October 28, 2019

Scam me? I’ll track you.

By pavel

Believe it or not, there are people that have nothing better to do than scam other people. Whether they do it because of their financial needs or just for a bit of fun, I personally do not care and consider it wrong. Some of the scam I come across are 1:1 – interactive chats (phone/txt). 

Depending how sophisticated the scammer is, you might be able to uncover their identity, but generally the only thing you can do is to waste his/her time (option 1) to prevent them from scamming other people at the same time. Althought it sounds like a good idea, time is precious so consider that aspect too.

Option 2, get rid of the scammer as soon as possible. The quickest way seems to be to block the scammer, hang up the call, mark as spam, walk away etc. You can block users in most of the messaging apps, mobile phones, e-mails and other platforms. 

Then we have option 3, where you try to track the scammer. If it fails, you still pretend you are tracking him/her. He/she will leave usually very quickly. If you have their location, you can report or action further. 

Unless the users uses TOR or VPN, you can get their IP address and find approximately their location and internet service provider (ISP). You can then report it to ISP, national authorities and other scam reporting agencies. You could also go for a road trip if you like face to face contact, but that’s not usually recommended option, up to you:).

If you need to get someone’s IP address, the process is quite simple:

  1. think of a link they would click on, eg. mysite.com
  2. create a tracking URL for your link, via https://sniffip.com/en
  3. mask the url with short URL service (sniffip does it already, but you can use other services)
  4. share with a scammer and lure him/her into clicking on it (here you need to get creative)
  5. collect data, report scammer or work out other plan

Example of a tracking link looks like this:

Coinbase Exchange

This looks like link to Coinbase Exchange, but it goes to:

  1. shorten link http://tinyurl.com/y2ucfnhz
  2. then to tracking link https://sniffip.com/tracking/V82F8fQcKVA3vcgRf6Q1YgrzSAuwSMWFCTqldbex
  3. then finally to your original link https://coinbase.com/

There are automatic redirects between each link, so the user will see only the last destination upon loading the page. Note: a simple hover on a link will show the tinyurl.com link which should be already a first warning that something is not quite right and the scammer would probably walk away. Also, using web dev tools, you can see all three links as you get to your destination, so it’s not perfect way of tracking, but a simple one. 

Other options

There are many options available, depending on the scenario and communication channel you use. This is out of the scope for me now, but here is another example:

Tracking a scammer can be done also by allowing him/her to remote into your “computer” and use Wireshark to get their IP address. The “computer” in this case is an isolated* virtual machine where you can let them play while you are collecting the network data you want. Recommended for advanced users:). *isolated = ideally out of your private network

Another way to annoy a scammer, is by pointing messaging bot onto their profiles and hacking or scamming THEM instead. Some of their account profiles are easier to create, but some might require phone numbers, 2FAs etc, so the process of getting one might be a tiny bit more painful for them when they lose access to it.

Note: do not track your friends and family :). Use it only as protection against those who do the wrong. Thanks