I used to phish scammers for fun. Most are greedy and stupid. My favorite tactic was to get them to click on a link (usually pretending to be to my bank account, or something they want, actually pointing to my domain) and then have a fake re-auth page for whatever web-based email address they were using where I collected their username/password.
It worked 100% of the time. I usually logged in, changed the password on them, and then proceeded to loot the email account of credentials/other interesting information and warn anyone they were directly contacting that they were being scammed. My goal was to shutdown the entire operation.
The sad part is that it was mostly romance scams with elderly men and women that just lost their spouse, and didn't believe me when I told them they were being scammed.
It gets more complex these days with 2FA, but it's nothing evilginx can't solve.
Nice! I was curious how their operation worked. I think they were going to email me a fake link to a Coinbase login. I'm wondering how they spoofed the emails and made them appear like they were coming from legitimate domains. One was a German hotel the other was a Japanese utility company. I was surprised at the level of security they had.
I feel like these scammers were extra cautious and not that greedy. I could tell they were reading a script of the first guy with the UK accent could've been the head of operation. That would've been extremely challenging to fish him.
4 comments
[ 3.3 ms ] story [ 21.8 ms ] threadIt worked 100% of the time. I usually logged in, changed the password on them, and then proceeded to loot the email account of credentials/other interesting information and warn anyone they were directly contacting that they were being scammed. My goal was to shutdown the entire operation.
The sad part is that it was mostly romance scams with elderly men and women that just lost their spouse, and didn't believe me when I told them they were being scammed.
It gets more complex these days with 2FA, but it's nothing evilginx can't solve.