Everything you need to know about scambaiting

What is scambaiting?

Scambaiting, or scam baiting, is a tactic used by vigilantes to target people who run scams. The process of scambaiting involves baiting a fraudster into engaging with the scambaiter, who then wastes the scammer’s time, exposes their personal information, or even targets them with cyberattacks.

Scambaiting has become a source of online entertainment. YouTubers and Twitch streamers now record interactions with scammers and gain millions of views.

How does scambaiting work?

A variety of scambaiting strategies can be used to snare scammers. The most common methods are telephone, online calls, and email. Telephone and online calls are typically the most effective.

When someone wants to bait a scammer, the first step is to make contact. In most cases, the person launching the operation has to approach the fraudster. Phone numbers and email addresses associated with scams are regularly posted to online databases, so it’s not hard to get in touch with a scammer.

Once the scambaiter has made contact, the most common strategy is to try and waste as much of the criminal’s time as possible. If a fraudster thinks they can extract a large sum of money from a victim, they may devote many hours to one potential victim. The sport of scambaiting is to draw the process out, frustrating the scammer and using up time they might have spent targeting vulnerable people.

Some more advanced scambaiters use hacking techniques to infect the scammer’s devices with malware or steal their information and money.

Common scams targeted by scambaiters

Any online scam could be the focus of a scambaiting sting, but some common examples include tech support scams, fake prizes, and romance frauds.

In tech support scams, the attacker contacts a victim and claims to be offering support for a problem on their device. Usually via a phone conversation, they convince the target to carry out actions on their computer or phone that result in the attacker gaining access to the device (a malware download, for example). Likewise, fake prize scams work by convincing a victim to visit a webpage and claim a prize. Once on the page, their device can be infected and the real attack begins.

Romance scams are particularly insidious, involving the attacker establishing a long-distance romantic relationship with the victim. They can then convince their victim to transfer money to them, usually to help with some fabricated emergency.

All three of these scams make excellent targets for baiting because the perpetrators are likely to spend some time and effort reeling their potential victims in.

Scambaiting: an internet phenomenon

Why is scambaiting so popular now? While scams are not new, internet fraud is at an all-time high, and scambaiting is an activity that is largely performed online. You’ve always had the possibility of wasting a crank caller’s time in private, but with Twitch and YouTube, you can now do so for the entertainment of millions.

In recent years, a genre of online content has emerged based on scambaiting, with popular scambaiters racking up huge viewing numbers for their videos and streams.

Popular scambaiters and their strategies

Among the internet’s most well-known scambaiters are Kitboga, Jim Browning, ScammerRevolts, and Scambaiter, also known as Ansar Hamed. How do these scambaiters outsmart scammers? Each has their own unique style.

For example, Jim Browning hacks call centers known to launch phone scams. He gains access to both their computers and their CCTV cameras, allowing viewers to see the scammers reacting to his attacks in real-time.

Kitboga, on the other hand, focuses on long, drawn-out phone calls with scammers in which he uses voice modulation software to take on the role of an elderly woman, dragging some interactions out across ten hours or more.

The entertainment factor

While scambaiting can be seen as a form of social activism, it’s also a source of online entertainment for millions of people. The entertainment factor is arguably the reason the practice takes place at all, since most individuals don’t have time to spend baiting scam artists.

Scambaiting is entertaining to audiences because people often feel helpless against the archetypal anonymous scammer, who targets people from a remote location. The viewer can gain catharsis seeing a fraudster being frustrated and even suffering the same kinds of financial losses that they inflict on their usual victims.

Popular scambaiters also make their performances entertaining, offering ongoing commentary and humorous asides to explain the strategies they are using against the scammers. As a result, some streamers are now making sizable incomes from their work as scambaiters. While that might all sound positive, it’s worth noting that the practice does have some downsides.

The downsides of scambaiting

Scambaiting may seem like a completely positive activity — it’s not easy to be sympathetic towards the victims of the practice — but there are some potential downsides and ethical issues to be explored.

Does scambaiting hurt or help vulnerable people?

Though scambaiting can cause trouble for scam artists, wasting their time or exposing their personal data, it does little to protect people from fraud and other attacks. Tens of millions of individuals fall victim to scammers every year, and for every fraudulent caller who is disrupted by an online vigilante, thousands more are active.

Scambaiting also has the potential to expose the data of vulnerable people who have been pressured into taking scammer jobs, or who have entered this line of work out of financial desperation. It’s very hard to assess the culpability of the people being exposed on channels like Jim Browning and Scambaiter.

Ultimately, scambaiting is probably a net positive, in that it raises online awareness about scams and can occasionally cause major disruption to scammer operations. Jim Browning’s scambaiting work has even resulted in the police raiding the offices of scammers.

Legal and safety considerations

Scambaiters themselves run some risks by engaging in this activity. Firstly, from a legal standpoint, they often end up recording and streaming themselves committing crimes. While they might be targeting criminals, counter-hacking tactics used against scammers could still put scambaiters in legal jeopardy.

Is it legal to scambait? If you engage in illegal behavior like hacking, spreading malware, and attempting to gain authorized access to a device, you are taking illegal actions in most countries. While scambaiters are targeting criminals, that doesn’t mean their own behavior isn’t criminal too.

Another risk arises if amateur scambaiters, inspired by the larger players in the space, attempt to get involved without adequate experience and know-how. Scambaiting often involves letting the scammer infect your system with malware, so unless you’re careful and use an appropriately siloed virtual machine, you could accidentally compromise your device.

How to safeguard against scams

Despite the best efforts of the scambaiting community, scams and online threats will persist for the foreseeable future. That’s why it’s important to know how you can spot a scam, and how to protect yourself.

Recognizing common scams

Most scams are ultimately intended to extract money from you. This might be done directly through social engineering and manipulation, or with malware infection.

The moment someone you don’t know online or on a telephone call asks you to send money to them, be on the alert. Even if they claim to represent a legitimate company, that may just be a ruse to cover their true motives.

Look out for these red flags:

• Spelling and grammar errors in emails and texts. Messages from legitimate companies and organizations (banks, government bodies, and so on) will very rarely contain errors, so this could be a sign that the message was not written by a professional.
• Pressure and time limits. Scammers don’t want you to stop and think about what they’re saying, in case you start noticing holes in their story. To try and avoid this, they will often create a sense of urgency, telling you to quickly follow their instructions. If you feel like you’re being rushed by a caller, this could be a red flag.
• Financial requests from strangers. If a stranger online wants you to send them money, it’s usually safe to assume they’re up to no good. Common examples of this scamming method include Nigerian prince scams. Another one is 419 scams. Although “419” is the legal code associated with Nigeria’s laws against online scams, a 419 scam is one in which the scammer offers to give the victim a large sum of money, if they first send them a one-time financial payment.

Reporting scams and raising awareness

Another key part of scam prevention is reporting suspected scammers and raising awareness with others.

If you receive a suspicious phishing email, you might be tempted to just ignore it, and that’s a good idea. Opening it could cause your email address to be inundated with more spam mail. However, taking just one extra step and reporting the email to your email provider can help them filter these messages out for other users as well.

Likewise, if you’re contacted by an online account that you think is run by a scammer (a fake Tinder profile attempting to launch a romance scam, for example), reporting the profile can get it taken down, making everyone safer.

You should also speak with others about the scams you’ve encountered. The more you raise awareness among your friends and family, the less likely they are to fall for similar frauds in the future.

Summary

Scambaiters provide entertainment and satisfaction to viewers, but fraudsters will continue to operate. The best steps you can take to stay safe from scams involve your own personal actions.

To protect yourself against malware infection and digital threats, you may want to invest in a VPN and an antivirus. Using a VPN like NordVPN encrypts your data and hides your IP address, making your online experience safer and more private. You can also opt to use Threat Protection, a suite of tools that can scan downloads for malware and block websites known to contain malicious files.