How to Obtain Telephone Numbers of Phone Scams with Google Dorking?

OSINT Aug 19, 2019

One of the challenges of the Scambaiting community is finding active phone numbers associated with phone-based scams. Call centres often rotate their phone numbers once the community starts wasting the scammers' time with an excessive number of phone calls. Call centres also switch numbers when the reputation of the number is tarnished by ending up on a blocklist. As a result, the research for new numbers associated with phone scams is a never ending process.

In this article, we demonstrate how to identify telephone numbers associated with Tech Support Scams, Social Security Administration Scams, IRS Scams and Refund Scams with a simple Google search.

The Issue with Fake Popups

There are several methods to get new active numbers. One of the popular way is visiting websites with a typo (e.g. gpogle.com) en-masse to trigger these malicious advertisements. These ads usually claim that the computer requires immediate attention and a call back number where the problem can be fixed.

A fake popup is a rare sight outside of the US even with a VPN
A fake popup is a rare sight outside of the US even with a VPN

The telephone numbers from these popups are often passed around on the various Scambaiting forums such as Scammer.info.

Unfortunately, this method is quite unreliable as the fake popup windows tend to not show up outside of the US or over a VPN connection. Also, the numbers are usually associated with tech support scams, and other types of fraud (e.g. Social Security Administration scams) are underrepresented by these popups.

Obtaining Phone Numbers with Google

We clearly need a different method to overcome the issues with the popups. One alternative is none other than a simple Google search within the database of two robocaller blocking services.

There are two popular services blocking nuisance calls on mobile phones: RoboKiller, Nomorobo. They both maintain a public database of spam caller IDs, which is used by the services' corresponding smartphone app to block unwanted calls.

The wall of shame featuring the number of the most active nuisance callers
The wall of shame featuring the number of the most active nuisance callers

As Google indexes these public databases regularly, we can also search in them and look up numbers. All we need to do is using the right search operators to narrow down the search results to the scam of our choice.

The method is called Google Hacking, or Google Dorking frequently used by security researchers to find website vulnerabilities.

To locate current phone numbers associated with phone scams:

  1. Navigate to Google.com;
  2. Enter your search query (see below);
  3. Click on Tools and select 'Past 24 hours' to display the latest results only.

Google Search Parameters

Personally, I find these search queries the most useful:

"Social Security Administration" site:nomorobo.com

IRS "legal warrant” site:lookup.robokiller.com

"computer technical support" shutting site:lookup.robokiller.com

"computer technical support" expire site:lookup.robokiller.com

"computer technical support" refund site:lookup.robokiller.com

Microsoft department site:nomorobo.com

Results of a search looking for current phone numbers associated with refund scams
Results of a search looking for current phone numbers associated with refund scams

The search results take you to a page featuring the caller ID, an audio recording and a transcript of the robocall in question. Read the transcript carefully to confirm the call is associated with a scam.

The audio is also helpful if the transcript is not accurate. Typically, numbers are frequently misunderstood by the transcription algorithm.

The called ID, audio and transcript of an unsolicited phone call
The called ID, audio and transcript of an unsolicited phone call

Bear in mind that the call back number may be different from the caller ID featuring on the page. Sometimes the callers are asking the victim to dial a different number than the one displayed on the phone screen (caller ID). In this case, you need to get the actual number by reading the transcript or listening to the audio.

For example, this transcript features a different call back number: https://archive.is/67mE6

Search Tips and Other Tricks

Although there is a high overlap between the two databases, you can try swapping lookup.robokiller.com and  nomorobo.com with each other in the site: search operator.

The search keywords are merely suggestions, as you may find more keywords over time that better suit your needs. You can try finding transcripts other scams on the leaderboard of RoboKiller or Nomorobo. Take the most relevant keywords out from the transcripts and experiment on Google to find the best combination yielding new phone numbers.

Once you have a number, you can try searching it on Google to find out whether the phone number has been reported elsewhere (e.g. BBB, Scammer.info). Go back to Google and search for the number in the following format with the following search operator: intext:"123 456 7890".

An additional search confirms this number was reported to the FTC
An additional search confirms this number was reported to the FTC

Where To Go Next?

Help the Scambaiting community by posting your new numbers on Scammer.info. If you are on Twitter, make some awareness by tweeting them with the #ScamAlert hashtag. Robocalls can be reported to the FTC as most of them are illegal.

Pawel Kowalczyk

Scam hunter. Mapping tech support scammers with OSINT. You can be my wingman any time.