Scambait Beginner's Guide

Scambaiting beginner's guide

Intro

Are you looking at how to scambait? First and foremost, thank you for showing an interest in combatting scammers, they are one of the plagues we suffer as a society with little action being done about them, so it is important for us to fight back and track down these fraudulent individuals and companies. Information is key, and the more we have on these scumbags the better. Take pride in the fact that scammers regularly talk about Jim Browning as if he strikes fear into their hearts, this means scambaiters are definitely making a difference, but we can always use extra help! Make sure you register for an account on Scammer.info so you can publicly expose scammers, they can threaten legal action all they want but nothing will happen to our site.

Mainstream media may have you believe scambaiting is racist and not actually helpful, but this is completely the opposite. Nobody is baiting scammers just because of their race, it is solely because they are scamming people! Sure people will bring race into it and make fun of indians by stereotyping them as scammers, but this happens to every race & ethnicity, there will always be people that bring race into things, but that doesn't mean everyone is thinking the same way. I'm sure you've all laughed at a stereotype joke before, Chinese having squinty eyes, British people loving their cups of tea and having bad teeth, Americans being fat & carrying guns, etc.

Scambaiting is also absolutely not a waste of time... for you at least! If you're wasting the time of a scammer you are saving someone else from being scammed at that time. The longer you keep a scammer tied up talking to you the better, so put on your best innocent victim act and keep them going until the end of time.

Getting started

You must remember that you are dealing with criminals. Never give any personal information out, and when posting information online make sure you include as much info as possible to help track down & prosecute whoever was involved.

It would be best for you to create a fake online persona, and use that as your identity whilst dealing with scammers. A VPN is optional, as there isn't much a scammer can do with your IP address besides DDoSing you and finding your approximate location. You can easily setup your own personal VPN by purchasing the cheapest OVH VPS server and sticking OpenVPN on it, this provides you with a cheap option to hide your IP address and will protect you from DDoS attacks.

Next, if you are baiting a tech support scammer or similar which requires use of your computer, you will need virtual machine software. You can use VMware or VirtualBox, which will need an ISO file of an operating system to work. You can download a free evaluation version of Windows from here, but this would be more obvious that it's a virtual machine to a scammer. There's a premade ISO file of Windows 11 available made by NeeP, click here to check it out. Scammers have caught on to scambaiters' tricks and will check if you are using a virtual machine or not, so check out this video from Jim Browning on how to make your virtual machine more stealthy.

See also: Fake bank & scambait tools by SoupNudle
Free alternative: DSJAS

Calling scammers

Obviously, you want to call the scammers to bait them, but what should you use? If you are unable to afford a VOIP / SIP service there are free alternatives available. Textnow.com allows you to have your own number, so a scammer can call you back, along with free calls to US numbers and other countries. BobRTC is a service made by scambaiters which allows you to call numbers for free, though you must gain tokens from calling tollfree numbers in order to call non-tollfree. The numbers on BobRTC are verified scam numbers and you are unable to call numbers not listed, only trusted users can add to the phonebook there.

You must never use your real phone to contact scammers, as they will most definitely use this against you, either by placing your number on a list to spam call or by spoofing your number so that lots of people start calling your number back believing you called them. 

If you want your own virtual phone number which can send and receive calls you can search for "voip service" in Google and find the best one for you. You will need a softphone to make these calls, again, you can find several good softphones to use on Google. Personally, I use Zopier as my softphone and Zadarma as my sip service.

Tracking scammers

If you're looking for something easy to use, you can try Glasswire firewall, which gives you realtime information of the devices connected to your machine. Some connections from scammers can be used to find their IP addresses, but this is not always the case. If you are a more advanced user, you can use Wireshark to trace the IP similar to Glasswire.

Using a RAT (Remote Administration Tool) to monitor a scammer's machine is an excellent way of obtaining information about them, however this process can be difficult depending on who you are dealing with. This is also an illegal act, even if they are criminals themselves, but they would need to personally file a report against you, so if they are scammers I doubt they would actually go to the police. It's best if you stay away from this area unless you know what you're doing, but of course you're not going to listen to this, I can't really expect you to. Just make sure you don't mess with an innocent person or cause damage to a legitimate business.

Usually scammers will keep files with victim's information on their computers, but this might not be as common anymore due to the amount of scambaiters gaining access to their machines. It is possible that you may stumble upon credit card numbers, addresses, full names and more of victims that have already been scammed, if this happens please contact one of the moderators or admins of Scammer.info so we can assist in contacting the victims so they can learn more about what happened and hopefully get their money back.

See also: ScamLockHolmes' collection of scambaiting resources you must be logged in to view this.

Want to upload your video clips to a site run by the scammer.info team? Try UploadClip.com

More to be added...

  • I found this guide useful
  • This guide wasn’t useful to me

0 voters

15 Likes

Thanks for a great intro! I’m trying to get back into the scambaiting scene and posts like this are super helpful. I did it for years back in the early 2000s. It was tons of fun, there was a whole group of us that worked together, developed tools, shared mailboxes, and all sorts of good stuff. Starting over from scratch and doing it alone is leaving me somewhat overwhelmed. That said, I’ve got a solidly convincing virtual machine, a good backstory developed, and a textnow number, so I’m going to dive in and refine as I go.

6 Likes

Please Cont This! its soooo good

It keeps telling me that ScamLockHolmes page doesn’t exist? I’ll assume that while I am logged in, somehow this is my fault lol. Loved the article, thanks for sharing.

Oh sorry, he posted it in the “Members” section which requires level 1 trust to view.
I’ve edited this so you only need to be a registered user now.

3 Likes

just a random thought, you could also recommend google voice? thats what i personally use, its free, and imo less sketchy than textnow.

3 Likes

This is amazing!

2 Likes

I’m actually a pen tester or ethical hacker im able to take over computers crating RATS or other known as payloads using Kali Linux and gain a backdoor to the computer having persistent access. Can record the scanners screen can download upload or delete files record video it audio from the webcam can also set a keylogger once we get the reverse shell we can literally pull all the passwords used for all accounts that were logged into from the scammer and we can access them reverse transitions help victims get their money back or warn them even shut down the accounts internally. This would do a lot more then just calling scammers and getting hung up on. But for some reason none of the scambsiters want to work with me and help me get onto the scammers PC. I have tried to do it myself and don’t understand how to get them to let me connect to them so I can upload and download files using anydesk. I’ve set up a virtual machine windows 10 and have tested the process out. I understand how or works but I don’t see how the scam baiter is opening another anydesk window and connecting to the a hammer after the summer has connected to them through anydesk. They all hide this part and won’t show you. And I don’t have that much time to be wasting calling numbers and getting hung up on. My job is to gain access to the computer and my job is complex enough I’ve recently made a video to show exactly how it’s done. It’s not as easy as people think I need a scam baiter to help me do the first half. Get on anydesk with the scammer in a way they can upload a file to the scammers desktop and run it. That’s it. We have Jim Browning access to the call center. Would make for some great content as well. But for some reason the scam baiter community doesn’t see my potential and im frustrated because now I have given up trying to infiltrate and take out the call centers. I could teach the scam baiter community how to hack windows computers. Mac OS and androids and have full access like Jim Browning. I do the same stuff. Just haven’t done it to a scam calling center before. I’m only missing 1 piece. The ability to upload a file to the computer of the scammer and run it. Simple. But. I have to call a million numbers to get 1. Then even of I get 1 I still don’t know how to make them let me connect so I have those abilities to download and upload files from their PC I don’t know how you guys are opening another anydesk up and somehow connecting to him while he’s connected to you so I can’t upload my RAT or payload or reverse shell to the scammers PC. I’ve made a thread here on this site. I’ve reached out to many. No compliance or response. I’m a little pissed off about it. And disappointed when I know I could be having a huge effect on the a cam centers fully exposing them helping victims and shutting them down but if a good scam baiter won’t work with me I cant accomplish this. I rely on them. They should see how much I could help the cause they claim to be here for maybe they just want the youtube content and it’s not about helping victims and shutting down call centers because they want to look like the hero. But have little to no real effect. Either way. I’ll leave a link to the video I specifically just uploaded to educate scam baiters on how ethical hackers like Jim browning and I actually take remote control of a computer once we get a reverse shell. By executing a payload. Fake Exe. Or file on the acammers PC. I had to demonstrate to show you im the real deal and what we can actually accomplish together. If people would just realize and stop trying to be a star :eight_spoked_asterisk: and actually try and accomplish more by working with me. - How To Hack a Scammers Windows Computer | Scambaiters Pay Attention - YouTube

2 Likes

I’ll help

1 Like

Hit me up on Instagram or discard as Cory Resilient send me a message let’s do this up

I don’t have either, sorry.

A large reason why nobody wants to work with you is the legal issue with it. Your best bet is to just do things by yourself, get the file on their PC yourself.

Note that Scammer.info does not condone the illegal actions committed by members, full responsibility is on you.

1 Like

Bro,
You are, or at least claim to be, an ethical hacker and penetration tester. The words you string along are all the right words. So at this point I have no reason to believe you aren’t. However that also means that you should know; What you are asking for is black hat territory, not ethical white hat land. Also, teaching random strangers how to hack other machines? Doesn’t track down that ethical path either. Defensive measures, sure. Most of these people aren’t Offsec.

Back to topic. As a penetration tester, with an understanding of Kali you should have a pretty easy time getting the information you need to poke at their PC. Maybe some dumbluck, some social engineering, and some connection reversal.

Do you want me to address the end of this post? the “Fake.exe” and how it demonstrates how you are the “real deal”? or should I put it and the rest up to frustration?

3 Likes

I have a feeling that he doesn’t know what white hat means (like many of the “hackers” on this forum).

1 Like

So it’s okay for Jim Browning with 3.5 million subscribers to do it though? Lol right. You go call the police tell them what im trying to do. See how far that gets you. Take care.

Your talking about hacking scammers. I’ll give you guys my first and last name and number you go ahead and contact the police and tell them im hacking scammers and asking for help from people who are committing harassment daily melting files from scammers pcs which is also illegal. That’s funny.

But it’s ok for Jim Browning to do it and you all love him and he gets more views then any scàmbaiters

Right, Cory. With all respect, I suggest you take our advice. As a penetration tester/ethical hacker, do you really want to risk your career by getting caught up in the law? Scammers will come after you with the law, just as they have done on this site. You want to go tell the police

I’m not a legal expert, so I’m unable to cite specific parts of the law or cases that have happened in the past regarding this. However, 2 wrongs don’t make a right in the court’s eyes. Furthermore, it is my understanding (in uk law at least, same might apply to the us) that any evidence gathered illegally is not admissible in court.

Jim Browning is:
A: Anonymous, unlike you using your real name and with 0 consideration to opsec
B: No-one said it’s okay for him to do it, there’s some who don’t agree with it. Vigilantism isn’t exactly legal.
To be honest, I smell a bit of jealousy here. “Jim Browning can do it, why can’t I?” also because you don’t seem to fully understand how things work here. You’ve came in all guns blazing after watching a few scambaiting videos, skipping essential knowledge and wanting to try things yourself - Which I don’t believe will work.

So, good luck to you. Take our advice from years of scambaiting, or don’t. We of course want more people in this fight, but want them on the right track. There are legal ways to do things that can be much more effective - This is the route you want to take.

If you wish to continue this discussion, I suggest you join our Discord (located in the navigation bar at the top), we can have quicker messaging and keep this thread relevant to the beginner’s scambaiting guide.

10 Likes

I know this is just going to add more clutter to this thread, but I think it’s worth mentioning that this is the case in the US, Canada, and almost everywhere… You can get a warrant to search a computer, but if you’re able to do that, getting a warrant to “hack” someone would be unnecessary - just get a warrant to search their home and take the computer…

Some newbie scambaiters seem to not understand that even if they’re doing something morally right, they can still get in legal trouble. Regardless of how despicable a person is, the legal system will treat them as any other citizen. If it seems “bad” to do something to a law-abiding citizen, then it’s probably best to assume that the law also won’t want you doing it to a scammer either.

3 Likes

Honestly, it’s not worth the risk. If ya know what you are doing then go ahead. Just know that you might get caught and end up getting sued or even go to prison. I don’t think the benefits are good enough to outweigh the risks.

Just my 2 cents.

3 Likes