For a few months now, I have been using nothing but a voice changer to scam bait, and I’ve been able to keep scammers on the line for over an hour. I didn’t feel comfortable letting them on to my computer, even with a virtual machine. However, I have gotten my hands on a few old devices I am completely willing to risk.
I want to ask the community about how to get started, mainly I want to know what virtual machine I should use, what I need to know to stay safe, any other tools I would requires, as well as any other information that might be at all helpful.
Alternatively, you could also use Oracle VirtualBox. I personally have yet to get that far in my scambaiting journey, but if I can reverse the scammers’ remote access connections and get them reported to the likes of AnyDesk and UltraViewer…
You are doing a fantastic job holding them up for an hour! As a doddery old granny who enjoys acting dumb and who plays her own game of " how long can I keep them from scamming others" I applaud your efforts. My own PC and coding skills are limited as well, C++ and Java, and a tolerable understanding of Windows and IP, so I never allow them to connect to me either, even though I have a basic understanding of VMs . if you don;t feel confident about taking it to the next step, you don’t need to.
Vmware isn’t really safer, both are maintained and patched, so you are just betting on zero days. Vm escapes as far as scambaiting is concerned is just fearmongering. Scammers are not wasting their time trying to develop zero days potentially worth hundreds of thousands of dollars to try and escape a random baiter’s vm. There is zero risk of scammers escaping, given that you do not have any bridges to your host or other parts of your host network. Basically do this:
No shared folders or drives
Simulated network
Up to date software
VPN on host
Reset vm after each use
And you won’t have any risks. If you want to go with direct hardware, which I don’t recommend, I would section it off with your router and force the traffic through a vpn. Use deepfreeze or something similar to get bullet proof restore points.
I dont think the VM is necessary. It takes skill to keep them on the line for a while without one. My show is based around seeing how many ridiculous things these guys will say/do because they are blinded by greed. And I never use a VM. You can still be useful and report addresses, bank accounts, zelle/cashapps without using one.
I share similar sentiments by others stated here regarding your ability to keep them talking for that amount of time. That is a type of skill that I believe is tacit knowledge or at least takes significant discipline to effectively master. The nuance and complexity of being able to control a situation wherein you are supposed to be the one without any control is 4D chess levels of moves being made.
Having that ability it is likely that you would be capable of also baiting usable intel out of them which is a part of having them connect to you anyways. Aside from that would be seeing how the scam is set up more thoroughly and utilities utilized within that process. Beyond recon is where there is either a pretty dedicated effort furthering the amount of time wasted or everything that falls into that grey area essentially.
Depending on your tech skill set would determine the most relevant suggestions such as the ability to utilize a fake bank website set up to be convincing to the scammer or other type of acct they are trying to access. If you are more a networking type then its running things like wireshark for example and seeing where the connection is coming from.
If you have a completely extra/disposable working device sufficient for running a vm and being able to also have your native OS handle whats relevant to ensuring its functions that is certainly a better start.
Honestly if you have an identified strength in scambaiting that is significant collaborating with a few other people as one efficient unit is one of the best ways to yield successful outcomes. I felt that having different elements covered by different people cohesively made things not only efficient but also secure.