Skip to content
RealinfoSec.net

RealinfoSec.net

InfoSec News, Cybersecurity Awareness

  • Home
  • InfoSec News
    • Data Breach News
    • Latest Vulnerabilities
  • What Is InfoSec
  • CyberSecurity Newsletter
  • Cyber Academy
  • Cyber Help Desk
  • Cyber Knowledge Base
  • Contact Us
    • Contribute
  • My Bookmarks
  • Subscribers
    • Knowledge Quizzes
    • Register
  • Login
    • Password Reset
  • Register
  • Privacy Policy
    • Legal
  • Toggle search form
typical popup scam

Scam Baiting (Scum-baiting) with a Windows 10 Host using Oracle’s vBox

Posted on 15 November 20201 January 2022 By RiSec.Mitch No Comments on Scam Baiting (Scum-baiting) with a Windows 10 Host using Oracle’s vBox

How to Scam Bait ( Scum Baiting )

Contents:

  • A: What is scam-baiting ?
  • B: How do I set up a scam-baiting environment with VirtualBox?
    • Installing VirtualBox
    • Creating a new Virtual Machine
    • Installing Windows 10
  • C1: Disguising your Virtual Machine
  • C2: Further Disguising
  • D: Further Scam Baiting tools
  • E/F: Some Scam Baiting YouTubers/Suggestions and resources

A: What is scam-baiting?

Scam-baiting is the art of wasting a scammer’s time in order to prevent real people from being affected by the scammer. Scam-baiting may also extend to more serious actions such as deleting files, locking scammer’s out of their computer, gathering information on scammers and more. Whilst these further activities are illegal, the chances of being raided by the police for messing with fraudulent scammers are pretty slim. However, it is still advised to take basic anonymity precautions.

B: How do I set up a scam-baiting environment with VirtualBox?

Setting up a scam-baiting environment is not as hard as some people may think. Here is a full guide on how to do just that:

Installing VirtualBox:

Firstly, you’ll need to install VirtualBox. It is recommended that you use the latest version. To do this, download VirtualBox here.

After the file has been downloaded, install the file like how you would normally install the software (e.g. Windows uses its installer wizard). After installing VirtualBox, run it. You should come across a screen that looks like this:

scam baiting, scam bait guide, how to scam bait, scum bait

Creating a new Virtual Machine:

When creating a new Windows 10 Virtual Machine, some users may find it hard to set it up correctly, even after downloading their Windows 10 ISO file – the same thing happened to me. However, now that I have the knowledge, it’s actually incredibly easy, it’s just that most first-time users wouldn’t think of doing it. So, here is how to set up your Windows 10 Virtual Machine!

  • Download the Windows 10 ISO file.
  • Head to the main screen of the VirtualBox application and click the blue New button.
  • Name the Virtual Machine whatever you want and select its types as Microsdt Windows and its version as Windows 10 (64-bit).
  • Allocate the machine however much RAM you want (Personally, I use 4 GB of RAM for my VMs, but you can use down to 2 GB).
  • Ensure the following is selected
    • “Create a virtual hard disk now,” and click next.
    • “VDI (VirtualBox Disk Image),” and then click next.
    • “Dynamically allocated,” and click next.
  • Give the machine a reasonable amount of space (Enough for the OS’ files and your own usage).
  • After creating the machine, highlight the machine by clicking it once, then click the orange Settings button.
  • Head to the Storage section via the left pannel.
  • You should see a disc icon that says, “Empty”. Click this to hightlight it.
  • After highlighting the disc, on the right pannel there should be a label that reads, “Attributes”. Underneath this label you should see another label that reads, “Optical Drive:” along with a drop down menu beside it. Next to the drop down menu, click the small blue disc icon, then select, “Chose Virtual Optical Disk File”.
  • Select the Windows 10 ISO file that you downloaded earlier. After selecting the ISO file, press OK to close the Settings window.
  • Highlight the Virtual Machine you just created and click the green Start button. From there, the machine will power on and begin installing Windows 10.
Recommended:  Google Open-Source Vulnerability Scanning Tool

Installing Windows 10:

Before installing Windows 10 for your scam-baiting, there are some important considerations you should take note of…

  • When Windows 10 asks for an activation key, click the option to activate Windows 10 later (Which, of course, you wont).
  • Install Windows 10 Pro; it will give you access to regedit.
  • Never use your real information. When Windows 10 asks for your Microsoft account’s e-mail, choose the option to make a brand new outlook account. Furthermore, when Windows 10 asks you for its back-up account, you may want to use a random throwaway e-mail as well (For example, my throwaway email is cle************@protonmail.com); my real name does not begin with, “cle”.
  • Refuse all offers/services. This includes finding your device, knowing your location, using your voice, etc.
  • When setting your account’s password, do not make it a password you use for your host machine or any services you use.

C1: Disguising your Scam Baiting Virtual Machine.

The following guide is based upon this video by UncleUdink.

One of the most important things to do with a Virtual Machine is to hide the fact that it is a Virtual Machine from scammers. Most scammers nowadays will check to see if the machine that they are connected to is a Virtual Machine or not to see if they are being baited and – if they find out it is a Virtual Machine, will usually disconnect and hang up. You can disguise a Oracle Virtual Machine by doing the following:

  • Download the vBoxSysInfoMod tool (If you have a GitHub account, as well as starring this page, remember to star the official vBoxSysInfoMod page). Then, run the vBox System Info Mod.bat file and follow the instructions in the terminal (For system manufacturer, you can use Dell – for system model, you can use any Dell Model (e.g. Optiplex 745)). Note that you must stop your Virtual Machine if it is running to avoid corruption.
  • After this process is complete, you can take the following steps within the Virtual Machine to further hide your machine from scammers:
    • Run regedit using the run window (Win+R) and navigate the following path: HKEY_LOCAL_MACHINE ➡️ SOFTWARE ➡️ Microsoft ➡️ Windows ➡️ CurrentVersion ➡️ Uninstall. Within this path, you should see a folder named, “Oracle VM VirtualBox Additions”. Delete this folder, as it will prevent the scammer viewing it in appwiz.csl (If the folder does not exit, you have no need to worry!).
    • Following this, you then want to navigate to the following path: HKEY_LOCAL_MACHINE ➡️ SYSTEM ➡️ ControlSet001.
    • Within this path, you should see a folder named, “Enum”. Right click the folder and click, “Permissions”. Then, click the, “Add” button and enter your Virtual Machine’s username in the text box. After entering the username, click the, “Check Names” button then click OK. Finally, go to the option your just added and check, “Allow full control” then click, “Apply”.
    • From here, click the, “Advanced” button. At the top of the pop-up, click the, “Change” link and, again, enter your Virtual Machine’s username into the text bot, then click, “Check Names” then click OK. Then, click, “Apply”.
    • Next, re-open the Advanced menu and check the, “Replace all child obejct…” check box. Then, click, “Apply” again and OK (Do not be alarmed at the checkbox becoming unchecked after applying).
    • Here is the tedious part. Right click the, “Enum” folder and click find. From there, enter the following hash: 4d36e967-e325-11ce-bfc1-08002be10318 and click, “Find Next”. Now, right click the, “FriendlyName” option, click, “Modify” and change the value to, “Samsung 50 GB ATA”.
    • Next, right click the, “Enum” folder again and click find. Enter the following hash: 4d36e968-e325-11ce-bfc1-08002be10318 and modify the “DeviceDesc” to, “Nvidea Geforce GTX 1080”.
    • Next, right click the, “Enum” folder again and click find. Enter the following hash: 4d36e965-e325-11ce-bfc1-08002be10318 and modify the, “FriendlyName” to, “NEC DVD-RW SATA DVD01”.
    • Finally, right click the, “Enum” folder again and click find. Enter the following hash: 4d36e96f-e325-11ce-bfc1-08002be10318 and modify the, “DeviceDesc” to, “Microsoft Pointing Device”. Now click F3 Twice and modify the next, “DeviceDesc” to, “Microsoft USB Pointing Device”.
Recommended:  Online scams against the elderly to watch out for in 2022

C2: Further disguising:

So, you’ve changed all the complicated settings, good job! (WARNING: IF USING VIRTUALBOX GUEST ADDITIONS, CLOSE THE TRAY ICONS USING THE TASK MANAGER. FURTHERMORE, YOU SHOULD DISABLE THE TASK MANAGER AND BLAME IT ON A VIRUS. FURTHERMORE, EJECT THE GUEST EDITIONS CD FROM THE D: DRIVE.)

However, a fresh PC is going to look suspicious, so remember to use Ninite to install some applications in the Virtual Machine (Download the files to your Virtual Machine, not your host).

Furthermore, you will also want to use a custom Desktop Background. There is an easy way to do this without an activation key. Simply download a picture from the internet onto your desktop. Then, move it to the Windows 10 file in the following path: C:\Windows\Web\Wallpaper\Windows 10. After this, simply right click the image and click, “Set as desktop background.” Note that you can not adjust its crop, so choose an image that roughly fits the Virtual Machine’s resolution.

Before saving a screenshot of your Virtual Machine, check you have done the following:

  1. Editied the Virtual Machine using vmSysInfoMod tool.
  2. Removed the Guest Additions folder from Regedit if using Guest Additions.
  3. Edited each of the four hash’s set values asked of you to edit.
  4. Installed some applications to make yourself appear innocent.
  5. Changed the desktop background to match the pretend-victims personality.
  6. Removed the guest addition tray icons using the task manager if using Guest Additions.
  7. Disabled the task manager after this if using Guest Additions.

If all of these requirements are met, save a screenshot of the machine.

This can be done using the top menu of the Virtual Box window: Machine -> Take Snapshot. Then, every time you finish a scam bait when powering off the machine check the, “Restore to ” check box to revert back to this finished set-up state.

Recommended:  How to tell if someone is stealing your home WiFi

D: Further scam-baiting tools.

  • Google Hangouts, BobRTC, TextNow and Telegram are all good, free alternatives to FireRTC, which is essentially dead.
  • You can use a RAT Creator (At your own risk!) and port forwarding to get access to a scammer’s computer without the VM, using the VM as a service for which the scammer should download and run the file.
  • You can use fake name generator to give you several fake details.

E: Find scammers fast ( How to find scammers )

F: Some scam-baiting YouTubers:

  • Jim Browning (Arguably the greatest Scam-Baiter to exist).
  • ScammerRevolts
  • Atomic Shrimp
  • Kitboga
  • UncleUdink (Low upload rate).
  • Trilogy Media
  • ScamBait Central
  • Scammer Payback
  • JayBee TV
  • Joe Scambait
Scam baiting
Scambaiting (or scam baiting) is a form of Internet vigilantism primarily used towards advance-fee fraud, IRS impersonation scam, technical support scams

ORIGNINAL ARTICLE: https://github.com/Catterall/Scambaiting-Setup & UncleUdink.

The Top Ten Best Scambaiting Hacks & Tools

1. WINSPY KEYLOGGER
2. VIRUS SCRIPTS
3. VIRTUAL MACHINE
4. GOOD DIALOGUE
5. SCREEN RECORDER
6. VOIP PHONE DIALER
7. VOICE CHANGER
8. TEAMVIEWER (Reverse Connection)
9. LINGOBLASTER
10. MACROS (Want)
11. VPN (Virtual Private Network)
12 OSINT (Intelligence Gathering on scammers)

We hope you enjoyed this article

Why not subscribe to the Real Info Security, CyberSecurity Newsletter?

  • Hot weekly content to your inbox
  • Cybersecurity news
  • Infosecurity news
  • Independent analysis
  • Data breach news
  • Vulnerability analysis
Bookmark

Please login to bookmark

Social Comments Box
  • About
  • Latest Posts
RiSec.Mitch
Just your average information security researcher from Delaware US.
Latest posts by RiSec.Mitch (see all)
  • Google Open-Source Vulnerability Scanning Tool - 18 January 2023
  • Polymorphic Malware Produced by ChatGPT - 18 January 2023
  • Russian Hackers Repurpose Decade-Old Malware Infrastructure to Deploy New Backdoors - 8 January 2023
Share the word, let's increase Cybersecurity Awareness as we know it

No related articles.

Cybersecurity Academy Tags:how to scam bait, scam baiting, windows scam bait

Post navigation

Previous Post: ASUS TM-AC1900 Arbitrary Command Execution Exploit
Next Post: AIX 5.3L /usr/sbin/lquerypv local root privilege escalation

Related Posts

Hacked Websites Threat Report 2021 Hacked Websites Threat Report 2021 Cybersecurity Academy
Online scams against the elderly to watch out for in 2022 Cybersecurity Academy
How To Fix the ACE Vulnerability How To Fix the ACE Vulnerability In Adobe After Effects CVE-2022-23200 Cybersecurity Academy
how to use hydra How to use Hydra to Brute-Force SSH Connections Cybersecurity Academy
vulnerability Unauthenticated RCE in H2 Database Console Cybersecurity Academy
Windows Privilege Elevation Exploit POC Check If You Have to Worry About the Latest HTTP Protocol Stack Flaw Cybersecurity Academy

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

RiSec Captcha 5 + 2 =

AbuseIPDB Contributor Badge

Follow Our Socials:

Latest InfoSec News

Data Breach News InfoSec News

JD Sports: Cyber Attack affects 10 million customers

RiSec.n0tst3
30 January 2023 0
what is infosec
Cybersecurity Academy

InfoSec – A Newbie Guide – InfoSecurity

RiSec.n0tst3
25 January 2023 0
google
Cybersecurity Academy How to

Google Open-Source Vulnerability Scanning Tool

RiSec.Mitch
18 January 2023 0
InfoSec News

Polymorphic Malware Produced by ChatGPT

RiSec.Mitch
18 January 2023 0
russia
InfoSec News

Russian Hackers Repurpose Decade-Old Malware Infrastructure to Deploy New Backdoors

RiSec.Mitch
8 January 2023 0
latest cybersecurity news
InfoSec News

Dridex Banking Malware Targets MacOS users with a new delivery method

RiSec.Mitch
8 January 2023 0
ransomware
InfoSec News

Microsoft Discloses Methods Employed by 4 Ransomware Families Aiming at macOS

RiSec.Mitch
8 January 2023 0
InfoSec News

$8 billion in cryptocurrency withdrawals strike US bank Silvergate

RiSec.Mitch
8 January 2023 0

Featured Posts

cve-2022-38970
Data Security Featured How to InfoSec News Vulnerabilities

ieGeek Security Vulnerabilities still prevalent in 2022 IG20

RiSec.n0tst3
28 August 2022 6
Data Security Featured InfoSec News

Hacking Campaign Steals 10,000 Login Credentials From 130 Different Organizations

RiSec.n0tst3
27 August 2022 0
DDoS
Featured InfoSec News

Google mitigates largest DDoS Attack in History – Peaked at 46 Million RPS

RiSec.n0tst3
19 August 2022 1
Security researcher contacted me
Cybersecurity Academy Featured How to

A Security Researcher Contacted Me – What should I do?

RiSec.n0tst3
30 June 2022 0
google chrome
Featured InfoSec News

Google Chrome extensions can be easily fingerprinted to track you online

RiSec.n0tst3
19 June 2022 0
MFA
Cybersecurity Academy Data Security Featured

3 Steps To Better Account Security

RiSec.n0tst3
21 February 2022 0
hardening vps security
Cybersecurity Academy Featured

HARDEN YOUR VPS: Steps to Hardening your VPS Security

RiSec.n0tst3
10 January 2022 2

Share the joy

Copyright © 2022 RealinfoSec.net. CyberSecurity News & Awareness. All Trademarks, Logos And Brand Names Are The Property Of Their Respective Owners

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of the cookies. Cookie & Privacy Policy
Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT
en English
af Afrikaanssq Albanianam Amharicar Arabichy Armenianaz Azerbaijanieu Basquebe Belarusianbn Bengalibs Bosnianbg Bulgarianca Catalanceb Cebuanony Chichewazh-CN Chinese (Simplified)zh-TW Chinese (Traditional)co Corsicanhr Croatiancs Czechda Danishnl Dutchen Englisheo Esperantoet Estoniantl Filipinofi Finnishfr Frenchfy Frisiangl Galicianka Georgiande Germanel Greekgu Gujaratiht Haitian Creoleha Hausahaw Hawaiianiw Hebrewhi Hindihmn Hmonghu Hungarianis Icelandicig Igboid Indonesianga Irishit Italianja Japanesejw Javanesekn Kannadakk Kazakhkm Khmerko Koreanku Kurdish (Kurmanji)ky Kyrgyzlo Laola Latinlv Latvianlt Lithuanianlb Luxembourgishmk Macedonianmg Malagasyms Malayml Malayalammt Maltesemi Maorimr Marathimn Mongolianmy Myanmar (Burmese)ne Nepalino Norwegianps Pashtofa Persianpl Polishpt Portuguesepa Punjabiro Romanianru Russiansm Samoangd Scottish Gaelicsr Serbianst Sesothosn Shonasd Sindhisi Sinhalask Slovaksl Slovenianso Somalies Spanishsu Sudanesesw Swahilisv Swedishtg Tajikta Tamilte Teluguth Thaitr Turkishuk Ukrainianur Urduuz Uzbekvi Vietnamesecy Welshxh Xhosayi Yiddishyo Yorubazu Zulu