Welcome, and thanks for reading. I assume that you, the reader, want to get into scambaiting. Well, you’re in luck… This is a comprehensive guide for getting into scambaiting.
I will cover many key topics, including VMs (Virtual Machines), calling scammers, finding numbers for yourself and how to act when calling scammers.
But why should you take advice from me? I’ve been in scambaiting since 2016 and was formerly the manager of TLS/Scammer.info, formerly a moderator for PopupDB, and worked closely with domain hosts to take down many sites. I took a break from the community from around February 2020 - December and I’m back to stop scammers.
Let’s begin with Virtual Machines. VMs are a very important part in scambaiting. If you’re calling a technical support scammer, they are a MUST.
You’ll need several things to make a Virtual Machine. Firstly, the VM software. Secondly, the ISO file for the operating system you wish to use. There are several pieces of software to make VMs. They are VMware, VirtualBox and HyperV (Requires Windows 10 Pro).
Personally, I use (at time of writing) VMware Workstation 16 Pro. I would recommend VMware, however that does not mean the others are bad. A quick note. VirtualBox has a snapshotting feature, which allows you to make backups of the VM. VMware has this, but only in the Pro editions.
Here are the downloads for VMware and VirtualBox.
VMware: Download VMware Workstation Player | VMware | UK
VirtualBox: Downloads – Oracle VM VirtualBox
Now you have downloaded that, you need the ISO file. You can download the Windows 10 ISO from Microsoft for free. https://www.microsoft.com/en-gb/software-download/windows10ISO/
Now you have the ISO, you can make the VM. The process will be slightly different depending on what Virtual Machine software you use, but the concept is the same. You should see a button which looks like a “+” or “create new”. From there, you can select the file path to the ISO you downloaded and change system specifications such as RAM allocations. Be sure not to allow access to your webcam or microphone.
Once you have created your VM, there are several things to do after. Firstly, navigate to C:\ then check BOTH Program Files, and the x86 folder. If you see any folder named like VMware, VirtualBox, right click and press properties. From there, you can press hidden, and then apply. This will make the folder appear to disappear, so the scammer cannot see it.
Next, you need to open REGEDIT, and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Once in this location, look for any entries which include VMware, VirtualBox etc. Right click and delete. Note: This does NOT delete the program, but hides it from the program list on the control panel uninstall page.
Also, try to change backgrounds, install software, put files on the VM. Do some searches on the browser. The goal here is to make it look used.
Now… You need to make it look like a real PC. Jim Browning has a VMware focused tutorial here: [Tutorial] How to make a stealthy Virtual Machine - YouTube
There is also a tutorial for VirtualBox:
- YouTube (I do not know how well this works as I have not used VirtualBox before).
You can also use a VPN should you wish. You may also wish to install a keylogger on your VM to catch any info the scammer types. This is LEGAL as it is on YOUR device. See https://bestxsoftware.com for a keylogger. This has to be installed on the VM, not your PC.
Great, you have a VM ready to go. (Just remember to make backups if you don’t have a snapshot function).
Now you have a VM, you need to be able to call scammers. You have a few options here.
- TextNow (US VPN needed on signup) https://textnow.com
- Talkatone (Phone app) - https://www.talkatone.com
- Google Voice (US only) - https://voice.google.com
- Run your own PBX (can get complicated, and expensive)
Amazing! You can now call scammers.
Note: NEVER CALL FROM YOUR REAL PHONE NUMBER!
Now for finding numbers. You have several options.
- Just look at what others have found. Easy… Scammer.info, BobRTC.tel, PopupDB.org…
- Find them yourself… Also easy!
To find numbers yourself, you can use multiple methods.
Google “tech support number”, press tools, and select 24 hours, or 1 week. Try changing the search to things like “microsoft support” or “email support”.
You can check https://www.nomorobo.com/lookup to see latest spam calls and check to see if tech support, IRS/SSA scams are there. Travel scams, healthcare scams and more are also likely to appear. You can also try https://lookup.robokiller.com/
PopupDB.org have a tool for finding new popups. It is at https://gen.sober.monster
Be sure to allow browser popups, as it opens many tabs at once… Be aware that scammers might not be targeting your country, or might not be running a campaign at the time you tried looking, so check back later if unsuccessful.
So, you are now ready to start scambaiting, but how should you behave when on a call with a scammer?
Here’s a few tips.
NEVER SAY POPUP TO THE SCAMMER.
Why? That is the term scammers use when they buy and sell them. They’ll know you’re aware of the scam. Instead, say alert, warning, or error message.
Act worried, nervous. Make the scammer believe you are genuinely concerned, and they will leap onto that.
Ask them questions about what they’re explaining, but not too many. When you ask simple questions, it makes them think you are unaware about what things mean, which helps make the calls more convincing.
Know your information! Have a fake identity prepared. They will ask for bank details at some point. Use a fake credit/debit card generator here: Fake Credit Card Generator | CreditCardValidator - No, you can’t actually purchase things.
When the time comes when the scammer can’t get a payment, and its time to reveal, don’t start swearing in Hindi, English etc… its pointless. Insults really aren’t needed. Yes, I know they’re scammers, but we need to be better than them.
I hope this guide has helped to get you started, and good luck!