Dismantling a scam

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments

This guys a legend, I wonder what software he uses to be able to access their computer without then knowing, very cool indeed.

👍︎︎ 8 👤︎︎ u/I_Take_Fish_Oil 📅︎︎ May 26 2020 🗫︎ replies

This guy is a saint

👍︎︎ 1 👤︎︎ u/slappychappy04 📅︎︎ May 28 2020 🗫︎ replies
Captions
I recently received this email and I couldn't help but give the number at the bottom I call according to the email I'd sent the payment of nearly $500 to something called Springfield Armory Springfield Armory is a real business name but everything else but this email has all the hallmarks of it being a scam so I couldn't resist calling the number at the bottom of this email to find out who is behind it thank you for calling people customer support my name is Peter how may I assist you today yeah hello I've got an email here about an item I didn't purchase if you can help Peter's real name is Amandeep can I have your English number Peter will use the same lines over and over again for every phone call he receives so as I read out the fake invoice number he already knows that the order will be for something from Springfield Armory let's pull the report which I can see over here in my database is you had made a payment to Springfield Armony which is emergent yeah Wow so did you like ever share your PayPal information to anyone like your PayPal login ID or password to anyone apart from you know so as usual the only way to resolve this is for Peter to get access to my computer by following his instructions to download in this case supremo control once he has remote access to my computer he immediately instructs me to log into my internet banking now just open your browser which basically you use milk in the browser open your regular browser and simply and simply go ahead and log in to your online banking so that people get to see balance over there on your statement but what the scammer doesn't realize is that I can use his own connection in Reverse I can see the scammers PC and for the rest of this video you're going to see hi runs as come on hi I managed to dismantle it the first thing he does is download Zoho one this is another piece of remote access software but one which allows him to blank out the screen and freeze the mouse and keyboard of his victims unlike some of the more responsible remote access software vendors Zoho still haven't removed this feature from the free version of their software if more vendors of this sort of software would follow team viewers lead they could remove this feature which is so regularly abused by scammers the next thing he does is login to the web version of whatsapp you can see from the various contacts on this phone that it only seems to be used to communicate with other scammers these whatsapp groups all with Indian phone numbers seem to specialize in laundering money whether it's bank accounts cash apps or converting gift cards into something which can be put directly into a scammers bank account he shares the zoo who registration information with one of his colleagues who calls himself Sonu usually this group of scammers would work in Sector two in Salt Lake and Kolkata but at the moment because of covert 19 they're working from home the scams work equally well from home but part of the reason why watch these scammers is to understand all of the infrastructure that they use so that I can dismantle it and in the process I can also hopefully help some of the victims that they're trying to scam so the first thing that I noticed was the scammers were using x-lite to receive calls to the number that appeared on the paypal email on being scammers they wouldn't even pay for x-lite they were using a pirated version to use this software to receive calls you need to register with the server and I could see from the configuration file that they were using a service in Germany so to have all of these calls land and their scam call center in India they had the first of all register the phone number with a server in Germany so as each victim made their calls from the USA it when land on this server would be converted to the SIP protocol on divert to the scam calls Center so I wrote to your server de the people who provided the servers to make them aware that they were being abused by scammers and within three days there in vine calls all stopped but I continued to watch their scams to see what other damage I could do as I watched the scammer take a very close look at my computer he was taking a keen interest in the stored passwords when your browser stores passwords it does so in a way that they can be decrypted again and this scammer is aware that what he wants to do is find out the plain text version of all my passwords I'm but the zoo who assists software all he needs to do is click on one link and he can black annoyed my screen this is what I see whenever he does this and he will happily try to log into websites using my password because they've been stored in my browser I'm the first thing he did when my computer is Logan to my PayPal I haven't any credit or debit card set up there so he wasn't going to be able to transfer any money to himself what he normally does is buy a gift card this is why it's really important to have two-step authentication enabled alow with many of his victims he will always try and work around this by claiming that he's going to send a password or a pin to a mobile device this way with the screen blackened he can work his way around this additional security and this is exactly what I observed him doing when he tried the same trick on another person's computer a little while later that evening hello okay ma'am so can you hear me confirm me yes ma'am okay let me check let me check whether it is working or not I'm with the victim still believing he was PayPal he was able to get around the security check okay great and over there hello you will get a life cancellation phone land which I already had told you all right this live cancellation form was in fact something that the scammers had created to capture as many personal and credit-card details as possible all the details that were entered on the form would simply be emailed to the scammers who could then use their credit or debit card details to buy gift cards or other items I could see from the scammers email that they've been using this form since April and they had at least 30 people who had filled it out but one two three form builder have zero tolerance to their forms being abused by scammers and within 10 minutes of me submitting an abuse report Gabriela from their support team had bombed the fishing forum they did this so quickly I was able to see the reaction of the scammer whenever he noticed that the form had been banned can you open the Google Chrome can you open the Google Chrome browser of your computer this scrip stored all of their important documents on Google Docs including the URL of the form can you open it up the Google Chrome create mam great great job now just once you open up your Google Chrome browser I'm going to help you with a live cancellation form which will be completely an encrypted form that is only and only visible to you as I promised you alright so what you can do is for do you see on your screen right now now what you have to do is you just have to press the Enter key press your Enter button from your keypad just press your Enter button from your keypad all right man he moved very quickly to let the victim see that the form had been suspended for breach of form builders terms of service it took him quite a while to figure out what to do yes ma'am so I will help you to generate your life cancellation form from our servers so just can you log into your email so with her in vine calls gone and that phishing form erased the only thing left to do was to try and stop the internet access completely I knew the scammers IP address here it is on screen and he knew that the approximate location was the city of Kolkata and a lookup of that IP address told me that the internet service provider who managed the IP was Hathway comm an Indian cable and broadband provider and when I was Rama to grind looking at the files on the scammers computer I came across this document it's an installation report from Hathway cable which clearly shows the name of our scammer Amandeep his exact address his mobile number and when this installation took place I also had his customer account number initially I was tempted to write to them and say I'd like to cancel my broadband but I thought better this and just emailed the abuse department for half way almost predictably the abuse email bounced so I had to look for alternative details and other websites I eventually find the name of someone who seemed to be the abuse contact so I emailed him as yet I've yet to hear any conclusion if anyone knows the proper abuse contact for half way please let me know in the comments but looking at some other files on the scammers pcs it seems they were very busy with gift cards I managed to find a receipt for $2,000 worth of Apple store gift cards it seems that someone in Virginia had gone in to purchase these I know the scammers had both the numbers on the receipt I tried calling Apple to see if they could find out who had actually made these purchases but unfortunately it seems that can only be done in store and the currently the store is closed however there was one group of people that I could help as the victims were calling these scammers I was doing my best to disrupt their scams sometimes I couldn't get the phone number immediately but as I did I managed to stop them sorry nice you do have a very nice still you do have 75 years old and you do have a very nice memory and everything man if you want you can have a glass of water or a cup of coffee as well the victim is completely unaware that this scammer is rummaging around her online bank account whilst her screen is black Toit you have your cell phone handy video right he immediately goes to the transfer money section what kind of cell phone is this it's like a an iPhone or it's like Android phone it's Android phone right he's very used to keeping the victim occupied so that she doesn't ask him what he's doing while her screen has been blacked out yes you have a samsung phone right now okay great so can you just open your Play Store open the Play Store can you open the Play Store yes ma'am he doesn't give his own details when it comes to adding a recipient he's looking his wats up and he's been given the name and details of an accomplice this accomplice has a Bank of America account yet an Indian sounding name I have to keep all these details blurred I'd just in case this is an innocent third party but this is actually very unlikely I'm sure the scammer knows who's getting the money I've passed on those details to the FBI and after having a recipient the bank will ask for confirmation okay fine so you can just do one thing you will get a like a message on your phone ends with 8 3 6 9 do you have a phone number that is ending with 8 3 6 9 okay you will get a text message you can check it out from the banking server we will send it to you just check it out man okay fine you can you can hang up the call and you can just confirm me you have to check it quickly so that you can confirm me that one all right yes just hang up the call so that you pin and when she does hang up the call this gives me the opportunity to warn her that she's being scammed hello Ivan you don't know me hello man my name is Dave Robertson you're on the phone call hello on another phone call to ask Alan it is not getting connected on you access line line holder you need to hang up the other line and switch off your computer and I will help you but they're trying to scam money from you hello hello can you switch off your computer please as well just hello hold the power button please hello and I'll explain in a second hello hello you still arrogant the pen can hear me a little bit VIN can hear me you'll also hear the voice of the scammer also trying to ring Vivian at the same time and just getting an answer phone I've even can you hello hello Vivian Oh Carl hey Ben you there hello hello hello Vivian yes hi right my name is Dave Robertson I basically chia Stein scammers I didn't use my normal alias here because sometimes victims have habit of blurting out the name and the scammer can hear I didn't want a bit of Stockholm Syndrome happening on the Internet the people who just phoned you have tried to scam me but I know my a few things about computers I'm able to see what they're doing and they're trying to scam you and in fact I've already transferred money out of your account while your screen was blacked out so okay okay can please call the bank okay no problem but alone I might have stopped one or two being ripped off I did find the details of more than 50 other people and their average age was 70 yet I've passed all of their details on to the local police and I've also tried to send the same details to the police in Kolkata and hope that they'll do something this time if you would like to support me in my campaign against scammers perhaps consider looking at my patreon channel there you can see a lot more videos including the unblurred version of this and again thanks for your support catch me on Twitter and see you in the next video
Info
Channel: Jim Browning
Views: 1,987,494
Rating: 4.9834738 out of 5
Keywords:
Id: _drmu_2Ump4
Channel Id: undefined
Length: 16min 33sec (993 seconds)
Published: Tue May 26 2020
Related Videos
Making life hell for TomTom scammers
Jim Browning
2.6M
Faking GMail support
Jim Browning
810K
A clever Gumtree scam
Jim Browning
1.6M
SCARE-WARE!! ReImage scam (Part 1)
Jim Browning
566K
OK - Let's Tell The Scammer I Already Have The Money
Atomic Shrimp
7.6M
Tech Live Connect - caught red handed
Jim Browning
781K
Downloading a scammer's files [Re-upload]
Jim Browning
4.5M
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.