reSee.it - Tweets Saved By @NanoBaiter

Posted - January 23, 2025 at 12:55 AM

Saved - January 23, 2025 at 10:31 AM

reSee.it AI Summary

I encountered Sushil Chouhan, who runs a scam call center in New Delhi, targeting innocent people. My investigation began with a Microsoft scam popup that led me to call a toll-free number, connecting me to a scammer posing as a technician. I managed to reverse the connection and access multiple computers in the call center, uncovering their operations, including payment processing through Stripe and various ad campaigns. I found sensitive files on Sushil's computer and documented his activities, including recruiting new scammers. Let me know if you want to see more investigations.

@NanoBaiter - NanoBaiter

1/ Meet Sushil Chouhan, An Indian national who owns a scam call center in New Delhi, India. He has been scamming thousands of innocent people since November 2023. https://t.co/bk7Y5JzZps

@NanoBaiter - NanoBaiter

2/ I first encountered Sushil's operation when I came across this "Microsoft scam popup." It blocked my keyboard and mouse input and played an audible warning instructing me to call a toll-free number. (This is an example of the scam popup.) Don't call the number! https://t.co/7o1tY8sfJN

Video Transcript AI Summary

Your computer is infected with frozen viruses, causing your window to be blocked and affecting Microsoft Servers. Please call support immediately. Do not shut down or restart your computer, as this may spread the viruses further and result in data loss.

AI Similar Videos

Full Transcript

Speaker 0: Your window is blocked because your computer is infected with frozen viruses, and it is infecting Microsoft Servers. Please call support immediately and do not shut down or restart your computer because it will spread the viruses more and all of your data will be deleted.

@NanoBaiter - NanoBaiter

3/ When I called this toll-free number, I got connected to what sounded like a busy office. The person answering the phone introduced himself as a "Microsoft Certified technician." He told me that my computer was infected with a trojan virus and that I needed to connect it to a "secure server" (remote access software).

@NanoBaiter - NanoBaiter

4/ After the scammer gained access to my virtual machine, he started the scam by showing me non-existent issues (Event Viewer) and stopped services. Once he finished the initial scam pitch, he opened a notepad file and wrote out the so-called "Support plans." https://t.co/Bf46yFOjVN

@NanoBaiter - NanoBaiter

5/ The scammer thought everything was going his way, but while he was trying to scam me, I quietly worked on reversing the connection back to his computer. (This is the scammers phone system) https://t.co/YEnhoC0Jqx

@NanoBaiter - NanoBaiter

6/ This scam call center has Wi-Fi both inside and outside the building. By using the names of the wireless networks and their signal strengths relative to the scammers' computers, we can precisely determine the location of the scam call center. (28.5182833,77.2806568) https://t.co/FqzkJcmIBS

@NanoBaiter - NanoBaiter

7/ Once I reverse the connection to one computer in a scam call center, it becomes very easy for me to pivot my access onto more machines. In this case I got access to multiple desktop computers and one laptop that gave me my first ever look into Sushil's scam operation. https://t.co/3U3jCcuVZ5

@NanoBaiter - NanoBaiter

8/ On this computer they were logged into Stripe and PayPal. They mainly used Stripe to take the payments from the victims. So I exported every single transaction that has ever been initiated on that stripe account. https://t.co/z1sCRrcZhp

@NanoBaiter - NanoBaiter

9/ They run multiple ad campaigns, paying for google advertisements targeting specific keywords like "best internet provider" "internet deals" etc. So they not only impersonate Microsoft but they also claim to be from big companies like DirectTV, Xfinity, Spectrum and many more. https://t.co/XfI208T5wV

@NanoBaiter - NanoBaiter

10/ After I gained access to all of the employees I managed to take control of Sushil's computer. On his computer I found a ton of juicy files like ID cards, Salary slips, Company registrations and even bank statements . https://t.co/MIzJyB6ArR

@NanoBaiter - NanoBaiter

11/ Sushil typically uses the laptop to manage the finances, Website domains, the phone system and even his personal bank account. https://t.co/utwaM5uuBJ

@NanoBaiter - NanoBaiter

12/ This is live footage of Sushil recruiting a new scammer to the team. https://t.co/Yz0O1zz4BA

Video Transcript AI Summary

Are you comfortable with night or rotating shifts? Yes, I'm okay with that. My chief is also fine with it. Do you know what kind of work we do here? I heard it's related to GPU work. Have you had any other interviews? I tried with IGT for a customer care voice process. What happened? I failed the voice and accent assessment. So you didn't pass the operations round either? Correct. Alright, I'll call you to schedule another round of interviews at our office in Okhla. Okay, thank you. Have a good day! Thank you, you too!

AI Similar Videos

Full Transcript

Speaker 0: Put aside. Speaker 1: Mhmm. Speaker 0: Yeah. Speaker 1: Okay. So and you don't have any, working experience. Right? Speaker 0: Yes. Yes, sir. I'm not pressure. Speaker 1: You're absolutely fresher. So I want to know, would you be comfortable in night shifts or, maybe it's a, you know, rotation shift here? So will you be able to work? Yeah. Speaker 0: Yeah. It's okay. My chief also is okay for me, sir. Speaker 1: I want to know if, do you know what kind of work we do here? Any idea? Anything that she discussed with you, the hook only, the other guy who left? Speaker 0: Yeah. She told me that, Speaker 1: it's about, GPU. Mhmm. Speaker 0: And then, yeah, she told me that she's, even working Speaker 1: in. Mhmm. So, here we go. Have you, like, conducted any other interview? Have you given any interview in Gurgaon or any other company before? Speaker 0: I try one company, sir. Speaker 1: What happened there? Which company? I hear IGT. Speaker 0: I I Customer care. Voice process, sir. Speaker 1: Okay. What happened? I'm sharing Speaker 0: my voice in case. Speaker 1: Oh, voice in accent down? Enough. Mhmm. Speaker 0: Yeah. Yeah. I I feel in voice and sound, sir. Speaker 1: Okay. You failed in voice and ground. K. And what about, operation routes? You were not through to that. Right? Speaker 0: Yes, sir. Speaker 1: Okay. So alright. So just give me some time. I'll call you and then and then our office is in Okla. So I'll let you know when you can come for the another round, and then we'll then discuss rest of the things. Okay? Speaker 0: Okay. Okay, sir. Thank you, sir. Speaker 1: Alright. Alright. Have a good Okay. Speaker 0: Thank you, sir. Have a great day, sir.

@NanoBaiter - NanoBaiter

13/ These are photos that were downloaded directly from Sushil's cloud server. The photos from the server match perfectly with my webcam footage. https://t.co/vRpDuLN1nh

@NanoBaiter - NanoBaiter

14/ Photos of Sushil and his car. https://t.co/hsaAF0tUSt

@NanoBaiter - NanoBaiter

15/ At some point in my investigation the scammers realized I was spying on them and they fully panicked. https://t.co/SdMJTL4FJg

Video Transcript AI Summary

We can check the broadband now. Yes, there's an option for broadband. Can you reconnect the router?

AI Similar Videos

Full Transcript

Speaker 0: With s town. We can check with the broadband now. Yes. I'm good. There is a option of broadband now. Yes. By the way, can you connect it to, connect the router again?

@NanoBaiter - NanoBaiter

Let me know if you want to see more investigations like this one posted onto X. Leave a comment if you want me to upload the full length investigation on my second channel. Thanks for reading and have a good day.