Baiting scammer for a $40,000 Refund – Full Version


Let’s jump right in. This is a scam call center pretending to be Norton Antivirus. They’re located in our favorite place, the tech scam capital of the world. Now, you guys sent us this email, so we’re gonna give them a call. I’m playing a silly character. But listen, the goal is to destroy this guy. Once he connects to my computer, I will reverse access to his. Now I can’t show you everything because scammers watch these videos. And nobody wants to educate a scammer.

Back to a system. I realized he had too many files. So I deleted them, sidenote, he had some interesting files that will show you that way. As far as the scam itself. I’m going to show you how they refund me $40,000. If you think that they actually give me the money then I don’t know what to do. Now what’s important here is getting an address that helps us to identify the criminals that are here in the US. These guys are laundering stolen money. Trust me. They’re paybacks coming soon. So let’s get into it.

(Beginning of call) 

I’m trying to see what it … what this is about. It says Norton family. Dear customer, Thank you for trusting Norton 360 LifeLock security. 

Right now, the free period is over. It’s been upgraded to the paid version. And also renewed. 

I don’t know why you’re charging me. I didn’t ask you to charge me for it. 

If you have a computer then just so we will do one thing without wasting the time directly we’ll connect you to the secure server of the Norton and then we will deactivate the services for you. Okay, do one thing and a sword card wave press the windows and letter R together. Windows key and letter R together. So make the box empty. 

This is 

Do you already have anydesk with you? On your computer? 

Yeah, I had an issue on my computer last week. Then you can just open the anydesk. 

(File deletion) 

In order to remove this, let me do it, one thing over here. 

What we remove is what my question is. 

We will remove the Norton Antivirus as you said that you want to cancel it right? So instead of taking the thing with the anydesk we’ll do it with the Ultraviewer. 

Okay, okay. 

Now do you mind telling me what Ultraview does?

It’s the same as anydesk sir. 


(Speech cancelled)

So I’m on the phone with the scammer and they have to remote into my computer. So what I did was I said that I already had anydesk on there. Long story short, it helps me reverse the connection and get into his files. Not only do we delete files, but we download them first because I like to go through them. I think it’s kind of interesting to see what was on their system. There wasn’t a bunch but some really interesting things. So we saw different logos like Norton and Geek Squad but we also saw Enterprise rental car. Now going through their files folder. Further, we saw some victims that had given their credit card information and we also found an Excel file that had an 800 number that people were calling into. So we put that into the internet and found a fake car rental website that the scammers were using and I called the 800 number up literally today, and they picked up and said: “Thank you for calling Ebay. This is Dennis. How may I help you? 

It just goes to show that the scammers are trying to get new tactics of stealing money from people. They’ll pretend to be eBay, Enterprise rental car, Norton or the Geek Squad. So really interesting information though that they’re going to find new ways to try and scam people. 

“All right, in order to go ahead with the refund and the removing the Norton Antivirus. I’ll be transferring, transferring this call to my senior technician.” 

“Okay, okay, what’s her name?” 

“Alright. His name will be Steve Carter.” 

“Okay. Thank you.” 

Okay, so we got on these we got on the scammers computer there’s certain things I can’t show guys. I’m sorry we got on the scammers computer what I was doing while I’m trying to waste his time. We’re obviously deleting some files, but we’re trying to be able to watch them a little bit better. I don’t want to completely delete all of his files because then it’ll get suspicious and just image the computer. But we’re able to download this file. 

“Thank you for being held. This is Steve Cartery. How’re you doing today?” 

“Oh, I’m doing great. How are you?” 

Now that we’ve deleted their files and also downloaded them to investigate further. I like to just kind of turn the temperature up a little bit so I’ll do things like exit out of Windows not listen to the scammers. I’ll say things like scam instead of scan and then I’ll just say crazy stories to see how they react. 

“And to be very honest, you sound very young over the phone.”

Không có mô tả.

“Oh no. I’m 53” 

“You sound just like maybe 30 to…Oh my god. Unbelievable. You still sound very young between 30 to 40.” 

“Oh, well. I mean, that’s not what my wife told me the other night when she called me a stallion she called me a stallion pan” 

“You are happily…You are happily married?” 

“And now, alright, so…” 

“I try sometimes, you know, like, you know you do a little bit of rose petals. You do a bubble bath, a little bit of red wine and anyone starts to look like Tom Cruise after a little bit of red wine you know what I mean?”

“Yeah, now please you can hang up the call and Mike Wilson, the manager, will call you. He’s going to call you right now. You can hang up the call.”

(Another call)

“Uh, this is Mike Wilson sir and I’m calling you from Norton. Right now. Our technical server’s connected to you so that we can go ahead and we can do as can.” 

“Okay, well how long does this game run for?” 

“It will just take few minutes so.” 

“Okay, do I need to do anything to start the scam?” 

“No, nothing, nothing.” 


“Now with you right now is I will just let you get you connected. To our banking so that we can go ahead and we can initiate your refund. Can you please go ahead and type your full name.” 


“Okay, did they keep asking for your billing address? So you need to go ahead and put your billing address there. Your information’s like your full name Roy Miller. Your billing address, which is 700 Coconut Avenue, Panama City Beach, Florida 34230 which is your zip code.” 

“Do you work for Chase or how is this getting verified?”

“Okay. I am…I am. I’m the billing manager from Chase Bank of Norton. You can make, ah, you can maximize the Google Chrome browser. You can maximize it.” 

Không có mô tả.

“How do you do that?” 

“Do you see a square box on the top right corner?”

“Yes, yes”

“Yeah, this is the square one, the square one the square one?” 

“Yes. It’s a red square.” 

“No, it’s a cross sign. It’s x sign. You don’t click on that. You need to click on the…this side yes.”

“Don’t click on the inside of the red side. There’s a cross inside the right square.”

“No no, no, no. You need to click on the square one color. Hold on.” 

“Leave the mouse. you just leave the mouse. You please leave your mouse. Will you please leave your mouse?”

“So after we’ve trolled them, they are still going to go through this refund scam. And what they want to accomplish here is they’re already connected to my computer, they will look at my bank account and then edit the HTML through the browser to make it look as if they gave me some crazy amount of money. 

“Now I’m going to go ahead and I’m going to do a transfer. Alright? What do you see right now?”

A blank screen. What they’ve done is I told them that I can’t see my screen. So they’re gonna go in here and they’re going to right click on the available balance and hit Inspect. I’m not doing this, the scammer is doing it. So they’re gonna go here and they’re gonna put in the refund. So I’m gonna show the balance is 43,000 and they’re going to try to steal 40,000 from me. So 43,000 and you can see they’re putting that in as the transfer amount and then they’re gonna go change the description. Now, a lot of people ask how it works and they want the nuts and bolts of how it works. This is how it works. So you get to see it. And that’s kind of why I told them I couldn’t see my screen so that we could see as they were, you know it’s just a way to kind of trick them. So these guys aren’t very smart. 

Now the only way to get that money back is to send it to them directly via multiple methods. We obviously want to get an address because that can lead to additional criminals. But that is the refund in a nutshell. They will then again go and try to manipulate their victims by saying they’re going to lose their job. They can’t feed their families. And these are all tactics that they’ll use, but we’ll continue to do the manipulation back to them along the way.

“What do you see on the screen right now?” 

Không có mô tả.

“It says 40” 

“Hold on, that’s not right. Hold on one second.”

“I’m gonna second not right, that’s not trial on. Hold on, that’s not right.” 

“We cannot cancel this and we can, we cannot reverse it back as well.” 

“I get all of that. I just don’t know how you guys would allow this to happen.” 

“I also don’t know this is the first time. I’m getting this experience. How far is your bank? How far is the branch of your bank? The Chase Bank from you?” 

“Maybe 15 minutes” 

“We have to do each and everything in a very critical way. Alright?” 

“In a very physical way” 

“Now you need to understand. Yeah.” 

As you all can see so far, I’ve given a lot of personal information as the victim to the scammer, even including the bank that I use and how much money is in my account. Getting these types of details from their victims is a huge win for the scammer because then they can go and sell this information to other people. Now one of our security partners, Aura. They deal specifically with this type of threat and Point Blank guys. They will help protect your identity. They do some other things like AV fraud monitoring and even password Management in a single app and one cool thing is they will actually go and monitor the dark web for all of your personal information like emails, passwords, phone numbers, Social Security numbers. I can guarantee your stuff is out there with identity theft being such a common theme in our lives. I’m sure you’ve heard the stories I have from friends and family. There’s a new victim every 14 sec to the tune of about a thousand dollars. 

Now a security app like Aura will actually go and scan the entire dark web and look for matches of your personal information out on the dark web. That’s literally being sold and they’ll notify you in real time so that you can go and take the proper action which is super important because I’ve literally felt this pain before myself. My information was being sold on the dark web and the hacker actually went to a retail website to buy televisions that we caught up in New York, which is crazy. So your information I’m sure is out there as well you’ve got to remember that head on over to payback they’ve got a great two-week free trial where you can actually go and see what information of yours is out there on the dark web. 

Now let’s see if we can go get some more information out of the scammer, get an address and go save some people.

“You need to go to your bank physically sir. You cannot do anything online. Do you know what is your limit for a date? Do you know your limit?”

Không có mô tả.

“To take out of my account”

“Like how much?” 

“I mean to take out of my account, the limit I mean I probably 20 000”

“Do you have any idea rather?”  

“20000 30 000.” 

“Okay I’m just, uh, I’m, I’m going right now on the way” 

“Once you speak to your banker, just tell them that I just want to get a hard cash. A fix up to $20,000.” 

So the final piece of the refund scam is getting the actual money sent to the scammers themselves. In this instance, they’re having me get cash out and then send that through a parcel to a money launderer here in the US. We’re actually going to take that information and go after the criminals in the U.S that are helping these guys illegally transfer money overseas. So it’s vital that we get the address, we get the information and do the job properly so that we can find these other criminals. 

(Getting the address)

“You’ve got the cash in your hand? You got the cash?” 

“I mean I don’t have it in my hand. I have it in, um, kind of like an envelope type thing. Why don’t I just send you guys just a dang box with it. I’ve sent it wherever you live. I’ll just send you a dang box with the money in it. I don’t freaking care.” 

“You, you want to do this with the box right?”

“Yeah I’ll just do the box. It’s easier I have a FedEx over here or what do you need UPS” 

“Okay okay okay. So you just follow the steps what you need to do. So I’m going to give you the address and everything. I’m going to give you the address everything sir” 



“Okay. Right now or what do I need your site, right now.” 

“Yeah first… first wrap the uh wrap the cash sir, with the aluminum foil yeah” 

“Okay just give me a moment” 

Okay so this is a, uh, this is a win because uh well the scammers muted and at this point what’s going to happen is. So scammers are going to want us to wrap actual cash with aluminum foil, put it into a box and then ship it to somebody in the United States that is working with them. They’ll either put into Bitcoin or they will launder the money through like wire transfer or something like that typically they find people on places like or else they have family members or other crime people that they know in the US, that they’ve worked with before and that’s their sole job is like they might have a regular job.

Không có mô tả.

But then they collect these packages and get paid a bunch of money-tens of millions if not hundreds of millions of dollars is stolen. So this is why getting these, uh, addresses is such an important thing in our operation here because it’s able to link to a lot of bad things that are going on. It’s, it’s really really good so we can’t talk too much more about it, but it’s really powerful for us to be able to get these addresses. It really really helps people not only that we’re able to also possibly if you have one package going to an address, you might have 10 packages going to an address. So we’re possibly helping additional people which is really really nice. 


“Are you done? 

“Yeah, I also wrapped it with, um, some bubble wrap.”

“Thank you for this. Thank you for understanding the circumstances sir. You’re doing it very well. You’re doing nice work”

“And I hope that you aren’t mad at me. You sound like I don’t know your voice, sounds like you’re mad at me or something. 

“I’m really sorry sir. I’m really sorry for the inconvenience” 

“I don’t know if there’s someone I could speak to. Maybe you could tell your boss real quick that I do apologize for this. Does he know or she knows?” 

“Okay let me tell him sir. Let me tell him alright”

“Maybe I could just keep it off of mute so I can hear that actually…” 

“Customers are really apologetic for the mistake and for the inconveniences. Really sorry for this”

(Absolute no reply) 

“Alright you there Mr.Roy?” 

“Yes. What did she say or do?”

“He said that’s okay no problem. Alright you, you just take some rest. Alright? It will take me five minutes to give you the uh the information, the details of the receiver, the location the address” 

I’ll show you a little bit right here so it’s got a receiver. Oh here it is right here UPS information receiver name and all this kind of stuff. I’m not obviously not going to show the screen, but they’re putting the information here. So that’s going to be a big win for us to get the receiver information. It’s that last moment of are we going to get that information that we wanted, are the three and a half hours of working for these guys. Are we gonna get the information we want or are they gonna be afraid at the end. Um, this is kind of the moment of truth. This is the scariest part for me as a scambader because this is what you work for.

(After the address)

Không có mô tả.

Oh this is a California address. Okay.

“Yeah this is Roy.”

“Roy, it’s me Mike Wilson sir. So can you please come to the computer? When you do the UPS. There are two things signature required when the receiver is going to receive the package alright?” 


“And signature not required” 

“Why is it, signature, not required? Was the reasoning for that?” 

“The reason is, okay? Now this is Akash okay? You’re sending Akash, that is the reason.”

“I know who cash is. He’s my, he’s my son’s best friend, his name’s Akash.”  


“Um, who is Aju? Is that who’s saying Aju so much? I keep hearing someone say Aju.”

“He’s a technician of the company”

“And also Vijay. I, I just, I keep hearing Aju and Vijay. Who’s Vijay?”



“Uh, he’s from our department”

So these are the real names of the two scammers that I’ve been involved with here. And I wanted to scare them but not spook them too much because they’re too scared then they won’t send the guy on the other end to go get the package. That’s why this scambait call ends with me going to go send the parcel. 

“You need to go now sir okay?” 

“Okay. What do I need to do about Vijay? Do I need to write anything with that name down because you guys keep saying”

“No no no no no no no no no no no no” 

“Yeah you don’t need to write that down. No now you drive yourself to the UPS when you get there, to the parking lot to me and let me know okay? I’m holding the line, don’t hang up on me, okay?”

I love India so much and before anyone goes and comments saying that I’m saying all scammers are from India. I want to let you know these gamers in particular are from the tech scam capital of the world. (India)


Leave a Reply

Your email address will not be published.