The Guide to Scambaiting

Hello, It would appear scammer.info seems to be the best all around Scambaiting source along with Discord and of course Google. So I decided to post a guide for all up and coming baiters on how to lure these idiots in.

Tech Support Scammers:
(If you don't have a computer skip to step 6)
Step 1: Download Virtualbox or VMWare (Windows, Mac, or Linux)
Step 2: Download Windows 7 ISO
Step 3: Install Win7 and set it up.
Step 4: Download the scammer toolkit from this link, extract if necessary and look at the .txt file instructions. (Don't forget to give thanks to the dev Malcolm Merlyn)
http://www.mediafire.com/file/ilpe5kavsmnv81o/Anti-Scammer+Toolset.zip
Step 5: After doing this and replacing the necessary files in the instructions make sure you take a snapshot of Win7. Delete the guest additions (VBox) and make sure everything is right so it makes it harder for the scammers to detect you.
Step 6: Download a VPN if you don't already have one. This is regardless if you are going to call them on a computer or a mobile device. You will need it for extra security in the event one of the scammers is talented. If you don't want to pay for a really good one there are a few free options that I personally trust but would never recommend over paid services. These are TunnelBear, Windscribe, and OpenVPN (OVPN Requires VPS service or personal server).
Step 7: Create an entire fake alias. You can use the website https://fakenamegenerator.com This will provide you with an entire profile including name, address, card info, bank info, and even social. You can go ham and look up addition fake card numbers or financial info on Google or my personal favorite, DuckDuckGo.
Step 8: You are almost completely set to completely destroy these scammers. However now you need to make sure you can call them, for free, and anonymously.
Step 9: Your going to want to use FireRTC, PopTox, CitrusTel, TextNow or Globphone to make calls. FireRTC is the best and even has an easy to use website app that can be installed on Android devices for easy access. With FireRTC you can also spoof any number you want in the settings, all for free.
Step 10: Now you are ready to make as many calls as you like and don't forget to have a blast while doing this. Any minute wasted for these scammers is another minute an unknowing victim is not taken advantage of and another minute these scammers have to pay for their very expensive service in India (Or somewhere else sometimes). Remember to keep your VPN active when doing this because it is possible to trace a VOIP call to it's original IP using more advanced methods, especially if the protocols being used are not up to par. This is why a TRUSTED low or no-log VPN is essential.

Also, for the advanced users out there, don't forget to check out the source code for the Soup Call Flooding tool that can virtually allow you to shut down entire call centers using the Twilio API. You can check it out here on GitHub.
https://github.com/Jfaler/soup

Other Scammers (IRS, FBI, Banks)
Just follow step 6 and above for tech support scammers and try to extract as much info as possible from the scammers. Their real names, social networks, banking info would be freaking gold.

Also, don't forget to report the websites to their domain providers. Many times it's GoDaddy or FatCow or a larger provider that will take the complaint very seriously. You can use https://whois.net to find out.

EDIT: Ermm while I'm not gonna personally recommend it, if you guys wanna take an extra step further and try to gain access of the scammers computers and even phone's sometimes you can use a RAT (Remote Administration Tool). Two of the most powerful and widely known are DarkComet and njRat. You can download them from ReKings (And quite a few other things).

DarkComet Download:
http://www.rekings.com/darkcomet-rat-5-3-1/

njRat Download:
http://www.rekings.com/njrat-v0-7/

As always, you will probably have to disable your AV. You gotta setup your router ports (UDP, TCP). Also, adding Firewall exceptions is probably a smart idea and setting up a No-IP DNS.

EDIT 2.0: So I figured I'd also mention how to track the numbers of the scammers. This is useful so you can find out their carrier or most likely, VOIP service provider and report them as scams. It's not nearly as fun as flooding their lines or controlling their computers and spying on their webcams but it is much more practical. You can seriously shut down their lines by the dozens every day. It's not actually usually free or cheap for them to change numbers, especially over and over again. Here's a list of some of the best sites to find out a numbers info (Also pretty interesting to check yourself out).

Twilio: https://twilio.com/lookup
ZLOOKUP: https://zlookup.com
TrueCaller: https://truecaller.com

2 Likes

@MPH#18244 Nice job and some awesome advice

keep it up!

Or If more technical use xerrez or ufonet with proxychains to completly destroy there server and rack them up bandwidth charges! Or if windows uses HOIC or LOIC on multiple computers will work. Just dont go using these programs if have no knowledge of hiding your tracks.

Also running a simple whois scan of there domain and emailing there abuse emails will get there sites down

@Davuun#18314 Yep sucks having to take a snap but I shall find a method or script that can do this one day

@G3THO3#18317 Botnets are always fun.