Sunday, February 25, 2024

Scam Baiting (Scum-baiting) with a Windows 10 Host using Oracle’s vBox

How to Scam Bait ( Scum Baiting )

Contents:

  • A: What is scam-baiting ?
  • B: How do I set up a scam-baiting environment with VirtualBox?
    • Installing VirtualBox
    • Creating a new Virtual Machine
    • Installing Windows 10
  • C1: Disguising your Virtual Machine
  • C2: Further Disguising
  • D: Further Scam Baiting tools
  • E/F: Some Scam Baiting YouTubers/Suggestions and resources

A: What is scam-baiting?

Scam-baiting is the art of wasting a scammer’s time in order to prevent real people from being affected by the scammer. Scam-baiting may also extend to more serious actions such as deleting files, locking scammer’s out of their computer, gathering information on scammers and more. Whilst these further activities are illegal, the chances of being raided by the police for messing with fraudulent scammers are pretty slim. However, it is still advised to take basic anonymity precautions.

B: How do I set up a scam-baiting environment with VirtualBox?

Setting up a scam-baiting environment is not as hard as some people may think. Here is a full guide on how to do just that:

Installing VirtualBox:

Firstly, you’ll need to install VirtualBox. It is recommended that you use the latest version. To do this, download VirtualBox here.

After the file has been downloaded, install the file like how you would normally install the software (e.g. Windows uses its installer wizard). After installing VirtualBox, run it. You should come across a screen that looks like this:

scam baiting, scam bait guide, how to scam bait, scum bait

Creating a new Virtual Machine:

When creating a new Windows 10 Virtual Machine, some users may find it hard to set it up correctly, even after downloading their Windows 10 ISO file – the same thing happened to me. However, now that I have the knowledge, it’s actually incredibly easy, it’s just that most first-time users wouldn’t think of doing it. So, here is how to set up your Windows 10 Virtual Machine!

  • Download the Windows 10 ISO file.
  • Head to the main screen of the VirtualBox application and click the blue New button.
  • Name the Virtual Machine whatever you want and select its types as Microsdt Windows and its version as Windows 10 (64-bit).
  • Allocate the machine however much RAM you want (Personally, I use 4 GB of RAM for my VMs, but you can use down to 2 GB).
  • Ensure the following is selected
    • “Create a virtual hard disk now,” and click next.
    • “VDI (VirtualBox Disk Image),” and then click next.
    • “Dynamically allocated,” and click next.
  • Give the machine a reasonable amount of space (Enough for the OS’ files and your own usage).
  • After creating the machine, highlight the machine by clicking it once, then click the orange Settings button.
  • Head to the Storage section via the left pannel.
  • You should see a disc icon that says, “Empty”. Click this to hightlight it.
  • After highlighting the disc, on the right pannel there should be a label that reads, “Attributes”. Underneath this label you should see another label that reads, “Optical Drive:” along with a drop down menu beside it. Next to the drop down menu, click the small blue disc icon, then select, “Chose Virtual Optical Disk File”.
  • Select the Windows 10 ISO file that you downloaded earlier. After selecting the ISO file, press OK to close the Settings window.
  • Highlight the Virtual Machine you just created and click the green Start button. From there, the machine will power on and begin installing Windows 10.
Recommended:  Understanding and Mitigating XXE Vulnerabilities via File Uploads

Installing Windows 10:

Before installing Windows 10 for your scam-baiting, there are some important considerations you should take note of…

  • When Windows 10 asks for an activation key, click the option to activate Windows 10 later (Which, of course, you wont).
  • Install Windows 10 Pro; it will give you access to regedit.
  • Never use your real information. When Windows 10 asks for your Microsoft account’s e-mail, choose the option to make a brand new outlook account. Furthermore, when Windows 10 asks you for its back-up account, you may want to use a random throwaway e-mail as well (For example, my throwaway email is cle************@protonmail.com); my real name does not begin with, “cle”.
  • Refuse all offers/services. This includes finding your device, knowing your location, using your voice, etc.
  • When setting your account’s password, do not make it a password you use for your host machine or any services you use.

C1: Disguising your Scam Baiting Virtual Machine.

The following guide is based upon this video by UncleUdink.

One of the most important things to do with a Virtual Machine is to hide the fact that it is a Virtual Machine from scammers. Most scammers nowadays will check to see if the machine that they are connected to is a Virtual Machine or not to see if they are being baited and – if they find out it is a Virtual Machine, will usually disconnect and hang up. You can disguise a Oracle Virtual Machine by doing the following:

  • Download the vBoxSysInfoMod tool (If you have a GitHub account, as well as starring this page, remember to star the official vBoxSysInfoMod page). Then, run the vBox System Info Mod.bat file and follow the instructions in the terminal (For system manufacturer, you can use Dell – for system model, you can use any Dell Model (e.g. Optiplex 745)). Note that you must stop your Virtual Machine if it is running to avoid corruption.
  • After this process is complete, you can take the following steps within the Virtual Machine to further hide your machine from scammers:
    • Run regedit using the run window (Win+R) and navigate the following path: HKEY_LOCAL_MACHINE ➡️ SOFTWARE ➡️ Microsoft ➡️ Windows ➡️ CurrentVersion ➡️ Uninstall. Within this path, you should see a folder named, “Oracle VM VirtualBox Additions”. Delete this folder, as it will prevent the scammer viewing it in appwiz.csl (If the folder does not exit, you have no need to worry!).
    • Following this, you then want to navigate to the following path: HKEY_LOCAL_MACHINE ➡️ SYSTEM ➡️ ControlSet001.
    • Within this path, you should see a folder named, “Enum”. Right click the folder and click, “Permissions”. Then, click the, “Add” button and enter your Virtual Machine’s username in the text box. After entering the username, click the, “Check Names” button then click OK. Finally, go to the option your just added and check, “Allow full control” then click, “Apply”.
    • From here, click the, “Advanced” button. At the top of the pop-up, click the, “Change” link and, again, enter your Virtual Machine’s username into the text bot, then click, “Check Names” then click OK. Then, click, “Apply”.
    • Next, re-open the Advanced menu and check the, “Replace all child obejct…” check box. Then, click, “Apply” again and OK (Do not be alarmed at the checkbox becoming unchecked after applying).
    • Here is the tedious part. Right click the, “Enum” folder and click find. From there, enter the following hash: 4d36e967-e325-11ce-bfc1-08002be10318 and click, “Find Next”. Now, right click the, “FriendlyName” option, click, “Modify” and change the value to, “Samsung 50 GB ATA”.
    • Next, right click the, “Enum” folder again and click find. Enter the following hash: 4d36e968-e325-11ce-bfc1-08002be10318 and modify the “DeviceDesc” to, “Nvidea Geforce GTX 1080”.
    • Next, right click the, “Enum” folder again and click find. Enter the following hash: 4d36e965-e325-11ce-bfc1-08002be10318 and modify the, “FriendlyName” to, “NEC DVD-RW SATA DVD01”.
    • Finally, right click the, “Enum” folder again and click find. Enter the following hash: 4d36e96f-e325-11ce-bfc1-08002be10318 and modify the, “DeviceDesc” to, “Microsoft Pointing Device”. Now click F3 Twice and modify the next, “DeviceDesc” to, “Microsoft USB Pointing Device”.
Recommended:  What Is a CVE? Common Vulnerabilities and Exposures Explained

C2: Further disguising:

So, you’ve changed all the complicated settings, good job! (WARNING: IF USING VIRTUALBOX GUEST ADDITIONS, CLOSE THE TRAY ICONS USING THE TASK MANAGER. FURTHERMORE, YOU SHOULD DISABLE THE TASK MANAGER AND BLAME IT ON A VIRUS. FURTHERMORE, EJECT THE GUEST EDITIONS CD FROM THE D: DRIVE.)

However, a fresh PC is going to look suspicious, so remember to use Ninite to install some applications in the Virtual Machine (Download the files to your Virtual Machine, not your host).

Furthermore, you will also want to use a custom Desktop Background. There is an easy way to do this without an activation key. Simply download a picture from the internet onto your desktop. Then, move it to the Windows 10 file in the following path: C:\Windows\Web\Wallpaper\Windows 10. After this, simply right click the image and click, “Set as desktop background.” Note that you can not adjust its crop, so choose an image that roughly fits the Virtual Machine’s resolution.

Before saving a screenshot of your Virtual Machine, check you have done the following:

  1. Editied the Virtual Machine using vmSysInfoMod tool.
  2. Removed the Guest Additions folder from Regedit if using Guest Additions.
  3. Edited each of the four hash’s set values asked of you to edit.
  4. Installed some applications to make yourself appear innocent.
  5. Changed the desktop background to match the pretend-victims personality.
  6. Removed the guest addition tray icons using the task manager if using Guest Additions.
  7. Disabled the task manager after this if using Guest Additions.

If all of these requirements are met, save a screenshot of the machine.

This can be done using the top menu of the Virtual Box window: Machine -> Take Snapshot. Then, every time you finish a scam bait when powering off the machine check the, “Restore to ” check box to revert back to this finished set-up state.

Recommended:  Fixing indirect vulnerabilities without breaking your dependency tree

D: Further scam-baiting tools.

  • Google Hangouts, BobRTC, TextNow and Telegram are all good, free alternatives to FireRTC, which is essentially dead.
  • You can use a RAT Creator (At your own risk!) and port forwarding to get access to a scammer’s computer without the VM, using the VM as a service for which the scammer should download and run the file.
  • You can use fake name generator to give you several fake details.

E: Find scammers fast ( How to find scammers )

F: Some scam-baiting YouTubers:

Scam baiting
Scambaiting (or scam baiting) is a form of Internet vigilantism primarily used towards advance-fee fraud, IRS impersonation scam, technical support scams

ORIGNINAL ARTICLE: https://github.com/Catterall/Scambaiting-Setup & UncleUdink.

The Top Ten Best Scambaiting Hacks & Tools

1. WINSPY KEYLOGGER
2. VIRUS SCRIPTS
3. VIRTUAL MACHINE
4. GOOD DIALOGUE
5. SCREEN RECORDER
6. VOIP PHONE DIALER
7. VOICE CHANGER
8. TEAMVIEWER (Reverse Connection)
9. LINGOBLASTER
10. MACROS (Want)
11. VPN (Virtual Private Network)
12 OSINT (Intelligence Gathering on scammers)

We hope you enjoyed this article

Why not subscribe to the Real Info Security, CyberSecurity Newsletter?

Bookmark
ClosePlease login
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

User Avatar
RiSec.Mitch
Just your average information security researcher from Delaware US.

more infosec reads

Subscribe for weekly updates

explore

more

security