Hi, all! Long time listener, first time caller. This is a great guide. I have VMware WS Pro, which I use for work, and I've got a scambait machine all set up, fake email address, fake name, bogus address, the whole script, really. Just enough of it is fake that it can't be traced, while enough is true that I can remember it without consulting my script, etc. I've signed up with Skype - do you all recommend that for scambaiting? I did the free trial thing, for now, and I can always pay the whole 3 bucks a month. Do you know if there are any terms and conditions or any other reasons why Skype could not be used for this purpose? I used it once to call myself and it came up restricted, but when I called a scammer with it, he spit back an actual number to me when he wanted to "call me back" and said my line was ringing, but it didn't on my end, so I'm just wondering about some of the deeper nuances of Skype, and whether it's a viable option for this purpose. I didn't really like TextNow, since it didn't give me a manual option for sign up, and I tend to avoid "Sign up with Google, FB, etc" whenever possible.
I've also been using my own number and a VM w/o VPN for years, but never seemed to have any issues. It sounds like that's a TERRIBLE idea. What do you recommend? I hear a lot about how these VPN services either sell data or get hacked - Nord VPN among the higher-profile offenders/victims. I'm leery about stuff like that, and I'm not really in the market to have my data stolen (ironic, I hear you say, considering I use my real phone number and no VPN for scambaiting, to which I riposte "that's why I'm here...") Are there any better options for IP masking short of a dynamic IP address from my ISP (I noticed someone had said static IP, but that's an unchanging address, as opposed to dynamic, which IS a changing IP...)
I think I'm good everywhere else, short of maybe some kind of locally hosted fake bank web page or black screen override, like Kitboga has. That's where I tend to have to make the reveal, since I can't logically proceed any further. Any advice, there? Letting them into a VM is easy, but going into a bank without making a fake account just for all that is hard.
A little bit that I've learned, just so I'm putting something on the table and not taking, taking, taking - if you get a call from something like Chase Bank or something like that, have a list of what those cards tend to start with, so when you hand them a bogus card number, it doesn't immediately raise a flag. I tend to just rapid-fire Google a Chase Bank card, and, generally it's in the images, somewhere. Hasn't failed me, yet.
Anyway, all, thanks in advance for any insight or tips/tricks!