Baiting: Misrepresenting something as something that it’s not. Scam Baiting: The act of deliberately engaging with a scammer by pretending to be a potential victim.
A Historical Background of Scam Baiting
Scam baiting started in the early 2000’s as a form of internet vigilantism when it became clear that the rules governing the Internet were not enough to protect the users from abuse by bad actors. Activities such as 419 scams were made off as less serious by the authorities. In certain jurisdictions we would see the authorities even blaming the victims.
Scam baiters, ordinary users, started interacting with scammers. The reasons these users chose to do so varied;
to waste scammers’ time, hopefully to tie a scammer up to not target other Internet users,
as a fun activity attempting to get scammers to do funny things,
gaming scam baiting for points based upon what the scammer would do, and/or
gathering information used to undermine scammers.
While some of these activities where not harmful as such, others were gamed to the extreme. It also evolved to activities that sometimes involved innocent third parties.
Most of the larger scam baiting communities developed some form of ethics, not allowing members to do certain things. Other groups had no restrictions.
Cash baiting also made an appearance. The idea was to get a scammer to send the scam baiter cash or like. However, the reality was that scammers would simply get another victim to send the baiter the money, the money was never the scammer’s own money.
The other negative effects of irresponsible scam baiting became clear, scammers became aware of scam baiting groups, learnt from it and would later deploy the very same tactics against victims as which were deployed against them. Where a scammer would be ridiculed for a mistake he made, scammers learnt to scam better.
Scammers were evolving; their scams were always getting more sophisticated.
Scam Baiting Evolution
Thankfully the scam baiting community evolved as well.
What initially started as online vigilantism with vague rules, developed in two major groups with the more toxic elements ostracized from the baiting communities:
people interacting with scammers for fun, some monetizing their interactions in public appearances, streaming platforms and forums - usually under the label "scamming the scammers";
ethical baiters, interacting with scammers to gather evidence of the fraud, showing how various made-up stories are used to defraud and expose their interaction with the hope of warning potential victims.
For ethical baiters, interacting with scammers can happen only if that interaction can be used by the authorities investigating online fraud and use the fruits of a bait in a court.
This sets the rules of engagement for an interaction with a scammer, an ethical baiter will never use anything illegal such a malware against the scammer. Another principle is that no attempts are made to get the scammer to do something they would not have normally done, something which might be seen as entrapment. Likewise not anything that might be frowned upon in court.
A scammer may break the law, an ethical baiter cannot.
Further, the interaction would leave the scammer with nothing that could be weaponized against potential future victims. Ideally the scammer would not even realize he had an interaction with a scam baiter. From a scammer’s perspective, the baiter was merely a victim that got lucky and got away.
It should be noted that the showmanship aspect of scam baiting will always attract new users attempting scam baiting. However, the risk exists that such users can do silly things, thereby exposing themselves to online threats in ways they don’t even understand perhaps endanger themselves or their families. We need to remember the “opposition” are criminals and baiters spoil their business. Additionally a novice baiter may face legal liability for doing something illegal. It’s for these reasons potential baiters are always encouraged to join a reputable scam baiting group willing to train a scam baiter in ethical baiting.
Scam Baiting Intelligence
In the shadow of the second scam baiting group, a third group evolved, researching and collating the intelligence gathered during the interaction with scammers. It is important that evidence gathered in ethical bait be preserved and used in positive ways.
This involved analyzing online fraud;
Fraudulent domain names and other DNS infrastructure,
phone numbers,
email addresses,
stolen pictures / fake documents used in fraud,
bank accounts / other mechanisms used for money laundering purposes and
new trends.
The scammer needs to have an online presence on social media, trading platforms, dating sites or actively advertising their fraudulent offers online. This can be done by spamming their scam format to harvested or purchased emails, by establishing a contact on any type of online media, advertising their bogus offers online on classifieds advertisements, websites or even by spamming the comments areas of media articles and forums. Scammers are also not adverse to even paying for Google ads to promote a fraudulent website.
In essence, the scammers will set the stage to lure in potential victims. Recognition is key and it’s upon the lures that scam baiter will react.
The baiter will pose as an innocent victim, pretending to be buying into the fraudster’s made-up scam plot and going step by step through the scenario the fraudster prepared for stealing the potential victim's money, or getting the victims' personal information (identity documents, bank accounts, address, phone numbers).
For this type of interaction, the ethical baiter will create a pseudo persona not associated in any way with their real identity. This is essential to protect the baiter as mentioned earlier. This pseudo persona will not use a real party’s personal information, nor any pictures of a real person.
Due to the profuse number of scammers, an ethical baiter will be spoilt for choice as to which scammer he will bait. Scam target selection will typically be based upon scam types, places where victims are targeted and scammed or whatever type of activity the scam baiter finds necessary to infiltrate.
Based on the different types of scams perpetrated by the fraudsters, the baiter will refine his reaction with every interaction, all with the goal of obtaining the maximum of usable details as possible: links to the fraudulent domain names used in fraud, scam formats (defined as scripts), phone numbers, stolen pictures, fake documents and receivers of the money the scammers is asking for.
Ethical baiters exposing fraudsters will partially publicly expose their interaction with the fraudster in an attempt at protecting the general public. Such information will include all the identifiers the fraudster used in their fraud attempt;
messages received,
phone numbers used,
email addresses used,
water-marked stolen pictures and fake documents,
websites used,
fake personas used by the fraudsters.
When possible, the public exposure will also include explanations on what really happens during the scam and how the fraudster manipulates the victim. Exposing fraud attempts is done with the main goal of not educating the fraudsters on how they are identified, nor mentioning what they could have done differently to be more successful.
The goal is striking a balance between maximizing the public alert and educational value while not further empowering the fraudster.
The evidence and intelligence obtained this way is shared with law enforcement and financial sector able to investigate and prosecute the fraud. An example of this would be the July 2020 Purple Notice Interpol published on Non-Delivery Fraud.
The infrastructure used in a fraud (fake websites, fake documents, phone numbers etc) will be further researched, with the goal of establishing the entire network used by a group of fraudsters. It’s not uncommon to expose vast networks of interconnected domains that can be read like plots in a scam script, allowing knowledgeable folks to predict what to expect.
This information may also be shared with law enforcement and ITSec. In turn law enforcement may use this information for alerts:
The malicious domain names under fraudster control are recorded along with all the pertinent details in the Artists Against 419 database, available online for anyone searching for a domain name or identifiers such as a telephone associated with the scam website. When possible, the entry in the database will have a link to the place where the fraud attempt was initially exposed. Additionally, the database serves as a repository of cybercrime that may only be used much later for arrests.
Darlington Ndukwu would be an example:
… documented as project “AsYouWishDarling”:
Ironically, Darlington was previously arrested in Operation WireWire, but had to be released due to lacking evidence. However by pooling resources in the ITSec community, using a novel approach investigating the infrastructure rather than the money trail, it was possible to supply information that led to the re-arrest of Darlington in Operation Falcon II:
Previous arrests have done little to deter criminals from getting right back into BEC scams. For instance, Darlington Ndukwu, an individual who Palo Alto Networks helped arrest as part of Operation Falcon II, was previously arrested in 2018 as part of an FBI operation called WireWire. He has continued to operate as part of the SilverTerrier operation since then, suggesting the initial prosecution was ineffective, Palo Alto Networks said.
Publishing select details about scam domains and websites also works extremely well as a consumer alert and it’s not uncommon to receive thanks from the public. Sometimes a member of the public will reach out upon researching a unique detail such as a telephone number or address in what they believe to be a scam someone is trying to lure them into, find the fraudsters had previously used certain details, then share how they nearly were scammed on a new website using the same details that were used previously. This in turn serves as a secondary source of further intelligence that can be researched and further used directly or for target selection in a baiting.
Conclusion
Baiting plays an extremely vital role in the fight against fraud.
There are certain dangers involved if the wrong type of baiter does baiting for the wrong reasons. One such type of baiter would be somebody attracted to it for the glory, where the glory is the ultimate goal.
However, baiting as a tool in the hands of an ethical scam baiter, delivers vital intelligence that fulfils an extremely important role in consumer alerts and education. Further it identifies money laundering channels to mitigate and as leads for law enforcement to use for arrests.
Comments