Scamming people out of their money via simple phone calls is a multi-billion dollar industry. It has become an artform, and there are literally thousands and thousands of scamming groups, the vast majority of them for some reason located in India (although they exist in many other countries as well). These modern scams are typically "tech support scams", "IRS scams" and "refund scams".
While scamming people out of their money has existed for a very long time, often in the form of so-called "advance free scams" or "419 scams", the problem with these is that they tend to take a very long time, and net only moderate sums of money. Quite often advance fee scamming a person has to go on for literally weeks and even months, sucking the person out of quite small amounts of money (typically in the order of a few hundreds of dollars at a time), these more modern tech support and other similar scams have a much quicker turnout. Quite often the victim will pay the scammers several thousands of dollars within the same day. Literally billions of dollars are being scammed out of people every year using these.
One can see these scams in action thanks to so-called scambaiters, which in itself has become an artform (requiring quite a lot of time, resources, expertise and acting talent), and it has become a popular form of entertainment on YouTube and Twitch.
One has to wonder, however, how stupid people can be, especially with some of these scams. Consider your typical "refund scam" script:
As incredible as it sounds, thousands of people fall for all of that every day. All of it. At no point do they grow suspicious about any of it. They will happily go buy thousands of dollars worth of gift cards, or withdraw thousands of dollars of cash from a bank, and lie about it to the employees if needed.
The problem is, the vast majority of non-tech-savvy people out there who know nothing about computers will do pretty much anything they are told if it's somebody who "knows about computers" tells them. The victim may be psychologically too intimidated to doubt and object to what the "technical expert" is saying. It may be a deeply rooted instinctive fear of making a fool of oneself by spouting something stupid to someone who is (or appears to be) significantly more knowledgeable about this stuff.
Of course the scam is quite devious in that once you give remote access to your computer, you are hosed. If at any point you show any sign of suspicion, or that you are having doubts, the scammer will quickly do everything he can to lock out of your computer. In past years, when Windows 7 and earlier were more common, they would use the syskey utility to put a password. In Windows 10 they will try to create a new login password if the computer doesn't have one. (If it does already have one, they will try to trick the victim by logging out and then asking the victim to log in, so the scammer can use a keylogger in the remote access software to get the password, and then change it.) If the victim decides that this is all too suspicious, and that he will not go through it, he will now be extorted by threatening to permanently lock him out of his computer.
And if everything else fails, the scammer will just take revenge by doing as much damage to the system as possible (by deleting all possible files).
While scamming people out of their money has existed for a very long time, often in the form of so-called "advance free scams" or "419 scams", the problem with these is that they tend to take a very long time, and net only moderate sums of money. Quite often advance fee scamming a person has to go on for literally weeks and even months, sucking the person out of quite small amounts of money (typically in the order of a few hundreds of dollars at a time), these more modern tech support and other similar scams have a much quicker turnout. Quite often the victim will pay the scammers several thousands of dollars within the same day. Literally billions of dollars are being scammed out of people every year using these.
One can see these scams in action thanks to so-called scambaiters, which in itself has become an artform (requiring quite a lot of time, resources, expertise and acting talent), and it has become a popular form of entertainment on YouTube and Twitch.
One has to wonder, however, how stupid people can be, especially with some of these scams. Consider your typical "refund scam" script:
- Most often the victim gets a robo-call, or sees a spam popup while browsing the internet, about them being granted a refund for some service they have purchased.
- When the victim calls the scammers, they will instruct him to install a remote access software, such as TeamViewer.
- The scammer will tell the victim that he needs to log into his bank account.
- In some versions of the script the scammer will just pretend to make the money transfer, while in other versions the victim is instructed to write the refund amount (typically in the command prompt). If this latter case the scammer will surreptitiously add an extra zero to the sum.
- To make the fake transfer, the scammers will typically black out the user's screen using the remote access software. If the user has several accounts the scammer will transfer money from one account to another, and then use the browser's inspect element feature to edit the original account to look like it hasn't changed. If the user has only one account, the scammer will just edit it to look like it has now more money.
- If the victim says that he'll check his bank account eg. using his mobile phone (as demonstrated by many of these scambaiters) the scammer will quickly tell him that he can't do that. Allegedly it can only be done with the computer.
- Now the scammer will start acting like he's going to lose his job because he accidentally transferred too much money, and wants the extra money back. The most typical way to pay it back is using... get this... gift cards. Like Google Play, or Target gift cards. Transferring the money back via the bank is not possible, allegedly.
- The victim will be told to physically go the store to buy gift cards worth several thousands dollars, and explicitly told to not tell anybody about it. He will be explicitly told that if they ask him in the store about it, that he lie about it, and claim that it's just a gift for a friend. The victim is explicitly told not to tell the employees the real reason for buying the cards.
- In some versions of the scam script the victim will instead be instructed to go to the bank and withdraw the money in cash, in order to send it via physical mail to the scammer. Again, the victim is told to lie to the bank about the reason for withdrawing the money, if they ask, and not tell the real reason.
As incredible as it sounds, thousands of people fall for all of that every day. All of it. At no point do they grow suspicious about any of it. They will happily go buy thousands of dollars worth of gift cards, or withdraw thousands of dollars of cash from a bank, and lie about it to the employees if needed.
The problem is, the vast majority of non-tech-savvy people out there who know nothing about computers will do pretty much anything they are told if it's somebody who "knows about computers" tells them. The victim may be psychologically too intimidated to doubt and object to what the "technical expert" is saying. It may be a deeply rooted instinctive fear of making a fool of oneself by spouting something stupid to someone who is (or appears to be) significantly more knowledgeable about this stuff.
Of course the scam is quite devious in that once you give remote access to your computer, you are hosed. If at any point you show any sign of suspicion, or that you are having doubts, the scammer will quickly do everything he can to lock out of your computer. In past years, when Windows 7 and earlier were more common, they would use the syskey utility to put a password. In Windows 10 they will try to create a new login password if the computer doesn't have one. (If it does already have one, they will try to trick the victim by logging out and then asking the victim to log in, so the scammer can use a keylogger in the remote access software to get the password, and then change it.) If the victim decides that this is all too suspicious, and that he will not go through it, he will now be extorted by threatening to permanently lock him out of his computer.
And if everything else fails, the scammer will just take revenge by doing as much damage to the system as possible (by deleting all possible files).
Comments
Post a Comment