Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
NanoBaiter Profile picture
@NanoBaiter
Jan 23 16 tweets 9 min read Read on X
Scrolly
1/ Meet Sushil Chouhan, An Indian national who owns a scam call center in New Delhi, India. He has been scamming thousands of innocent people since November 2023. Image
Image
Image
2/ I first encountered Sushil's operation when I came across this "Microsoft scam popup." It blocked my keyboard and mouse input and played an audible warning instructing me to call a toll-free number. (This is an example of the scam popup.) Don't call the number!
3/ When I called this toll-free number, I got connected to what sounded like a busy office. The person answering the phone introduced himself as a "Microsoft Certified technician." He told me that my computer was infected with a trojan virus and that I needed to connect it to a "secure server" (remote access software).Image
4/ After the scammer gained access to my virtual machine, he started the scam by showing me non-existent issues (Event Viewer) and stopped services. Once he finished the initial scam pitch, he opened a notepad file and wrote out the so-called "Support plans." Image
Image
Image
5/ The scammer thought everything was going his way, but while he was trying to scam me, I quietly worked on reversing the connection back to his computer. (This is the scammers phone system) Image
6/ This scam call center has Wi-Fi both inside and outside the building. By using the names of the wireless networks and their signal strengths relative to the scammers' computers, we can precisely determine the location of the scam call center. (28.5182833,77.2806568) Image
Image
7/ Once I reverse the connection to one computer in a scam call center, it becomes very easy for me to pivot my access onto more machines. In this case I got access to multiple desktop computers and one laptop that gave me my first ever look into Sushil's scam operation. Image
8/ On this computer they were logged into Stripe and PayPal. They mainly used Stripe to take the payments from the victims. So I exported every single transaction that has ever been initiated on that stripe account. Image
Image
Image
9/ They run multiple ad campaigns, paying for google advertisements targeting specific keywords like "best internet provider" "internet deals" etc. So they not only impersonate Microsoft but they also claim to be from big companies like DirectTV, Xfinity, Spectrum and many more. Image
Image
10/ After I gained access to all of the employees I managed to take control of Sushil's computer. On his computer I found a ton of juicy files like ID cards, Salary slips, Company registrations and even bank statements . Image
Image
11/ Sushil typically uses the laptop to manage the finances, Website domains, the phone system and even his personal bank account. Image
Image
Image
Image
12/ This is live footage of Sushil recruiting a new scammer to the team.
13/ These are photos that were downloaded directly from Sushil's cloud server. The photos from the server match perfectly with my webcam footage. Image
Image
Image
Image
14/ Photos of Sushil and his car. Image
Image
Image
15/ At some point in my investigation the scammers realized I was spying on them and they fully panicked.

Let me know if you want to see more investigations like this one posted onto X. Leave a comment if you want me to upload the full length investigation on my second channel. Thanks for reading and have a good day.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with NanoBaiter

NanoBaiter Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @NanoBaiter

NanoBaiter Profile picture
Sep 22
1/ Meet Abhishek Rawat. He's 24 years old running fraudulent tech support scams out of his apartment complex in Noida, India.

After weeks of spying on him...I confronted Abhishiek through his own laptop webcam. Image
Image
Image
2/ Abhishek tricks victims by impersonating companies like Canon and McAfee.

He sets up fake support ads, answers the calls, pretends to be a trusted brand, and pressures people into giving him full access to their computer. Image
3/ When Abhishek tried to take control of my computer he thought the scam was working but in reality I gave him access to a virtual machine and hacked into his system within minutes. Image
Read 7 tweets
NanoBaiter Profile picture
Sep 5
1/ Meet Balwant Singh, An Indian scammer who impersonates HP printer support and then rips off the elderly with fake tech plans.

He tried to scam me....but instead of falling for his trap, I hacked into his live webcam feed and watched him panic in real time. Image
Image
Image
2/ Balwant runs a classic printer support scam out of his apartment in Almora, Uttarakhand, India.

It starts with fake Google ads posing as printer support. When victims call, he demands remote access, invents fake problems, and charges hundreds for useless “repairs Image
Image
3/ I played along with Balwant’s fake printer errors but what he didn’t know: I was already on his laptop waiting for the perfect moment to expose him.

Laptop IP Address: 117.208.169.210 Image
Read 7 tweets
NanoBaiter Profile picture
Aug 28
1/ Meet Manish Kumar, An Indian national responsible for scamming thousands of innocent people out of his bedroom in Ghaziabad, India.

When I hacked into his laptop and switched on the live webcam feed, he instantly panicked and blocked the camera view with his hand! Image
Image
Image
2/ Manish is running a classic tech support scam. He poses as AVG support, pushes fake Google ads to lure victims, then asks for remote access so he can make up fake problems and charge the victim for useless “support” Image
Image
3/ I played along with his script until he tried to remote into my computer. He thought he was in control, but I was about to flip the scam on him...exploiting one of the biggest weaknesses in cybersecurity: The human vulnerability.

Manish’s laptop IP Address: 43.248.153.48 Image
Read 10 tweets
NanoBaiter Profile picture
Aug 19
1/ Meet Gaurav Trivedi, an Indian scammer who impersonates Microsoft support and then rips off innocent vulnerable people.

He tried to scam me......but instead of paying him money, I hacked into his laptop and turned on his live webcam feed. Image
Image
Image
2/ Gaurav runs a classic Microsoft tech support scam out of his apartment complex in Raebareli, India.

It starts with a fake popup that locks your screen, blares a loud warning sound, and tells you to call “Microsoft” immediately or risk losing all your data.
3/ The scammer’s main goal?
To trick you into giving them remote access to your computer using tools like AnyDesk or TeamViewer.

But when Gaurav tried it on me… I gave him access to my virtual machine and used it to hack into his system instead. Image
Read 8 tweets
NanoBaiter Profile picture
Aug 12
1/ Meet Gurpinder Singh and Rohit Sharma. Both of them run a scam call center in Punjab India. Together they have been stealing over $1.2 million every year since October 2016. Image
2/ I first encountered their scam operation when I found this fake advertisement offering avg support Image
3/ This was clearly a scam webpage but I did the one thing you should NEVER do. I called the number on the main website.

I’m already very familiar with their script so I know they will try to push for remote access to my computer and then try to overcharge me for fake security. Image
Read 13 tweets
NanoBaiter Profile picture
May 15
1/ This scammer is using leaked Coinbase customer data to spam out fake SMS text messages to users.

I could dox the scammer right now but I'd rather conceal his identity until he is brought to justice!

Let's give you an inside look into the scammers perspective and workflow. Image
2/ Earlier this year, my team and I noticed a massive spike in social engineering attacks mainly aimed at @coinbase and @binance users

Reddit and X were flooded with screenshots from victims targeted by these social engineering scams. Image
3/ Typical scam wording to look out for.

1. A withdrawal request was made on your account

2. Your password was reset

3. A suspicious login attempt was made on your account

The scammers will always add a sense of urgency and provide a support number telling people to contact immediately.Image
Read 14 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(