If you don’t want to go through all the hassle of disguising a virtual machine and getting it ready, then look no further. In this post, I present my pre-made scambaiting virtual machine and their required software:
I created this virtual machine for VMware so it works best with VMware products, e.g. VMware Player (free) or Workstation Pro (paid) to run. I converted it to VirtualBox as well which should work, just I don't know if it's fully disguised. Download the .7z file depending on which version you want. To unpack this archive, you'll need 7-Zip (download link below). Open VMware and click on 'Open' and select the .vmx file. I set RAM to 4 GB, depending on how much physical RAM you have installed, change it up to 8 GB for better performance. Don't assign more than 50% of your physical resources to the VM. The default user is *Ben*, password is *root*. This virtual machine has BestX Keylogger installed to see what the scammer is typing. To see the interface, open the Run box with ⊞ Win + R, then type unhide. If that doesn't work you need to re-install BestX Keylogger (https://bestxsoftware.com/). Also, I included a fake popup if you need one. It's located on the desktop as 'Micerosoft' link. You can edit the number in the HTML.
Troubleshooting:
The features supported by the processors in this machine are different from the features supported by the processors in the machine on which the virtual machine state was saved.
An error occurred while restoring the CPU state from file “C:\Users\person\Documents\VMs</s>\vmware\Neep Win10\Win10 Scambaiting by NeePWin10 Scambaiting by NeeP-Snapshot4.vmsn”
An error caused the restore operation to fail. Cancel the restore operation and correct the error, or discard the snapshot’s state and power off. The saved snapshot will not be affected.
If you receive this message, you most likely have an Intel CPU and since I'm using an AMD CPU, the saved snapshot won't resume as the CPU doesn't get virtualized properly. This is no big deal. Just discard the snapshot's state and reboot. Don't forget to take a snapshot of the VM once you are ready.
Hi, I am sorry if this is me being stupid but when I boot the virtual machine, it cannot connect to the internet. I have tried everything and it wont work. I was wondering if this is something because of how you made the VM or what?
@NeeP#181436 There isnt an error message per se. It just says that it is a wired connection but it is unable to connect to the internet. I have tried the netsh int ip reset and winsock, but nothing seems to work. I have messed with all the settings for VM network connectivity and everything.
@dcol5338#181488 I have no clue what the issue might be as it’s working for me and for others. Maybe change the network setting from NAT to Bridged and reboot the VM to see if it works. Also, does it happen with the VirtualBox or VMware version?
Edit: Another user had the same issue using VMware Player. Going to VMware Workstation Pro fixed the issue instantly without any other changes.
----
I updated the initial post with an update regarding the keylogger. If typing "unhide" in run box doesn't show the keylogger panel you need to re-install BestX Keylogger (https://bestxsoftware.com).
That's true. Luckily, it has been archived in the WaybackMachine, it's still available there: https://web.archive.org/web/20210214220701/https://cyberror.com/how-to/scambaiting-guide/
Awesome @NeeP
VMWare fusion player for mac is free for personal use.
Just now installed VmWare Fusion player for mac, unzipped the zip file using Keka for mac.
Actually when I gave scammers, access to my existing VM, they got doubt with the windows not registered but still tried to scam me. Also my existing my vm on virtual box was not that perfect…
Thank you so much, this saved lot of time…
Also the only thing missing is a fake “bank of america”/ “chase” inside this VM.
Few days ago, when I opened a chase demo, that scammer got so excited. He didn’t even realize that it’s a demo website.
Found a work-around for the bank website…
Opened the chase demo bank website in chrome browser,
Using the inspect element(which scammers usually do),
I removed the text “THIS IS A DEMO WEBSITE ONLY”
and replaced it with
“Trusted Certificate Issued by JP Morgan Chase & Co.”
Download 7-Zip: https://www.7-zip.org/a/7z1900-x64.exe