What is scambaiting?

edit

Scambaiting is about wasting the time and resources of the scammers. Usually most users avoid online scams, but there are still people who fall victim to different scam schemes every day. Sometimes the tables turn and people purposefully engage the scams, while being fully aware of the real scam. (wisegeek) Scams have evolved from simple and easy untargeted email messages to more sophisticated and difficult scams targeted at users of classifieds, dating and other websites. A specific type of scam is described as "advance fee fraud", more often known as "Next of Kin scams" or "419 scams". It is called "advance fee fraud" because the scammer will almost always require an advance payment of some sort in exchange for the money he promised to the victim. It is a scheme of online fraud that not only causes financial loss to individuals and businesses, but also can bring emotional or psychological damage to victims. (Park, Jones, McCoy etc., 2014)

We all have received unsolicited emails offering us a ’get rich quick’ opportunity by just paying an amount of money upfront. Usually users just delete letters like this but scam baiters will not do this. At this moment when the scam baiter receives the letter, the scam baiting starts. Users are fully aware that someone is trying to rip off them. Scambaiters play the roles of victims to purposefully engage the scammers. The main point is to do everything to keep scammers from stealing money from innocent people. (wisegeek)

The scambaiter starts their own game. It is social engineering at its best form because it involves fake stories and a lot of interesting lies to make the scammers believe in them. The scambaiter uses the exact same manipulation on the scammer that scammers use on their victims. Scambaiters' one objective is to waste a scammer's time. Scambaiters try to get information that can be reported and to help the victims. Today there are online communities that deal with scammers. Volunteers are working together to bait the scammers, as well as share their tools and stories. One the most popular sites is 419Eater.com and it has been active since 2003. Scambaiters put in countless hours of their time to pay back the scammers. (Gerard, 2013)

Effects of scambaiting

edit

Scambaiters use a variety of different techniques. Today, this comparatively small but global community wastes scammers' time and resources to gain different effects. Scambaiters gain the scammers trust and hook them for weeks, months or even years. The main effects of scambaiting are (Phisher, 2014) :

  • Bait scammers and tie them up
  • Provide guidance to the public on recognising scams
  • Report scammers
  • Publish scammers information (e.g addresses, phone numbers, e-mails)

Also scambaiters have their own personal motivation to do this and these motives can range from community service and status elevation to revenge for being a victim in the past. Anybody who wants to can be a scambaiter. (Zingerle, 2014)

In one way the scambaiters are not doing anything wrong, but still scambaiting raises some ethical questions. Scambaiting can be viewed as vigilante activism and sometimes scambaiters' motives and mission is not always to do the right thing and support the victims. Some people are doing this for fun and this doesn’t sound very ethical. (wisegeek)

Scambaiting strategies

edit

The strategy of scambaiting is to initiate a trap for the scammer by creating a fake email account untraceable back to the owner and then answer emails sent by scammers. The baiter then pretends to be receptive to the financial hook that the scammer is using.

A popular method to accomplish the first goal is to ask the fraudster to fill an imaginary questionnaire that is very time-consuming. The idea here is that when the fraudster is occupied with the baiter, who had not the slightest intention of becoming a victim of fraud, it prevents the fraudster from cheating actual victims out of their money. The activists can lead fraudsters in long journeys, praise poorly made fake credentials, or teach them idioms in the English language that would cast doubt on the fraud in the eyes of a potential victim.

Baiters can amuse themselves by creating absurd scenarios or getting scammers to humiliate themselves. Baiters can use puns or the names of fictional characters from Western popular culture for their fake names, which would appear absurd to fluent English speakers, but would go unnoticed by scammers from a different culture. They could also make a bait follow the storyline of films or TV shows for comedic effect. Moreover, it is known that scammers often adopt fake names that in their own culture would be seen as absurd. On a darker side, baiters could get scammers to take stupid pictures or videos of themselves, which would then be shared in the scambaiting community or with the public.

Baiters can help potential victims by posting the email addresses and formats of scammers on websites dedicated to exposing scammers, like scamwarners.com. Those who are not interested in scambaiting can help victims by directing them to places where they can get help.

edit

Scambaiting activites can be divided into different categories like:

  1. Straight bait – the most basic method, it is simply emailing a scammer and pretending to be an actual victim
  2. Phone bait – calling scammers or getting scammers to call you
  3. Church bait – getting scammers to join your (fake) church
  4. Safari bait – to get scammers to travel
  5. Art bait – to get scammers to make a piece of artwork
  6. Cash bait - an illegal action to get money from scammers
  7. Freight bait – to pay for shipping something valuable to scambaiter
  8. Ip Baiting - to bait them into clicking on a Ip Tracker ie (grabify)

Allover, there are many strategies that scambaiters use. These are some strategies for scambaiting or other anti-scam work:

  • The Scam Alerts - The formats and email addresses that a scammer is using are posted online to increase awareness a particular scam. If a potential victim enters the email address from a scam email into a search engine, they will find that other people have gotten the same email and identified it as a scam.
  • A “big order” – A scammer pretends to be a company showing a big interest towards products. They will attempt to pay for the products with stolen credit card numbers. Scambaiters can then report these numbers as stolen.
  • The Trophy Hunters – Scambaiters reply to scam e-mails in order to get the scammer to send funny or stupid photos or videos.

involves incredible story-plots, same time scamming the fraudster constantly.

  • Wasting their time – Scambaiters make the scammers waste time, so that they will be less able to deal with regular people.
  • The website reporters – Fake websites can be reported to the host or ISP, so that they can be shut down.
  • The Bank guards – Scambaiters will tell scammers that they are having all kinds of bank related issues. This tactic is used for killing time or lengthening a bait.
  • Bank accounts – Scambaiters target scammers who use bank accounts. They will then report the bank accounts so that they can be shut down.
  • Community driven reporting game - The challenge is to gather as many accounts as possible. For more effect, more than one account can be wheedled out from one scammer.
  • The romance scam seekers – Scambaiters try to trick scammers on dating sites. They gain the scammer's attention and pretend to be in love with them.
  • The Safari Agents – Scambaiters who try to persuade the scammers into leaving their working space and to travel long distances and/or across national borders. An interesting technique is to create a website for a fake hotel business, and then the scammer will waste time searching for it.
  • The inbox divers - This is a social engineering technique. The point is to log into a scammer's email account and warn their victims.

A lot of time and effort is used to fight against scammers. Some of the strategies are more ethical then the others and the different scambaiting strategies shows variation in legality, humiliation and social activism. Scambaiting can be quite entertaining, but at the same time potentially dangerous.

Real life example

edit

One year ago, an anonymous girl from Belarus tried scam baiting the ‘Nigerian letters’. Once she got a letter sent by a quasi attorney of dead millionaire, the Belarusian decided to initiate correspondence with this ‘lawyer’. As always, the scammer offered a collaboration to seize the whole inheritance of the millionaire, which was 13 million US dollars. The millionaire supposedly had the same surname as her. First, scammers sent her a lot of documents and photos to persuade of their reliability. The girl also received from the ‘attorney’ licenses, portraits and photos with the family. It was forgery for sure. In turn, the lawyer asked for analogous guarantees from her side, so she sent fake documents and photos as well. As a general rule, for the successful completion of an operation they need the baiter's real phone number to connect with them. Later the story moved ahead. Scammers have scenarios for verification, where the bank supposedly begins asking the confirmation of blood relationship with the millionaire; for that, the attorney sent different documents to the girl, who forwarded it to the fake bank. After a few operations, the bank ‘confirmed’ the transaction of 13 million dollars on her account, but she had to pay a transaction activation fee in the amount of 1350 dollars. So would have been the culmination.

The girl began composing excuses for not being able to send money (scammers prefer instant payment systems).The bank in Minsk considered payment to Togo ‘undesirable’ and now required ‘verification’, so anybody from the other side needs to send a small sum, for example twenty dollars (This is cashbaiting, and itself illegal.). The plan worked, though. When the girl decided to transfer money, the attorney immediately wrote from another email address and asked her not to send emails to the old address any more, because it was ‘hacked’. But as revealed later, somebody from their gang decided to secretly cut the other gang members out. However, the girl communicated with both 'attorneys', and both lawyers sent 20 bucks to her.

She made a lot of fun of this story. This scheme is very simple, but illegal: you are willing to pay, then plead distrust (bank or wife), and ask them to send a little money in order to get a trust. If scammers expect to earn one thousand dollars or more, they can send you this money due to small risk. It is their own scheme, but inside out. After receiving the money, she wrote a short mocking letter with advice to close their filthy business and become good people instead (This is unwise, as the scammers will become more suspicious of people who act like baiters, and will interact less with baiters.). The scammers fell into a rage and promised death within three days from ‘juju’ (their local equivalent of voodoo). But the girl stayed alive.

Scambaiting Tips, Hints, and Suggestions

edit
  • Prepare your scambaiting persona before you start the scambait (name, address, phone, etc.) - to prevent mistakes.
  • Use a free and fake email account for your scambaiting - Yahoo, Gmail, Hotmail, Live.com, etc.
  • Don't give any real information!!!!
  • Use proxy servers or an email service that masks your IP address.
  • Use k7.net (for messages) or a fake cell phone.
  • Convince a scammer that you are traveling (use Orbitz or Travelocity)
  • Most Scambaiters suggest setting up a "catcher" account to receive scam emails, and a "baiter" account to carry on the bait.
  • Scambait with your eyes wide open - remember, these are criminals!!!

Is scambaiting safe?

edit

Some argue that scambaiting isn’t safe. It is said that it is perfectly safe, if it's done correctly. Still, it is important to remember that these people are criminals and they do not care about the victims. It is necessary to keep all of your real information fully separate from your scambaiting profiles. You should have fake personas and fake information. Experienced baiters are very careful to ensure that no sensitive personal information is inadvertently leaked to their targets.

Interesting Terms in scambaiting

edit
  • Mugu / Lad: A scammer. Mugu means "idiot" in Igbo, a language spoken in Nigeria. Scammers refer to their victims as mugus, but baiters will also refer to scammers as mugus.
  • Burn: Letting a scammer know he was baited. Never recommended, as they will usually learn from this and continue scamming more carefully. Always leave him in the dark.
  • Trophy: Proof that the baiter has wasted the scammer's time / resources. Usually a funny photo or a recorded call.
  • Bucket of Trust / Torch of Trust: Made popular by the owner of a great scambaiting forum that shut down. It consists of getting a scammer to take a photo of himself wearing a bucket on his head while holding a lit torch (usually accompanied by an explanation that a bucket in the head means hard work and the fire means strength, thus the scammer would be proving to the baiter that he was a real businessman). This is difficult to get, since most scammers will find it very weird and back off. (wotlabsforum, 2013).

www.419eater.com

edit

419 Eater is a website where you can find a lot of information about how to scambait. You can find the latest news and information about the scammers. Also, you can find important links and scambaiting tips. 419 Eater has a very active forum.

419 Eater slogan:

  • Does somebody want to transfer millions of dollars into your account?
  • Does someone want to pay you to cash cheques and send them the money?
  • Met a new friend/penpal on a friendship/dating site who's asking you for money?
  • Has a dying person contacted you wanting your help to give his money to charity?
  • Have you sold an item and are asked to accept a payment larger than the item amount?

IT'S A SCAM!

Don't fall for common scams like this - fight them!

Conclusion

edit

The point of scambaiting is to somehow “troll” the scammer. The goal of scambaiting is to try to get information about scammers and waste their time. Scambaiters use different tactics such as baiting, providing public awareness, supporting victims, trying to get the scammers' information or reporting to financial institutions or, rarely, law enforcement.

Baits can be divided into many categories, like phone baits, church baits, safari baits and trophy baits.

An advantage of scambaiting is the social justice and trying to punish the scammers. A risk is that the information that you get from a scammer could be from another innocent person, so the innocent person might be harassed for nothing.

While scambaiting is generally safe, people have to use fake accounts for everything, including a fake phone number, fake address, fake ID and generally only fake information unless there are important reasons not to. There are a lot of communities dedicated to scambaiting, such as 419eater.com or r/scambait on Reddit.

See Also

edit

References

edit