cut some parts in the video, but you can see the wall time by looking at the bottom right system time. Detailed log, with video timestamps:
- first I was transferred two times to someone other
- then he told me a wrong page, www.support.me
- sounds like a small scam center, you can hear 1-2 persons in the background
- the windows support page really completely locked up my computer, couldn't do the Windows-R thing and start iexplorer. This needed some time, including computer restart :-) Typical stupid conversation at 8:09 in the video:
scammer: press Windows and letter R, do you see the run box there, right?
me: No
scammer: press Windows, hold it down and type the letter R as in Roger
me: Yes, nothing happens
scammer: so what did you type there, "iexplore www.support.me"?
me: No, I can't type anything
scammer: ok, please type in that box, "iexplore"...
me: No, there is no box, the PC is hanging, I can't do anything
etc.
This was only half pretended. The website really slowed down my VM a lot. You can see later in the browser history that it looks like it reloaded the page continuously and probably did a lot of other 100% load background processing to make it more difficult to close the page.
- after the “reboot”, unfortunately there was a Windows update, which needs really some time. “1%. Oh, now it is 2%. And now 99%” but still needs some time
- 12:14 scammer hang up for the first time, didn't expect him to call back, but a few seconds later he called back.
- finally www.support.me opens the webpage sercure.logmeinrescue.com
- 14:20 the scammer realized that he told me the wrong page, and let me enter www.helpme.net
- the usual webpage appeared. My name was "Maria Risotto". You should really try risotto one time, it is an Italian dish and tastes very good :-)
- 17:11 finally he is on my PC. His pretended name was "Alex waren" (he used the wrong lowercase w for his last name)
- 17:32 some smalltalk, "your cat is lovely" (desktop background). "yeah, sometimes she is a bit angry, maybe she didn't like to be photographed"
- meanwhile the scammer uploaded the "Microsoft Windows Malicious Software Removal Tool" in the background on the VM without asking me and started it. Verified publisher: "Microsoft Windows", looks genuine. Interesting fact: He didn't start it with the mouse, so looks like the remote desktop software allows to start any program without me seeing it
- 20:12 the call is transferred again to another person
- pretended hangup again, or maybe they are too stupid to do the transfer, some chat on notepad that they have trouble calling me back, then callback again from them after 4 minutes from another person, now from the "supervisor" Bruce
- pretended he can't hear me, disconnected and called back again
- 22:50 the usual scare tactic, starting msconfig and showing me all the services which are stopped, which is toatally normal in Windows, but he tells me the hackers did it
- 23:10 talking in Hindi, maybe asking his real supervisor what to do next, and right: he hangup again and called back
- 24:34 he opens the "prefetch" files, showing me that there is "rundll32", and then trying to use Google to search that this is a virus. He has a bit of a problem with it, because it shows only German pages. Maybe I should use a VPN next time, but maybe not, was funny to watch him struggle :-) He says rundll32 is spyware. Of course this is wrong, it is a normal Windows file, a DLL from the operating system, and the "prefetch" files is a folder where Windows stores often used programs for faster start.
- 26:33 he opens "cmd" and then "netstat" to show me how many hackers are connected to my computer. Of course, also wrong, it shows only all network connections, which were initiated because of searching in Google and from Windows itself for update searching etc., has nothing to do with hackers.
- 30:18 shows me my IP address. He says: "Cybercrime is going on, people are using their computer for illegal work nowadays. So what the government did, they have given everyone an IP address. If you misuse your computer for any [inaudible] activity you can be easily tracked down by the government". And again, all of this is bullshit.
- 31:05 opens a porn page in my browser, then says this is what the hackers are doing on my computer. There is no hacker, the scammer just entered the pornsite address himself and opened the page.
- 36:13 typing in notepad what needs to be done and how much it costs. And he gave me another number which I should call once a month: 1-855-952-0595
- 39:19 he opens the Photos application, checking if there is something interesting. Nothing to see there (I should plant some photos for next scam bating), closes it again and continues trying to explain me what a "firewall". Some smalltalk, yes, he knows Candy Crush, he plays it, too. He tries to search for firewall definition in a webbrowser again, has problems using the Edge browser.
- 42:16 saying something in Hindi, hanging up, and calling back again. "Did the hackers hack my landline phone, too?", "Maybe, that's why we are disconnected again and again. These hackers are very dangerous. Yes, we can fix the landline phone, too".
- 45:27 total lifetime protection price is $1145
- 49:32 on hold for 7 minutes while he pretends to talk to the billing
- 49:36 hangup and callback again
- 50:18-51:32 tries to install TeamViewer, failed to do it
- 55:39 I pretend that I don't have an eMail address, he wants to setup a gmail account, tries my TextNow number for verification, didn't work, telling him maybe because it is a landline number. Of course I don't have cell phone, I'm living on a farm, no reception.
- 57:28 he starts msinfo32, maybe to check if this is a VM and I'm just tricking him. Oops, I forgot to fake one entry, shows "VirtualBox" for "BaseBoard Product", but looks like he didn't notice :-)
- 1:05:32 after some more struggling to setup a gmail account (man, he is really stupid), he tries another number for verification, might be interesting: +1-315-202-1311.
- 1:06:10 number didn't work, he tries yet another number: 1-315-702-6722
- 1:08:43 he wants me to enter my address and credit card. I entered a $1 burner credit card. Sorry, I don't type fast :-)
- 1:13:39 sounds like someone in the background is yelling, and the call is transferred to the "supervisor" Alex
- 1:15:23 looks like there is a problem with my credit card :-) he is asking me to buy gift cards. I should tell the store that I buy the gift cards for personal use, because if I tell them that I buy it for security and support, they will ask me for a tax, which will double the cost. Good tactic. I agreed to buy the gift cards. They tell me that while I'm away, they will start fixing my computer.
- 1:19:22 while I pretend to be away, they don't do anything, except still struggling to install TeamViewer
- 1:20:53 after an hour, they called me back. Meanwhile the supportme.net connection was disconnected, I guess timed out, probably the reason they wanted to install TeamViewer. But unfortunately I couldn't buy gift cards, my credit card was not accepted. I guess there is not sufficient fund anymore on the card :-)
- 1:26:15 they directed me to install TeamViewer
- 1:28:47 they are opening my camera without asking me for permission first. They wanted to see my credit card. Too bad there was no camera.
- file size limit for my audio recording was was exceeded, sorry for that, missed some of the audio before I noticed it
- 1:31:28 they are getting really desperate to get some money from me. He opened a random credit card validation site and let me enter my credit card number there. I asked them if it is safe to enter my number there. "Yes, no problem, it is a safe website."
- 1:34:36 they are checking my browser history without asking me for permission, trying to open some previous sites for my eMail account
- 1:36:00 checking my Windows user accounts
- 1:36:56 opening some shopping site in order for me to buy gift cards. The gift card product page didn't work.
From 1:37:53 it sounds like his headset died and he was now on speaker. From this time on you can hear better one other scammer in the background talking to a victim and some talking in Hindi.
- he tries some other websites to buy a gift card. Nothing works, he is really very stupid
- 1:41:30 he tries to create a gmail account again. Has problems writing my last name. You can hear the other scammer in the background having trouble to direct a victim to open the remote desktop software. He is definitely on speaker now.
- 1:45:43 he tries yet another number for gmail verification: 1-347-233-6099. Interesting error message for this: "This phone number has been used too many times."
- 1:47:19 and another number: 1-304-873-8432. Didn't work.
- 1:47:28 again one of the previous numbers: 1-315-702-6722. Didn't work.
- 1:50:03 he started over with the gmail account creation. You can hear a lot of background talking in Hindi and talking to victims. They are really very clueless and needed at least 2 people trying to create the account.
- 1:51:58 this is getting interesting, another number which they try for gmail verificatoin: 1-855-952-0595. didn't work. Again some discussion in Hindi.
- 1:52:33 they are trying to setup a temporary eMail address. They are too stupid to work out how the temp eMail website work.
- 1:54:32 finally they found a number which works for gmail verification: . This is probably not a VOIP number and someone could use it to track them down. But they failed to enter the right verification code. Did I mention they are stupid?
- 1:56:49 they gave up setting up a new gmail account. Instead they used an existing one: [email protected]. Unfortunately I was too slow to click the show password button, will install a keylogger next time.
- 1:57:23 you can see the content of the gmail mailbox. Something about an ad campaign for a Joyce M Kronenberg? Looks like it wasn't important, they are deleting the eMails.
- after this they were trying to setup a Paypal account with this eMail and my burner credit card number, which of course didn't work either.
- 1:58:35 I told them maybe my husband has another credit card or debit card. They asked me for his number, which of course I can't give them, my husband values very much his privacy. But I pretended that I will call him.
- 1:59:42 I disconnected the internet to the VM and they called back. I explained them that my husband is very worried about it and he told me that I should disconnect the internet and shutdown the PC. Too bad. But I promised he will be back in 2 days and then they can talk to him.
Excellent work there, tying up stupid scammers gives me a warm fuzzy feeling … either that or I have bladder problems, either way, a very good job well done.
Thanks. I can’t do as funny videos as Kitboga or track them down like Jim Browning, but every scam baiting helps, because they can’t scam other innocent people while they are talking to you. And if you don’t reveal that you are a scam baiter, maybe they even lose interest, because they believe it is not effective (the hope dies last).
I didn't call back, I guess they believe that my "husband" told me that everything is fine with my PC and that they are scammers. I got one missed call on Friday when they announced to call me back, but might not be them, maybe someone dialed a wrong number. It was (424) 250-0691, which you can find in this forum as well, but probably not a scammer. Maybe a robodialer from the US for a change.
@Snipez#122972 Because he tried to use it as the verification number for creating a gmail account. But given the fact that they couldn’t get the verification code right, might be just the number of another victim and maybe they hoped to call the victim to get the code. Or maybe they used a random phone number and hoped to guess the verification code. They were really stupid.
