Hi everyone!
Making scam bait calls can be a tricky business. We have a number of different goals, but
the scammers really only have one, get the victims money. So we tread a very fine line
actually going through with the scam (giving them money) and just leading the scammer on.
Obviously, we don't want to give them real money. So we give them all kinds of different
fake banking information. However, if we aren't careful, this can result in very short,
unsuccessful scam calls. These calls waste our time more than scammers, which is definitely
not the goal. So we need to give the scammers fake banking information that is:
- verifiable
- complex
- recoverable
What does it mean for our banking information to be "verifiable"? If it was truly verifiable
it would be real, which we definitely don't want. Most banking information is not strings of
random numbers, but actually carefully constructed identifiers that contain metadata. For
example, MasterCards always begin with the number 5 while American Express cards always
begin with the number 3. So if we give a number that can't pass this first check, the
scammer knows we have given them fake information.
It might seem counterintuitive to be complex, wouldn't we want to make it easy for scammers
to scam us? The problem is that if we make it easy, the scammer will get suspicious we
aren't who we say we are. As an example, suppose the scammer is "helping" us with our
computer's anti-virus. After they finish "helping" us, they then ask for our credit card
information. If we just immediately start prattling off numbers, they might be doubtful. But
if we play the part and go fumbling around for our "credit card", we look more believable.
We can even intentionally misread the information to them, fumble over numbers, or
intentionally give them the expiration date when they three digit CVV. Anything to be
annoying.
One key piece of this is that we have a record of everything we are doing and what we are
giving them. This way, when the scammer asks us to repeat the card information, we can give
them the same number. If we read out the information, and the scammer reads it back to us
intentionally incorrect and we say "yup thats right", then the scammer has realized
we are not giving them real information.
Now that we have given them this information, the last key piece of this is to be an
intelligent idiot. We want to be gullible enough to fall for the scam, but we can't too
gullible. Think of it this way, if someone called you and said "here is my credit card, buy
whatever you want", you would be suspicious. It is the same with scammers, we have to slowly
string them along and let the scammer bring up the subject of payment. This does two things,
for one it makes us seem more credible as a potential victim. And two, it makes the scammer
feel in control. People like to feel in control, particularly when it comes to doing
something illegal. By making the scammer feel in control, we are increasing the likelihood
they will stay on the call with us and lead us to a successful scam call.
Happy scambaiting!
j-braham