One of the challenges of the Scambaiting community is finding active phone numbers associated with phone-based scams. Call centres often rotate their phone numbers once the community starts wasting the scammers' time with an excessive number of phone calls. Call centres also switch numbers when the reputation of the number is tarnished by ending up on a blocklist. As a result, the research for new numbers associated with phone scams is a never ending process.
In this article, we demonstrate how to identify telephone numbers associated with Tech Support Scams, Social Security Administration Scams, IRS Scams and Refund Scams with a simple Google search.
The Issue with Fake Popups
There are several methods to get new active numbers. One of the popular way is visiting websites with a typo (e.g. gpogle.com) en-masse to trigger these malicious advertisements. These ads usually claim that the computer requires immediate attention and a call back number where the problem can be fixed.
The telephone numbers from these popups are often passed around on the various Scambaiting forums such as Scammer.info.
Unfortunately, this method is quite unreliable as the fake popup windows tend to not show up outside of the US or over a VPN connection. Also, the numbers are usually associated with tech support scams, and other types of fraud (e.g. Social Security Administration scams) are underrepresented by these popups.
Obtaining Phone Numbers with Google
We clearly need a different method to overcome the issues with the popups. One alternative is none other than a simple Google search within the database of two robocaller blocking services.
There are two popular services blocking nuisance calls on mobile phones: RoboKiller, Nomorobo. They both maintain a public database of spam caller IDs, which is used by the services' corresponding smartphone app to block unwanted calls.
As Google indexes these public databases regularly, we can also search in them and look up numbers. All we need to do is using the right search operators to narrow down the search results to the scam of our choice.
The method is called Google Hacking, or Google Dorking frequently used by security researchers to find website vulnerabilities.
To locate current phone numbers associated with phone scams:
- Navigate to Google.com;
- Enter your search query (see below);
- Click on Tools and select 'Past 24 hours' to display the latest results only.
Google Search Parameters
Personally, I find these search queries the most useful:
"Social Security Administration" site:nomorobo.com
IRS "legal warrant” site:lookup.robokiller.com
"computer technical support" shutting site:lookup.robokiller.com
"computer technical support" expire site:lookup.robokiller.com
"computer technical support" refund site:lookup.robokiller.com
Microsoft department site:nomorobo.com
The search results take you to a page featuring the caller ID, an audio recording and a transcript of the robocall in question. Read the transcript carefully to confirm the call is associated with a scam.
The audio is also helpful if the transcript is not accurate. Typically, numbers are frequently misunderstood by the transcription algorithm.
Bear in mind that the call back number may be different from the caller ID featuring on the page. Sometimes the callers are asking the victim to dial a different number than the one displayed on the phone screen (caller ID). In this case, you need to get the actual number by reading the transcript or listening to the audio.
For example, this transcript features a different call back number: https://archive.is/67mE6
Search Tips and Other Tricks
Although there is a high overlap between the two databases, you can try swapping
with each other in the
site: search operator.
The search keywords are merely suggestions, as you may find more keywords over time that better suit your needs. You can try finding transcripts other scams on the leaderboard of RoboKiller or Nomorobo. Take the most relevant keywords out from the transcripts and experiment on Google to find the best combination yielding new phone numbers.
Once you have a number, you can try searching it on Google to find out whether the phone number has been reported elsewhere (e.g. BBB, Scammer.info). Go back to Google and search for the number in the following format with the following search operator:
intext:"123 456 7890".
Where To Go Next?
Help the Scambaiting community by posting your new numbers on Scammer.info. If you are on Twitter, make some awareness by tweeting them with the #ScamAlert hashtag. Robocalls can be reported to the FTC as most of them are illegal.