Refund Scam

Name - Peter
Call Back - 5013070009
Scam - norton refund
(501) 307-0009 is a MOBILE number serviced by ONVOY SPECTRUM, LLC.

Not looking for anything fancy, I am monitoring one of their systems (please for the love of god don’t alert them they’re hacked, this shit isn’t a joke scaring them will not help me or the victims) and heard this in the background. I need this number trashing before the victim calls back tomorrow so go ham. I want the victim to ring back a dead number tomorrow and not reach these scumbag scammers (they tend to find victims who have a fair bit of money, some small group)

Goes to voicemail for me

I think it went off but just spam it with crappy voicemails, just don’t alert them im on their systems.

I’m on it chief

Kolkata Chodes!
IP Details..

103.27.141.148

Just curious why you chose to get their IP? Is it to have a general location to get a good idea of where scams are, not against you doing it just don’t see it being nessecary to do here but am curious on what you do with them, either way good work thanks for baiting them.

bless, thank you for doing this.

Hello@ReconScammers, I do this for my own research purposes, getting IP’s helps with this and a lot of people here appreciate the input, this is Fun for me and a lot comes of this including accessing the occasional scammer computer and trying to gather info. Peace, and I appreciate your work very much brother.

Makes sense, so research and mapping purposes to see which places in India have more scammers is what I am assuming your doing which is cool, very good work brother I appriciate your work too.

I so much appreciate your work, and you are a light shining on all of us who do this work!

Not sure what you did to them LMAO but I just called them and they don’t wanna pick up the phone

Had an older relative just deal with what I believe are these specific scammers. They were able to access their bank account but luckily another relative intervened before anything was lost and the bank has been contacted to cancel access.

Details were the following:

Scam Email:

From: Anthony L. Hyder <[[email protected]]
Subject: Received Bill: Confirmation of Your Latest Purchase.3766773 - 960#D4S1-01

Honorable Recipient,

The details of your most recent purchase (3766773) have been
confirmed to us.I’ve enclosed the invoice for your records. Do not be
afraid to ask questions.Here are the specifics of the tracking for
you:

The tracking number is [3766773], and the predicted delivery date is
[April 30, 2024].

It is a privilege that you selected us.

Regards,
Anthony L. Hyder.

Attached was a PDF with an invoice written in rather poor English and a phone number to call 1-808-460-7089 .

They then had the person visit phelp1.org to screenshare, had them enter info in a google form.

They then had them log into their bank account and when logged in to the bank I believe the screen went black and they were told to enter $500, the scammer then claimed they had entered $50k but had really just transferred funds from a LOC to chequing. At this point, the phone was hung up and the computer powered off.

Thought I’d drop this info off here. My main question is whether the PC is compromised and needs to be reset. Do the passwords stored in Google Chrome need to be changed?

Thank!

Thank you, we will research this and make the scammers life living hell…

Be sure to get rid of the screen connect file, so they can’t steal anything.

Yes, the PC needs a reset and I can send the concerned person a link that scrubs the PC of any screenconnect files, you can DM me for information.

I would run this and run an antivirus scan and change all the passwords. If possible reset it but yeah it is comprimised, especially with these people they use ConnectWise which runs in the background and they can view it at any time.

Thanks! PC has been left unplugged since this happened. I’ll head over tonight to back up documents while disconnected from the internet and then reinstall Windows and reset passwords. Appreciate the info!