Anyone interested in the details of how these scams are pulled off might want to check out "scam baiting" youtube channels like Kitboga [1]. They use a virtual machine and pose as a computer-illiterate person long enough to observe all the techniques. They are also pretty funny sometimes.
I'm astonished by how blatant their techniques are. For example, in the "refund scam", the caller pretends to be offering a refund for some tech support contract. The steps are:
- Get remote desktop access to the victim's PC.
- Tell the victim that they must log into their online banking account to get the refund.
- Use "inspect element" to edit the banking page, making it look like victim got too large of a refund.
- Convince the victim that they can't pay back the difference by another bank transfer, but instead must pay it back in the form of gift cards.
It's outlandish. It goes beyond computer-illiterate victims. The victim needs to have a diminished sense of skepticism, which can come from age-related senility but also cultural unfamiliarity, anxiety, etc.
Unfortunately the comments include a lot of casual racism against Indians, with little awareness of the structural conditions causing these scammers to exist.
>The victim must have severely diminished critical thinking ability for the scam to work.
This is why lists of "elderly owned" phone numbers go for so much on the black/gray market. The cost of running these scams is so low that they spam everyone with their bait, but I suspect the real cash cows are elderly people who have large savings / Social Security checks.
Part of the problem is that it is super difficult to teach a parent or grandparent what inspect element even is without delving deep into Web infrastructure and how browsers work...very complicated, technical explanations. Simplification works to a point, but if you just tell them "don't trust what you see on the screen" they'll ignore actually important warnings, blast through alert boxes faster than they can read them, and when your next lesson includes "look for the green padlock next to each address" they'll just get even more confused since, you know, you just told them not to trust anything.
You don’t need to teach them about inspect element. You just need to teach them today’s basic rule of thumb: if someone contacts you over the phone or Internet asking you to do something, no matter what it is or how serious the person sounds... just don’t do it.
Bank branches mostly exist as an anti-fraud device for mortals.
The lesson is, someone call tell you there IS a problem on the phone, but don't trust ANYTHING else, not even the description of the problem.
The absolute only thing they're allowed to tell you is that you need to visit your banking provider tomorrow, not some other bank but your own bank, with only family, and ask what the actual problem is.
Your suggestion, while well intentioned, does not fully appreciate the scope of the problem as it relates to elderly social engineering and the inherent weaknesses (fear, loneliness, mental deterioration) that are leveraged by attackers.
This. Loneliness is powerful; I suspect that if you're lonely enough, even a scam call conversation has appeal. There are even suggestions that loneliness has physical implications [0].
My father suffers from vascular dementia. He's pretty agreeable these days (a lot more so than he used to be). Fortunately an underlying suspicion of strangers calling to talk about money on the telephone has triumphed thus far, but I do expect that this balance will change over time.
Unfortunately there's a scam for that,apparently. The scam caller tells the victim to call their bank, but doesn't hang up. The victim hangs up, calls the bank, the scammer is still on the line.
If you're concerned about that, wait a minute. I can't find any discussion of the scam online, but I would hazard a guess that this isn't really an attack vector these days.
It happened to an old lady in switzerland recently - she didn't hang up, the scammer just got quiet after saying he would hang up so she could call the police, and then had someone else answer the lady when she assumed she was talking to the police.
..and for those who might not be comfortable trying to find this information on the internet, it's almost always listed on your [credit/debit/atm/etc] card itself.
As mjevans says above, it's fine if they tell you there's a problem, but you should never try to solve that problem over the phone based on a call by a stranger.
Unless you know exactly what you're doing, what you should do in the case of any over-the-phone problem like that, is first contact someone you trust and knows what they're doing. Your own bank, an expert of your choosing (and not chosen by the stranger on the phone), or a knowledgeable friend or family member.
> This is why lists of "elderly owned" phone numbers go for so much on the black/gray market.
My grandmother started developing dementia about three years ago. What is really disturbing, is that the scammers somehow figured it out about a year before her symptoms started really presenting themselves. It eventually got to the point where they were calling and asking for her by name several times a month.
She has a fairly large retirement fund, and I think they may be try to get access to it specifically. I am horrified at how sophisticated these operations have become. When they had her on the phone, they must have asked her lots of questions that they used to make a dossier of her, and have been passing this dossier from scam agency to agency. It is clearly a call center calling her, and I have experimented with them. I ask them to call back, and they asked when would be a good time to call back. And then a different person returns the call, clearly reading from a script and already knowing personal information about her.
One thing I am concerned about is that they are simply pumping her for information, so that they can impersonate her and try to initiate a money transfer directly with the bank.
It is so disturbing that there are people out there who know who my grandmother is, and are trying to take advantage of her.
The YouTuber Kitboga mentioned above got into the scambaiting thing because someone took advantage of his grandmother suffering from dementia. It really is a terribly abusive con, and one can learn a lot about their methods and intents from watching his channel.
Re teaching them inspect element: the scammers use a driver they install to black out the screen “for security” of course so the victim doesn’t actually see what they’re doing. Kitboga and others stop the install but act like it’s blacked out when asked about it.
Really all they need to learn is that gift cards are not payment. Also the sites that allow gift card reselling need to be held a little accountable too. If someone is going on there and listing thousands of dollars of gift cards that should be a huge red flag.
> If someone is going on there and listing thousands of dollars of gift cards that should be a huge red flag.
There are legitimate reasons for doing this. Buying gift cards using a rewards-earning credit card and reselling them online is a great way to rack up airline/hotel points if the gift card can be sold for anything close enough to face value.
> The victim must have severely diminished critical thinking ability for the scam to work.
I don't think that's true. It can happen to immigrants to a country who are entirely unaware of banking/legal/taxing practices, etc. who can be scammed into thinking a call is from a legitimate authority figure and who simply do not have enough cultural familiarity to know which things "don't seem right."
About the racist comments: I have engaged these scammers myself and to a person (usually male) they will shout expletives at me once they realize I have wasted their time and I will not be their next victim.
Interestingly enough they all use the same “insult” that they will have relations with my mother (insert relevant expletives). These people are fraudsters preying on older people and do not deserve pity.
Yes, some (most?) of the scammers are bad people. That doesn't mean you can conclude that all Indians are bad people. Those are the comments I was talking about.
I don't know the specific comments you're talking about, but it should be pointed out that truthful observations such as most of these scammers being indian isn't racist. Nor are warnings that if someone with an indian accent calls you out of the blue, be on your guard.
At the end of the day, not all humans are thieves, but I still attempt to prevent all humans from entering my house.
OK... Your point is that there exist comments that could follow from the racist premise "all Indians are bad people", but are also justifiable by non-racist premises like "most scammers are Indian"? Thanks for explaining logic, I guess.
I work as a care giver was in washroom with a slightly demented client and the phone rang. She asked me to get it as she could not get up quickly. It was of course Microsoft Support. This lady has never owned a computer and I knew right away scam. I said “you piece of shit scum of the earth” and before I could finish he says “oh shit” and hung up on me. Luckily this lady has no access to credit cards or money but if she did she would be the perfect victim. Easy to fool and no way to tell you how it all happened. I normally act highly professional speaking on other people’s phones but in this instance I knew it was for sure a scam and really hoped by showing I knew exactly what they were they would not waste time calling back.
That only works for remote support type calls, you'll get opposite results if you try those tactics with free cruise or fake credit rate adjustment calls.
I finally got one of the credit rate adjustment calls to not immediately hang up on me, kept them on for about 15 minutes.
They incorrectly claimed that I only gave them 15 digits for my credit card number-- I think to make sure I read them the same digits back. Next time I'll make sure to have a fake credit card number handy that passes the checksum.
>>It's outlandish. It goes beyond computer-illiterate victims. The victim must have severely diminished critical thinking ability for the scam to work.
That's the whole point. MS Research actually pointed out that the pitch--full of speeeling mistakes--was designed to attract the less educated /intelligent ones, since smart ones are a waste of time.
Certain types of crimes and scams tend to gravitate into certain demographics. This community is full of drug dealers, that community is rife with protection rackets. This other community tends towards phone scams. There are particular circumstances that have lead certain scams to be rife in Nigeria, and another that have led this sort of scam to operate in India.
It’s not necessarily that Indians generally are more corrupt or venal, it’s just that this is a particular way venality and corruption manifests over there. Other communities manifest their venality and corruption differently, due to different structural reasons. So the simple logic that goes this is bad, predominantly only people from this demographic are doing it, therefore this demographic must be worse than everybody else, is overly simplistic. There are bad people everywhere, they just do different things depending on their circumstances and opportunities.
> The victim must have severely diminished critical thinking ability for the scam to work.
That's oversimplifying, and insulting, and unsupported.
It's more accurate to say more likely scam victims are more likely risk tolerant. As this study puts it, they see "the potential for high benefits as outweighing the risks."
I don't think severely diminished critical thinking ability is too far off the mark. Perhaps it sounds harsh, but the reality is that many elderly people do have diminshed mental capacities. It's how life works. It does not even need a citation because we all know it. I have never heard of a scam that was highly successful of bilking 30-somethings for millions (other than our consumer culture, but that's a different story).
Also, you can watch hundreds of vidoes on Youtube and hear exactly the types of scripts that are used in these scams once a live person is on the line. To anyone running at average mental capacity these are clearly scams, regardless of how computer-literate you are. Also, in TFA, as well as in reality, most scams are against the elderly: https://www.fbi.gov/news/stories/results-of-elder-fraud-swee...
There's a reason for this. It is because all of our mental faculties decrease as we age. That diminished capacity may cause people to be more trusting, but the root cause is diminished capacity. And it is neither oversimplying or insulting, it is real information that can help direct actual solutions.
Many scams, including the example parent gave, trade on fear rather than a fake reward. How does "more risk tolerant" play when the victims are cooperating because they think they will be prosecuted by the IRS or sued if they don't pay up?
If you comply, then you risk losing the money (what if it was a scam?) versus the benefit of avoiding jail.
If you refuse, then you risk jail (what if it was real?) versus the benefit of keeping the money.
If you get a scam IRS call, then refusing is correct. But the risk-tolerant person considers the alternative: the potential for benefits of compliance over the risk of compliance; they might think "Could be a scam... but I'd rather not go to jail!"
If you get a real IRS letter, then complying is correct. But the risk-tolerant person considers refusing and benefit of keeping their money; they might think "Could be a scam... I'm not paying!"
You acknowledge it yourself. There’s “risk” to both complying and ignoring the call.
Anyway, risk tolerance isn’t the right lens to look at this. It’s about knowing whether that’s the way the government would actually issue demands and take payments. That requires some savvy and insight about the world. Some people have it and some people don’t. And relatedly, it’s about being skeptical vs. trusting in general.
This is exactly it. I have received several “your social security number will be cancelled” calls. The caller id is the real social security 800 number. If you didn’t know better and relied on disability or social security benefits, I can imagine that would be pretty frightening.
edited. I don't think greed plays a big role in the refund scam I described because a lot of the victims are on the "mark list" and actually did pay for some tech support contract in the past from another scammer. So it's not fair to say that they are all being greedy trying to accept an erroneous refund offer. But I agree that greed plays a big role in many other common scams.
Can we really not acknowledge that some people are dumb or ignorant and easily taken advantage of? It’s harsh but if you’re not willing to accept that, then you won’t be able to understand the world and make it better.
The GP was, and now I am, objecting to your speaking "brutal truth" and then acting like the brutality of it is a virtue. As if it's courageous to be mean to people. And then talking about being unable to understand the world, it being like sticking your head in the sand, without it! .. It's not 'euphemism' to speak respectfully about people. The point is less brutality, not less truth.
I would never advocate for being mean. There’s no warm and fuzzy way to put it, that some people are taken advantage of because of their low intelligence. I was responding to someone who said that the suggestion was “insulting”.
You simply could have said "easily taken advantage of", omitting the needless offensive words; you were not in a discussion where it was necessary to provide a root cause diagnosis for why people are easily taken advantage of, nor is your diagnosis especially useful, since the overlap between credulousness and low intelligence is significant but not perfect.
More importantly, in that conversational circumstance, why double down on it? Wasn't your point that we should acknowledge fallibility and use it as a policy premise? Why get off track?
In my opinion, we could all use a little more "brutal truth" in our life.
Yes, the words "dumb" and "ignorant" are harsh, but so is truth.
Marcoperaza wouldn't use those words to insult them to their face, and neither would I, but it's important to be able to talk about things honestly.
Next time you get a call, waste their time a little pretending to be slow and then do something to make them angry such as explain that you've been wasting their time and don't approve of their business methods. They'll put you on some uber-mark list as retaliation, and you'll get a couple of dozen calls over the next few days.
>get a couple of dozen calls over the next few days.
For me, it's been years. I've irritated a lot of scammers. I've also a fake bd of 01/23/45 for most of my online life so I fit right into their target group.
> Next time you get a call, waste their time a little pretending to be slow and then do something to make them angry such as explain that you've been wasting their time and don't approve of their business methods. They'll put you on some uber-mark list as retaliation, and you'll get a couple of dozen calls over the next few days.
Iunno, I do this every time and they usually hang up on me quickly.
If they uber-marked me, they'll just waste even more time. But alas it hasn't happened.
It is very low effort to just put the phone down and waste their time until they realise. They are usually so deep into their script that they will talk for minutes.
I was on my way out the door one morning, taking my dog to the vet to have a lump removed.
I was in a bad place.
The phone rang. I knew I shouldn't pick it up, but I was in a bad place.
It was "microsoft", and they needed immediate payment to avoid legal action.
I am a little ashamed of what happened next but I dumped every curse word I could think upon that indian guy. It had nothing to do with him really, but I really let him have it.
Honestly, I feel bad looking back at it.
He may have been wrong, but I was wronger.
He is trying to survive like everyone else.. who the hell am I to sit in the comfy first world and judge?
Nothing to be ashamed of. The person on the other end of the phone was a criminal attempting to defraud you. You could have done much worse than just cursing them out.
> He is trying to survive like everyone else.. who the hell am I to sit in the comfy first world and judge?
This line of reasoning ultimately leads to the conclusion that morals only apply in situations where it’s comfortable and convenient to apply them. Perhaps any particular scammer has been the victim of their own set of injustices (or just as likely, perhaps not), but that in no way excuses their victimisation of others. They’re adults too. Not some poor lowly Indians who had no choice but to defraud the vulnerable.
> He is trying to survive like everyone else.. who the hell am I to sit in the comfy first world and judge?
He doesn't know you from a senile person living in poverty. They'll steal your money regardless of who you are. There's no moral justification for that. They are evil.
This. I used to have long commutes. I really enjoyed getting scam calls during the commutes and seeing how long I could keep them on. It was completely a game. I look at it that the longer I can occupy them the less time they have to take advantage of someone else.
These people are the lowest of the low, they prey on the senile and ignorant, stealing from them regardless of their economic status. There should be no pity. If I can end the conversation making the scammer regret their life decisions, or at least waste their time, it's a win.
He generally plays the part of an old person 100% of the time. Also he has a huge following and fans submit numbers to him, so he generally calls them back
> Do you know what Kitboga and the like do to get themselves targeted by scammers?
From my experience: have a phone number. The real reason that I decommissioned my old landline was that it had become unusable: calls at all hours of the day and night, none of which were wanted and most of which were illegitimate.
> Unfortunately the comments include a lot of casual racism against Indians, with little awareness of the structural conditions causing these scammers to exist.
Thank you for this. It's easy to say "they" when referring to a particular race or group of people that happen to be dealt the cards in life such that they end up doing this.
Sadly those who take on this work are many times themselves in an even worse situation and many put their blinders on when scamming others because there's nothing else or left for them.
Or...it's a relatively easy job with little risk and a good opportunity for upside? If you are sufficiently lacking in morals? Frankly, I consider it just as much 'casual racism' to say "poor Indians, they have no choice but to commit crime because things are so bad where they are"; that's stereotyping too.
I have to deal with way too many of these folks (it's not just from India...Nigeria, Eastern Europe, etc). Let's break this down a bit: we aren't talking about people for whom the only alternative is begging in the street or something. They're literate in English. They've had some education. They're mentally nimble enough to run the scam. They work in an office. And they are deliberately seeking to manipulate and defraud the weakest in society. These are folks with options, not either being a criminal or selling organs to feed themselves.
So perhaps it makes me a bad person, or insufficiently compassionate. Or something. But I've been to Hyderabad and Lagos and a bunch of other places and seen people who really have no options. So I can't quite gin up forgiveness for someone who is targeting the feeble, the more feeble the better, for fraud, and would consider taking everything they had a success.
The same can be said for drug dealers, or mob enforcers, or any number of other jobs that prey on other people. While it may explain why they're doing what they're doing, it doesn't excuse it.
To be clear, I'm talking about the people perpetrating these scams, not any racial group; Indians or otherwise.
Jim Browning is another great channel related to this, in that he does his best to infiltrate the callcenters he gets calls from and find the info needed to alert (or even refund!) the victims:
While Kitboga's scambaits are definitely entertaining and a waste of the scammers' time, Jim seems to be doing the work that a police unit should be doing.
I always wonder if that channel is real or fake. I swear I've heard the same scammer more than once and I don't see why the scammers wouldn't check to see if they're running in a VM as soon as they get remote access.
After watching a few of these, I think many of the scammers are not very tech savvy, but are simply following directions they have been given. Some of them are very easily fooled by Kitboga's tricks.
He's hiding the most obvious signs that it's a virtual machine to some degree. The scammers that in 99% of the cases fail to change a number with the browser developer tools because he added an invisible div on top of his fake bank page are just too incompetent to check for a VM, though some do or at least try to. Kitboga specifically also livestreams on Twitch: https://twitch.tv/kitboga for hours at a time, multiple days a week. I see don't really see a chance that's faked.
another scam involves getting remote access and then setting the windows password so they have to call another number and pay ransom to get in their own pc, the screen saver text is usually to unlock your pc call xxx-xxx-xxxx
About 10 years ago, I was able to get a scammer to run a malicious Java applet. I just insisted that if they really wanted my money, they were going to have to use this fake bank portal I made.
I'm astonished by how blatant their techniques are. For example, in the "refund scam", the caller pretends to be offering a refund for some tech support contract. The steps are:
- Get remote desktop access to the victim's PC.
- Tell the victim that they must log into their online banking account to get the refund.
- Use "inspect element" to edit the banking page, making it look like victim got too large of a refund.
- Convince the victim that they can't pay back the difference by another bank transfer, but instead must pay it back in the form of gift cards.
It's outlandish. It goes beyond computer-illiterate victims. The victim needs to have a diminished sense of skepticism, which can come from age-related senility but also cultural unfamiliarity, anxiety, etc.
Unfortunately the comments include a lot of casual racism against Indians, with little awareness of the structural conditions causing these scammers to exist.
[1] https://www.youtube.com/channel/UCm22FAXZMw1BaWeFszZxUKw