by Casual Observer » Tue Mar 22, 2022 2:25 pm
Anyone else like having fun with scammers?
So the wife freaks out because she gets this text:
fucking phishers wrote:Thanks, the Transaction $252 for "GeekSquad-(Silver Package)" has been successfully processed. Wish to CanceI, Contact us at; 845-307-6419 Thanks
I told her they're either just trying to see if it's a real number or a full blown phishing scam. So I had a few minutes free to call the above 845 number. First indian who answered hung up after I said three times, "is this really the Geek Squad by Best Buy?" click. Next guy I played along, he pretended to look up my "account" using my name and throwaway email address. Next, he "confirmed" that myself (again, wife's phone) or someone else had signed me up for an account and I would need to fill out a "Cancellation Form". I'm like, great, thanks for the help, I'm on the Best Buy website now what do I click?
"no, sir, Mr. Eric, sorry, let me give you the instructions. Do you see the long rectangle at the top of your browser? That's where you will type what I tell you"
He has me type this into my browser, google suggests by the second gg:
gg.gg/nor2022
(.gg is the domain for Bailiwick of Guernsey, btw)
So, switch to my guest account, fire up the VPN and Incognito window, type in gg.etc and it resolves to this beauty:
https://adam90730.wixsite.com/norton
Such a professional website, love that they saved a bit of coin by not paying for the website:
Here's the fun stuff from the whole process. To get the "cancellation
I don't have a sandbox so I don't know if these are ransomware, viruses, or they're just trying to get paid for antivirus downloads.
https://download.aweray.com/awesun/wind ... .34643.exe
https://download.anydesk.com/anydesk.dm ... 1640941370
For the "Cancellation Forms" which he originally dangled in front of me, those links just go to google docs which seem safe although amateurishly made forms. Sure they'll help grab some contact info, they're asking for bank name but no account number so maybe they're going to go cross check againsty the bank numbers from the dark web.
https://docs.google.com/forms/d/e/1FAIp ... A/viewform
https://docs.google.com/forms/d/e/1FAIp ... g/viewform
The sad part of this is my wife probably would have clicked those links if she bothered calling them instead of making me do it.
Anyone else like having fun with scammers?
So the wife freaks out because she gets this text:
[quote="fucking phishers"]Thanks, the Transaction $252 for "GeekSquad-(Silver Package)" has been successfully processed. Wish to CanceI, Contact us at; 845-307-6419 Thanks [/quote]
I told her they're either just trying to see if it's a real number or a full blown phishing scam. So I had a few minutes free to call the above 845 number. First indian who answered hung up after I said three times, "is this really the Geek Squad by Best Buy?" click. Next guy I played along, he pretended to look up my "account" using my name and throwaway email address. Next, he "confirmed" that myself (again, wife's phone) or someone else had signed me up for an account and I would need to fill out a "Cancellation Form". I'm like, great, thanks for the help, I'm on the Best Buy website now what do I click?
"no, sir, Mr. Eric, sorry, let me give you the instructions. Do you see the long rectangle at the top of your browser? That's where you will type what I tell you"
He has me type this into my browser, google suggests by the second gg:
gg.gg/nor2022
(.gg is the domain for Bailiwick of Guernsey, btw)
So, switch to my guest account, fire up the VPN and Incognito window, type in gg.etc and it resolves to this beauty:
https://adam90730.wixsite.com/norton
Such a professional website, love that they saved a bit of coin by not paying for the website:
[img]https://i.imgflip.com/69mteo.jpg[/img]
Here's the fun stuff from the whole process. To get the "cancellation
[img]https://i.imgflip.com/69mv6p.jpg[/img]
I don't have a sandbox so I don't know if these are ransomware, viruses, or they're just trying to get paid for antivirus downloads.
https://download.aweray.com/awesun/windows/AweSun_1.6.0.34643.exe
https://download.anydesk.com/anydesk.dmg?_ga=2.255131585.819988392.1645464727-907820562.1640941370
[img]https://i.imgflip.com/69n160.jpg[/img]
For the "Cancellation Forms" which he originally dangled in front of me, those links just go to google docs which seem safe although amateurishly made forms. Sure they'll help grab some contact info, they're asking for bank name but no account number so maybe they're going to go cross check againsty the bank numbers from the dark web.
[img]https://i.imgflip.com/69mvpx.jpg[/img]
https://docs.google.com/forms/d/e/1FAIpQLSeuyLuPfW9nz9PFKP13i8Po-Fuimpsc1GncDGrs002tBPN3zA/viewform
https://docs.google.com/forms/d/e/1FAIpQLSetL-6OfV0J77a4zzKKe7aw6jLJXTOvpHbVkmSHbey8gtwCJg/viewform
The sad part of this is my wife probably would have clicked those links if she bothered calling them instead of making me do it.