Been receiving spoof-calls for about 2 weeks


#1

Hey all,

Novice here. I have been receiving scam-calls from someone who has been spoofing different numbers for about 2 weeks now (waiting on todays call currrently, should be coming any time now). I know very well that I can probably ignore these calls and avoid all negative outcomes, but where is the fun in that? I don’t learn anything from ignoring this, and nobody else benefits from me ignoring this, so why not mess with the guy and try to learn something? After asking around a bit, people have told me to set up a bait email, but past that I am lost.

This post isnt necessarily asking for action, but more so to spark discussion on what possoble methods one might use to reverse-scam, or locate and report, people like this.

Furthermore, if anyone is actually interested helping, I am more than willing to collaborate to see if we can make something happen.


(Hardeep Singh) #2

Can you tell about a conversation you had with the scammer. Like what he was trying to get from you from the very beginning? Trying to sell you something, a password resetting scam or something else?

that’d be helpful to bait the scammer.

Don’t know much about scam-callers but last year I saw a man on YouTube reverse tracking the Microsoft Tech support scammer, using wireshark and a few online tools like who.is and IP address locater. Here is the video, you might find this helpful:

Unfortunately, most of these scammers are from Indian origin. It’s a shame that a whole lot of people are involved from such a great country doing such acts for earning their money doing these unethical things.

I’d recommend to see the full video, and see the bits where the scammer tries to dodge the conversation when he gets caught and transfers the call to his “Manager” and he again tries to convince the victim and end up abusing.

but before that, do tell us what conversation you had with your scammer.


#3

I’ve had few brief conversations with the man calling me. His voice sounded like that of an average middle-aged american man. The calls started with area codes originating from east coast US (connecticuit, vermont, maine to be specific) and later moved to my hometown and neighboring areas. I know this person is spoofing numbers because when I try returning calls, the line either does not exist or connects me to some poor fella who doesnt know why im calling them

The conversations have always been regarding selling and installing home security systems. I have not had a sustained conversation with the man because 1) im aware its a scam and 2) i dont own a house/dont know much about home security. I am definitely going to try a sustained conversation with the guy while taking notes, but only after i watch this video you posted.

I appreciate the reply!


(Hardeep Singh) #4

How about telling the man that you do need the home security systems, and ask for installation on a fake(but known) address.
when they reach. just catch’em all !

make sure you don’t pay anything though.


#5

This thread makes me curious if you could get in any trouble for locating their IP and DOSing them. Though reading their IP back to them and making the threat might be an effective way of ending their calls to you, if you do manage to locate it.


(Kyle Nehman) #6

You can absolutely get in trouble for any DOS or access without permission. In any circumstance that you think something malicious is going on, fraud, CC servers, etc, report it to your / their local authorities and move on. Please never try to be the good guy and bring someone bad down with a DOS because the legal ramifications alone could kill you


(AR) #7

But if the OP is getting phone calls on the mobile or fixed phone, how would he “translate” that to an IP address?

Best idea would be to tell the scammer he is interested, and then send the scammer “documents” for the contract. Probably at some moment the scammer will ask for a credit card or something like that. If we can make the scammer run some trojan, he could gain access to the PC.

Edit: lol, sorry for undigging this. I saw 10 Oct on the post, and I assumed it was today.


(Hardeep Singh) #8

Right. S/He can’t traslate the call into IP address. But there are more ways to get to that. By social engineering.
I recently exposed one scam. They were running a whole call center to scam people in the name of donation for poor kids. Though they used real information but backdating proves that the information they were using was actually outdated. almost an year old.

So, I get a call from the scam center. They say this child is fighting sith cancer and needs financial help. I said “how can I trust a random caller and transfer money right away”. She said “no problem sir. I’ll send you all the information including reports, photographs, account details for transfer and bills from the hospital and you can check our website for our work also”

I strongly suspected it to be a scam. no NGO does cold calling. So I gave the email ID. received the files and checked the metadata of the images and reports. All were created more than a year ago. and did a lot more research to actually get to the person who runs all the scams.

This is an example of how you can trick the scammer into getting TO YOU. and not the other way. Just try to get him on oard. then track him. trace him.
learn a bit of how web server works and create your own publicly. So that you can host a file on your public web server and trace the IP adress of the person who connects to it using server logs.

Ways are multiple. You just need to keep learning :slight_smile:

Your example is also very effective! You are getting the scammer to get to you smartly and tricking him without him knowing.

and it is absolutely okay to bump an older thread as far as it is valid. :wink: