Who Scams The Scammers? Meet the Scambaiters

Police struggle to catch online fraudsters, often operating from overseas, but now a new breed of amateurs are taking matters into their own hands.

Three to four days a week, for one or two hours at a time, Rosie Okumura, 35, telephones thieves and messes with their minds. For the past two years, the LA-based voice actor has run a sort of reverse call centre, deliberately ringing the people most of us hang up on – scammers who pose as tax agencies or tech-support companies or inform you that you’ve recently been in a car accident you somehow don’t recall. When Okumura gets a scammer on the line, she will pretend to be an old lady, or a six-year-old girl, or do an uncanny impression of Apple’s virtual assistant Siri.

Once, she successfully fooled a fake customer service representative into believing that she was Britney Spears. “I waste their time,” she explains, “and now they’re not stealing from someone’s grandma.” Okumura is a “scambaiter” – a type of vigilante who disrupts, exposes or even scams the world’s scammers. While scambaiting has a troubled 20-year online history, with early forum users employing extreme, often racist, humiliation tactics, a new breed of scambaiters are taking over TikTok and YouTube. Okumura has more than 1.5 million followers across both video platforms, where she likes to keep things “funny and light”.

In April, the then junior health minister Lord Bethell tweeted about a “massive sudden increase” in spam calls, while a month earlier the consumer group Which? found that phone and text fraud was up 83% during the pandemic. In May, Ofcom warned that scammers are increasingly able to “spoof” legitimate telephone numbers, meaning they can make it look as though they really are calling from your bank. In this environment, scambaiters seem like superheroes – but is the story that simple? What motivates people like Okumura? How helpful is their vigilantism? And has a scambaiter ever made a scammer have a change of heart?

Batman became Batman to avenge the death of his parents; Okumura became a scambaiter after her mum was scammed out of $500. In her 60s and living alone, her mother saw a strange pop-up on her computer one day in 2019. It was emblazoned with the Windows logo and said she had a virus; there was also a number to call to get the virus removed. “And so she called and they told her, ‘You’ve got this virus, why don’t we connect to your computer and have a look.” Okumura’s mother granted the scammer remote access to her computer, meaning they could see all of her files. She paid them $500 to “remove the virus” and they also stole personal details, including her social security number.

Thankfully, the bank was able to stop the money leaving her mother’s account, but Okumura wanted more than just a refund. She asked her mum to give her the number she’d called and called it herself, spending an hour and 45 minutes wasting the scammer’s time. “My computer’s giving me the worst vibes,” she began in Kim Kardashian’s voice. “Are you in front of your computer right now?” asked the scammer. “Yeah, well it’s in front of me, is that… that’s like the same thing?” Okumura put the video on YouTube and since then has made over 200 more videos, through which she earns regular advertising revenue (she also takes sponsorships directly from companies).

“A lot of it is entertainment – it’s funny, it’s fun to do, it makes people happy,” she says when asked why she scambaits. “But I also get a few emails a day saying, ‘Oh, thank you so much, if it weren’t for that video, I would’ve lost $1,500.’” Okumura isn’t naive – she knows she can’t stop people scamming, but she hopes to stop people falling for scams. “I think just educating people and preventing it from happening in the first place is easier than trying to get all the scammers put in jail.”

She has a point – in October 2020, the UK’s national fraud hotline, run by City of London Police-affiliated Action Fraud, was labelled “not fit for purpose” after a report by Birmingham City University. An earlier undercover investigation by the Times found that as few as one in 50 fraud reports leads to a suspect being caught, with Action Fraud frequently abandoning cases. Throughout the pandemic, there has been a proliferation of text-based scams asking people to pay delivery fees for nonexistent parcels – one victim lost £80,000 after filling in their details to pay for the “delivery”. (To report a spam text, forward it to 7726.)

Asked whether vigilante scambaiters help or hinder the fight against fraud, an Action Fraud spokesperson skirted the issue. “It is important people who are approached by fraudsters use the correct reporting channels to assist police and other law enforcement agencies with gathering vital intelligence,” they said via email. “Word of mouth can be very helpful in terms of protecting people from fraud, so we would always encourage you to tell your friends and family about any scams you know to be circulating.”

Indeed, some scambaiters do report scammers to the police as part of their operation. Jim Browning is the alias of a Northern Irish YouTuber with nearly 3.5 million subscribers who has been posting scambaiting videos for the past seven years. Browning regularly gets access to scammers’ computers and has even managed to hack into the CCTV footage of call centres in order to identify individuals. He then passes this information to the “relevant authorities” including the police, money-processing firms and internet service providers.

“I wouldn’t call myself a vigilante, but I do enough to say, ‘This is who is running the scam,’ and I pass it on to the right authorities.” He adds that there have only been two instances where he’s seen a scammer get arrested. Earlier this year, he worked with BBC’s Panorama to investigate an Indian call centre – as a result, the centre was raided by local police and the owner was taken into custody.

Browning says becoming a YouTuber was “accidental”. He originally started uploading his footage so he could send links to the authorities as evidence, but then viewers came flooding in. “Unfortunately, YouTube tends to attract a younger audience and the people I’d really love to see looking at videos would be older folks,” he says. As only 10% of Browning’s audience are over 60, he collaborates with the American Association of Retired People to raise awareness of scams in its official magazine. “I deliberately work with them so I can get the message a little bit further afield.”

Still, that doesn’t mean Browning isn’t an entertainer. In his most popular upload, with 40m views, he calmly calls scammers by their real names. “You’ve gone very quiet for some strange reason,” Browning says in the middle of a call, “Are you going to report this to Archit?” The spooked scammer hangs up. One comment on the video – with more than 1,800 likes – describes getting “literal chills”.

But while YouTube’s biggest and most boisterous stars earn millions, Browning regularly finds his videos demonetised by the platform – YouTube’s guidelines are broad, with one clause reading “content that may upset, disgust or shock viewers may not be suitable for advertising”. As such, Browning still also has a full-time job.

YouTube isn’t alone in expressing reservations about scambaiting. Jack Whittaker is a PhD candidate in criminology at the University of Surrey who recently wrote a paper on scambaiting. He explains that many scambaiters are looking for community, others are disgruntled at police inaction, while some are simply bored. He is troubled by the “humiliation tactics” employed by some scambaiters, as well as the underlying “eye for an eye” mentality.

“I’m someone who quite firmly believes that we should live in a system where there’s a rule of law,” Whittaker says. For scambaiting to have credibility, he believes baiters must move past unethical and illegal actions, such as hacking into a scammer’s computer and deleting all their files (one YouTube video entitled “Scammer Rages When I Delete His Files!” has more than 14m views). Whittaker is also troubled by racism in the community, as an overcrowded job market has led to a rise in scam call centres in India. Browning says he has to remove racist comments under his videos.

“I think scambaiters have all the right skills to do some real good in the world. However, they’re directionless,” Whittaker says. “I think there has to be some soul- searching in terms of how we can better utilise volunteers within the policing system as a whole.”

At least one former scambaiter agrees with Whittaker. Edward is an American software engineer who engaged in an infamous bait on the world’s largest scambaiting forum in the early 2000s. Together with some online friends, Edward managed to convince a scammer named Omar that he had been offered a lucrative job. Omar paid for a 600-mile flight to Lagos only to end up stranded.

“He was calling us because he had no money. He had no idea how to get back home. He was crying,” Edward explains. “And I mean, I don’t know if I believe him or not, but that was the one where I was like, ‘Ah, maybe I’m taking things a little too far.’” Edward stopped scambaiting after that – he’d taken it up when stationed in a remote location while in the military. He describes spending four or five hours a day scambaiting: it was a “part-time job” that gave him “a sense of community and friendship”.

“I mean, there’s a reason I asked to remain anonymous, right?” Edward says when asked about his actions now. “I’m kind of embarrassed for myself. There’s a moment where it’s like, ‘Oh, was I being the bad guy?’” Now, Edward doesn’t approve of vigilantism and says the onus is on tech platforms to root out scams.

Yet while the public continue to feel powerless in the face of increasingly sophisticated scams (this summer, Browning himself fell for an email scam which resulted in his YouTube channel being temporarily deleted), But scambaiting likely isn’t going anywhere. Cassandra Raposo, 23, from Ontario began scambaiting during the first lockdown in 2020. Since then, one of her TikTok videos has been viewed 1.5m times. She has told scammers her name is Nancy Drew, given them the address of a police station when asked for her personal details, and repeatedly played dumb to frustrate them.

“I believe the police and tech companies need to do more to prevent and stop these scams, but I understand it’s difficult,” says Raposo, who argues that the authorities and scambaiters should work together. She hopes her videos will encourage young people to talk to their grandparents about the tactics scammers employ and, like Browning, has received grateful emails from potential victims who’ve avoided scams thanks to her content. “My videos are making a small but important difference out there,” she says. “As long as they call me, I’ll keep answering.”

For Okumura, education and prevention remain key, but she’s also had a hand in helping a scammer change heart. “I’ve become friends with a student in school. He stopped scamming and explained why he got into it. The country he lives in doesn’t have a lot of jobs, that’s the norm out there.” The scammer told Okumura he was under the impression that, “Americans are all rich and stupid and selfish,” and that stealing from them ultimately didn’t impact their lives. (Browning is more sceptical – while remotely accessing scammers’ computers, he’s seen many of them browsing for the latest iPhone online.)

“At the end of the day, some people are just desperate,” Okumura says. “Some of them really are jerks and don’t care… and that’s why I keep things funny and light. The worst thing I’ve done is waste their time.”

By:

Source: Who scams the scammers? Meet the scambaiters | Cybercrime | The Guardian

.

Related Contents:

Cyberthreats: The Emerging Fault Lines of the Nation State. Oxford University Press.

ISBN9780190452568. Fisher, Bonnie S.; Lab, Steven (2010). Encyclopedia of Victimology and Crime Prevention. Thousand Oaks, CA: SAGE Publications. p. 493.

ISBN9781412960472. “FBI 2017 Internet Crime Report” (PDF). FBI.gov. Federal Bureau of Investigation. May 7, 2018. Retrieved 28 August 2018.

“The Economic Impact of Cybercrime— No Slowing Down” (PDF). McAfee. 2018. Retrieved October 24, 2018. Goel, Rajeev K. (2020).

“Uncharitable Acts in Charity: Socioeconomic Drivers of Charity-Related Fraud”. Social Science Quarterly. 101 (4): 1397–1412. doi:10.1111/ssqu.12794. ISSN1540-6237. Burke, Cathy.

“L.I. charity chief convicted of embezzling nearly $1 million meant for disabled”. nydailynews.com. Retrieved 2021-04-22.

“Charitable Contributions: For use in preparing 2016 Returns” (PDF). “Scam Watch – Nigerian Scams”. Scam Watch – Australian Government. 12 May 2016. Jamie Doward (2008-03-09).

“How boom in rogue ticket websites fleeces Britons”. The Observer. London. Retrieved 9 March 2008.

“USOC and IOC file lawsuit against fraudulent ticket seller”. Sports City. Retrieved 1 August 2008. Jacquelin Magnay (4 August 2008).

“Ticket swindle leaves trail of losers”. The Sydney Morning Herald. Kelly Burke (6 August 2008). “British fraud ran Beijing ticket scam”. The Sydney Morning Herald. Francis, Ryan (2017-05-11).

“What not to get Mom for Mother’s Day”. CSO from IDG. Retrieved 2017-11-28. Hew, Khe Foon (March 2011). “Students’ and teachers’ use of Facebook”. Computers in Human Behavior. 27 (2): 662–676. doi:10.1016/j.chb.2010.11.020. Kugler, Logan (27 October 2014). “Keeping online reviews honest”. Communications of the ACM. 57 (11): 20–23. doi:10.1145/2667111. S2CID11898299. Wilson, Brian (Mar 2017). “Using Social Media to Fight Fraud”. Risk Management. New York. 64 (2): 10–11.

ProQuest1881388527. “Woman loses £320,000 in ‘romance fraud’ scam”. BBC News. Retrieved 20 October 2020. Tom Zeller Jr (April 26, 2005).

“A Common Currency for Online Fraud: Forgers of U.S. Postal Money Orders Grow”. New York Times.

“Counterfeit Money Orders: The Ultimate Guide”. Fraud Guides. 2017-09-07. Retrieved 2021-04-22.

“CyberCops.com – Counterfeit Postal Money Orders”. http://www.cybercops.com. Retrieved 23 May 2017.

“Online Shopping Scams / Scams and Fraud / Consumer Resources / Home – Florida Department of Agriculture & Consumer Services

Apple Suddenly Catches TikTok Secretly Spying On Millions Of iPhone Users

1

As I reported on June 23, Apple has fixed a serious problem in iOS 14, due in the fall, where apps can secretly access the clipboard on users’ devices. Once the new OS is released, users will be warned whenever an app reads the last thing copied to the clipboard. As I warned earlier this year, this is more than a theoretical risk for users, with countless apps already caught abusing their privacy in this way.

Worryingly, one of the apps caught snooping by security researchers Talal Haj Bakry and Tommy Mysk was China’s TikTok. Given other security concerns raised about the app, as well as broader worries given its Chinese origins, this became a headline issue. At the time, TikTok owner Bytedance told me the problem related to the use of an outdated Google advertising SDK that was being replaced.Well, maybe not.

With the release of the new clipboard warning in the beta version of iOS 14, now with developers, TikTok seems to have been caught abusing the clipboard in a quite extraordinary way. So it seems that TikTok didn’t stop this invasive practice back in April as promised after all.

According to TikTok, the issue is now “triggered by a feature designed to identify repetitive, spammy behavior,” and has told me that it has “already submitted an updated version of the app to the App Store removing the anti-spam feature to eliminate any potential confusion.” In other words: We’ve been caught doing something we shouldn’t, we’ve rushed out a fix.

TikTok also told me that the platform “is committed to protecting users’ privacy and being transparent about how our app works.” No comment on that one. TikTok added that it “looks forward to welcoming outside experts to our Transparency Center later this year.”

According to TikTok, the issue is now “triggered by a feature designed to identify repetitive, spammy behavior,” and has told me that it has “already submitted an updated version of the app to the App Store removing the anti-spam feature to eliminate any potential confusion.” In other words: We’ve been caught doing something we shouldn’t, we’ve rushed out a fix.

728x90

TikTok also told me that the platform “is committed to protecting users’ privacy and being transparent about how our app works.” No comment on that one. TikTok added that it “looks forward to welcoming outside experts to our Transparency Center later this year.”

When I covered the original TikTok clipboard issue, the company was adamant it was not their problem and related to an outdated library in their app. “The clipboard access issues,” a spokesperson told me, “showed up due to third-party SDKs, in our case an older version Google Ads SDK, so we do not get access to the information through this (presumably they do but we cannot speak to that). We are in the processes of updating so that the third-party SDK will no longer have access.”

TikTok assured me it was being fixed and questioned coverage that suggested this was an issue. “It’s a Google Ads SDK issue,” they assured again in a later email, “so we need to make the change in which version of that SDK we use. TikTok does not get access to the data, but we are updating regardless to resolve it.”

Now Apple’s welcome iOS 14 security and privacy changes have caught them red-handed still doing something they shouldn’t. Something they said was fixed. TikTok isn’t alone—other apps will now need to change deliberate or inadvertent clipboard access. But TikTok is the highest profile and most totemic of the apps caught out, given its prior coverage and wider issues.

The most acute issue with this vulnerability is Apple’s universal clipboard functionality, which means that anything I copy on my Mac or iPad can be read by my iPhone, and vice versa. So, if TikTok is active on your phone while you work, the app can basically read anything and everything you copy on another device: Passwords, work documents, sensitive emails, financial information. Anything.

Earlier in the year, when TikTok was first exposed, the security researchers acknowledged that there was no way to tell what the app might be doing with user data, and its abuse was lost in the mix of many others. Now it’s feeling different. iOS users can relax, knowing that Apple’s latest safeguard will force TikTok to make the change, which in itself shows how critical a fix this has been. For Android users, though, there is no word yet as to whether this is an issue for them as well.

“Apple dismissed the risks that we highlighted and explained that iOS already had mechanisms to counter all of the risks,” the researchers told me earlier this week. “But the mechanisms that Apple provided were not effective to protect user privacy.” Following their initial report, they explained, “there was a tremendous public interaction with the topic—not only iOS users, but also Android users demand more restriction and transparency about the apps that use the system-wide clipboard.”

Apple originally dismissed the clipboard vulnerability as an issue, and only provided a fix after significant media coverage of the security research. This latest news shows just how important a fix that will be.

All iPhone users should update to the latest version of TikTok as soon as it’s released—and given it is actively reading your clipboard, you might want to bear that in mind while using the app ahead of that update.

Follow me on Twitter or LinkedIn.

I am the Founder/CEO of Digital Barriers—developing advanced surveillance solutions for defence, national security and counter-terrorism. I write about the intersection

Source: https://www.forbes.com

Senators call for a security probe into TikTok and Trevor takes issue with a new version of the “Alphabet Song”.
Subscribe to Comedy Central UK: http://bit.ly/1gaKaZO
Check out the Comedy Central UK website: http://bit.ly/1iBXF6j
Get social with Comedy Central UK: Twitter: https://twitter.com/ComedyCentralUK Facebook: https://www.facebook.com/comedycentraluk

List Janitor Demo – How To Clean Up Your Spam Emails


List Janitor is a powerful desktop software that help you clean your list on your desktop computer itself. You won’t have to pay a hefty fees to get your lis…
http://bit.ly/2qriJXr

%d bloggers like this: