three "non mainstream fraud" stories told by guest

Posted by millikan at 2020-03-10

Editor's note: only_guest Zhang Ruidong, known as "the white hat that no one dares to say is not handsome" at fit 2017 conference, the head of double helix attack and defense laboratory and the head of pkav team, is not only a specially hired network security expert of Sichuan University, but also one of the most influential white hats among the people.

Fit Internet Security Innovation Conference is a security summit hosted by security media freebuf. The annual achievements and innovative Internet security technologies in the field of security will be shown here.

Two years ago, with a heart to save the world, only guest joined in its anti fraud business.

This man who can easily get the address and phone number of Ma Yun, Ma Huateng and Zhou Hongyi, and once positioned the taxi track in Chengdu, told the three times of "non mainstream fraud" in fit 2017, one of which was almost deceived by the other party.

The following is only_guest speech content. Click the picture to view the large picture:

0x00 Preface

Today I'd like to share with you the theme of the game of fraudsters.

In the past two years, in the process of anti Telecom fraud, we have encountered many interesting scams, or scams outside the mainstream. Today, I want to share with you some of the "non mainstream scams" I personally encountered.

The traditional scams are generally traceable and have standard processes, such as the common gangs pretending to cheat by public prosecution. They usually have such a process:

Make a fishing site,

Collect personal information for screening,

Pretending to be a staff member of the public security organs and law enforcement organs, sending text messages and making phone calls to the selected value targets,

Guide the victims to enter the phishing website to fill in information, download the Trojan horse program, and finally enter the process of transfer, withdrawal and money laundering.

The amount involved in this kind of cases is generally very large. A criminal gang that our team has found before has paid more than 40 million yuan in one afternoon. In addition, there are traditional fake base station SMS scams, which trick you to enter the phishing website through various means such as points cashing, etc. to implement the scam.

In view of these "traditional" scams, actually we have done quite a lot of means and measures. For example, we have made an automatic traditional platform of anti fraud of Telecom pseudo base station, which can know who is being cheated in real time, then transmit information to users, banks and public security organs in real time, let banks freeze accounts, let public security organs directly catch people and let users mention it High vigilance.

At the same time, we can reverse phishing websites, obtain the data fingerprint information and QQ number of the website's behind the scenes operators, and automatically trace the fraud phone within one minute through the VoIP traceability system. (for more information about the above anti fraud system, please refer to "only Gu guest, a deep hacker: how to deal with cheaters gracefully? )

In a word, I think we have made this traditional anti Telecom fraud system quite perfect. Since last year, we have handled more than one hundred cases, involving a total amount of 230 million yuan. Today, we mainly tell a few "non mainstream" fraud stories.

0x01 cheated innocence

The first story starts with a tweet. On October 10, I received a private message. A girl asked me for help, saying that she had been cheated by telecom for 6300 yuan, hoping to get my help.

Yes, the handsome head on the right is me. I asked her about the specific situation of being cheated and wanted to help her. After all, helping others is the foundation of happiness. Moreover, this little girl has always called my brother and brother, which makes my heart sweet (as if this is the key reason).

She told me: I found a person on the Internet to make up for the report card of the meeting examination, and then was cheated to pay the deposit by that person, and was cheated. I asked her to send me the receipt of the alarm, because there are often many people who pretend to be cheated and ask me to help steal a number to investigate individuals. I'm very annoyed with the ball, but if it's really a fraud, I'm willing to help the kind-hearted (with a positive face).  

Later, she sent the transfer records, police photos and the recording of the alarm. After confirming that it was the real event, I began to help her find clues to counter cheat.

That afternoon, I found some clues for her. In fact, I directly got the computer permission of the swindler and saw all the things on the swindler's computer. But the swindler's body was in Jiangsu Province. So I told her that I would give her the detailed information of the swindler and let her give it to the police to arrest. Then, as I was about to get some more details, I found something new

I realized that I was trapped in a "trick to cheat.".

I continue to talk to the cheated girl. As you can see, I'm really unhappy. You should tell me the truth. Guess what I found?  

I found two transcripts of the same person, but the results were totally different. This one on the left is a real report card, and the one on the right is a revised one.  

At this time, the girl still vigorously defended, saying that she was just passing PS when she made up the report card of the meeting examination.

What she doesn't know is that I've got the cheater's email account. In the email, I find out the fact that the girl actually has the report card of the examination, and then she looks for someone who has a fake diploma to forge the report card of the examination, and she is cheated by the other party.

So to sum up the whole story is: the girl wants to cheat people by faking her grades, and is cheated. Then she uses a girl's heart to cheat me, a pure boy's heart.

0x02: female students with stories

The second story starts with a wechat red packet, which is also an interesting case of fraud. Cloud hive, I don't know if anyone has seen it in their friends circle or wechat friends.

One day, I received a picture of a bee hive in the cloud on wechat. It was sent by a female classmate who had been separated for many years. In my impression, she seemed to be doing wechat business. She said that it was a "make friends, make money and have fun" project. As a security practitioner, I immediately had doubts.

Making friends, making money or having fun? First, register one! After registering, the female classmate told me: "you are now level 0, you have to upgrade to make money, so he gave me an account number, saying that as long as I send a 10 yuan red envelope to the other party, you can upgrade to level 1, so I successfully upgraded to level 2 according to what she said.  

At this time, I directly asked my "superior": then how can I make money? He said that you let others become your subordinates, and then send 10 yuan red envelopes, you won't make money!  

Well, it makes sense! So I got more 10 yuan. I found two guys of pkav team and made them "force" to be my subordinates to earn 10 yuan for both of them.  

Obviously, this is a MLM network that uses wechat red packets for offline development, but the single amount is very small.  

In order to find out what kind of organization is behind this project, I entered a wechat group. As soon as I joined the group, many beautiful girls sent various welcome pictures, which made me very excited.

After organizing the members as like as two peas, I found that the group of people was the same as each other, but it was obviously not because they were in the same place, but to implement unified head and unified language.

What kind of existence is this group? Every day's chat content is to advise you to upgrade, advise you to upgrade to the top (Level 7), advise you to bring in new people.

As you can see, there are more than 400 people in my group, and how many of them are there? More than 700.  

Everyone is fooling others to pay attention to a public official account, then they are assigned to a higher level micro signal. They send 10 yuan red packets to make him your master, pull you into the group, then send you promotional materials, teach you how to pull off the line, then you send 20 yuan red bag to the business opportunities of your superiors, you can rise to 2 levels, then send 30 yuan red packets to the superiors' superiors, then rise to 3 levels. Give 40 yuan red packet to the superior of the superior, upgrade to level 4 Finally, you get to level 7, and then you can make money. How can you make money? You go to develop the downline, develop a downline, and he will send you 10 yuan red envelopes  

So their hierarchy is like this:

Soon we'll get rid of this group of wechat red packet scams! I got a lot of information, including all databases, member address books, etc., and then I made a statistics on this project:

For four months, 150000 people were cheated, with a per capita amount of 150 yuan and a total amount of 22 million.  

Please note that in this case, the amount of fraud per capita is only 150 yuan. If you are the victim, will you go to the police? Even if we go to the police, what will the police do? But the total amount involved in the case is very large, especially when only two people divide up, because there are really only two behind the scenes operators.  

A wechat business, a programmer.  

Among them, this wechat business has more than 57000 direct downlines, each of which is at level 7. These 57000 people, each of whom gives him 70 yuan, can directly make more than 3.5 million profits from this level alone.  

When I use the data hierarchy analysis software to show the hierarchy of the project population, even though I have been zooming in at first, the result is still like this: there are too many people:


So I drew 2000 pieces of data and made such a sampling data graph, which is shown in two forms as follows:

From the inside to the outside, from the left to the right, everyone in the big circle has a complicated relationship. By pulling the line, these people have made money. A simple person like me has not made money, just an isolated point.

0x03 "real" investment group

Finally, another case that I'd like to share with you is that of using wechat to commit fraud, but it's more direct. After the last wechat red envelope incident, I found another new project, which seems to be an investment project.  

The other side claims that JVP company is an Israeli investment company. I went to Baidu immediately. As a result, there is not only such a company, but also a company specializing in network security enterprises.

The other side told me that if the JVP can pay dividends every day after its investment, then he constantly stressed that the JVP company has a cooperative relationship with Alibaba, 360 and Shengjing company. I pretended that I wanted to try it, and then I sent him 136 yuan and the registration information (the name and mobile phone number are randomly filled in), so I received a static income statement.  

According to the table, in one cycle, I can earn more than 410 yuan, and then I can develop offline, and I can earn more than 60 yuan by sending two offline.  

After investigating this group, I found that if there is an Israeli investment company like JVP, it does invest in a lot of network security companies, but I noticed that the wechat MLM person gave me the website of, but the real website is, So this wechat MLM group is trying to copy a real enterprise, or take advantage of its reputation to do something bad outside.  

The situation of this project is as follows:

All the running streams are wechat red envelopes. There are more than 40000 members in total, with a per capita of 1088 yuan. The total amount involved is 43 million yuan, lasting for three months, with two main members.

A wechat business, a programmer.  

You may think, eh, how is the combination of wechat + programmers? Let's not laugh. I don't think wechat business and programmer combination are suitable to do such a thing, but wechat business can only do such "big things" with programmer combination.  

The main content I share today is to let you discover and understand such a new type of scam through these unique cases, and then study together how to crack it down. Although such "non mainstream" scam is not as large as the amount involved in a traditional scam, and the amount involved in a single scam is not high, the number of people who are cheated is also very large, and the total amount involved is the same as the total amount involved in a case It's very high. It's also worth your attention.

Finally, I again appeal to more people to join our anti Telecom fraud team and fight against these endless new types of fraud!

Edit / thank you (wechat ID: dexter0)


"Pay attention to us as soon as you like"


The official account of Lei Feng's industry is reported.

Focus on cutting-edge technology and tell the story behind hackers.

Long press the QR code below and identify the concern