According to 419eater.com, scambaiting is “enter[ing] into a dialogue with scammers, simply to waste their time and resources. Whilst you are doing this, you will be helping to keep the scammers away from real potential victims and screwing around with the minds of deserving thieves”. These scammers aim to take advantage of the elderly, people with disabilities, and others. I occasionally engage in scambaiting, but particularly enjoyed the encounter I document here.
I received a message concerning a computer case I was attempting to sell on Gumtree. I’d listed it about 15 minutes prior to the message arriving.
Note: If you’d prefer to read this as a series of screenshots, go ahead.
Scammer: I was interested in computer case
Scammer: Good afternoon, I’m about an announcement on gumtree
Scammer: Is it convenient for you to speak now?
No suspicions yet, seems legit!
Me: Hi, sure, are you interested?
Scammer: is he in good condition?
Me: Particularly good condition yes, it was used for around a year but just lived on my desk. There’s a few scuffs here and there but nothing particularly noticeable. All screws/fittings that were included are still there, only thing that’s missing are the shields where you’ll probably be putting a graphics card anyway.
I sent him a link requesting money as generated by my bank. That’s a real link, by the way, feel free to send me money, I certainly would be grateful!
Given this is an ITX case (a small one which only fits certain hardware), and because I’m a nice guy, I thought I’d ask him what he’s putting inside of it to double check he was aware that the case was an ITX case.
Me: Out of interest, what are you going to put inside it?
Scammer: Intel core i7 and gtx 2070
Scammer: or it is possible through PayPal, I have money there
Ah, a nugget of information! With a lot of these scams, the scammer you speak to does not manage the tool they use to scam you. The tool is purchased from some skiddie, and is then run by the scammer. The use of the word “they” in his messages above led me to believe that he was in direct contact with the person responsible for hosting the tool they were attempting to use to scam me.
At this point, I decided to fire up an image editing tool.
Me: Okay now it’s refusing to accept my details
Scammer: try with another browser
Me: It says error 418 now… PayPal is really unreliable today maybe we could try another way?
Scammer: I only keep money on paypal
Me: It loaded this time at least, but I’ve tried submitting like 5 times
Me: Maybe you can withdraw 10 pounds and bank transfer me
Scammer: send a screenshot of the error, I will send to those support
Me: One second
So I edited an image with an error 418. For the uninitiated, according to Mozilla, Error 418 “indicates that the server refuses to brew coffee because it is, permanently, a teapot.”. I used this error for two reasons. Firstly because it was hilarious to me, and secondly any person who knows anything about web development is very likely to know this error and realise what is going on. If this person catches on, I was unlikely to be able to have much fun with them anyway.
Scammer: if it doesn’t work now, write to those support, at the bottom right
Scammer: it just works for me
It just works for you huh? You’re just paying yourself money? Seems legit Mr. Scammer!
Me: I tried writing to the chat but it seems its gone offline
Me: also, the payment boxes have disappeared completely now, maybe too many attempts?
Scammer: all this is strange
To really confuse this guy, I decided I’d edit the screenshot so the online chat appeared offline. You’ll notice the little circle on the chat thing turned from green to red. I also hid the ‘payment’ boxes, as promised. What I wouldn’t give to see the conversation between this guy and the tech guy running it.
I wanted to create a sense of urgency, and to force this scammer to regenerate their payment link, so I engineered a situation where he’d increase the price.
Me: I think I might have another buyer for the case, I might see if they can pay for it in a different way, I just want shot of it
Scammer: as you wish
Scammer: technical support wrote: the server was restored
Scammer: can you try again?
Me: Hmnn, this other buyer is offering me cash today. Perhaps if you want it we can say 15 pounds?
Now, I decided to give the Script kiddie behind this nightmares. I edited the payment page to read NaN for the payment amount.
Me: this says: To Receive: NaN
Scammer: I do not know what’s happening
Scammer: try to go through another browser
Scammer: I’m already so tired, I’m ready to give 20 £
Next, I decided to engage with the scammer via their “tech support”. This screenshot is undoctored.
Scammer: how will tech support answer write me
Hilariously, after I refused to provide my card details via chat, the scammer messaged me again on Whatsapp to ask why I wasn’t providing the card details!
Me: I have no idea but I am not typing my card details into a text box for 20 quid
Me: oh man I just went to reply to support and got this
Next, I threw him a curveball. I edited the screenshot of the chat to have a fake warning indicating that the “free trial period” had expired. Next, I asked him if he’d like to sign up to my Onlyfans. I also linked him to a nursery rhyme for no good reason.
Me: Here’s a weird idea… I actually have an Onlyfans, and Onlyfans can be paid for with Paypal. What if you sign up to my Onlyfans and I make a tier that is 20 pounds?
Ha! He’s given me another domain to report. Excellent. More sleuthing indicates both domains were registered with the same email. A tiny bit more looking showed that there were around 50 of these domains all serving the same content. Reg.ru of course got a list.
Another curveball. My sleuthing through WHOIS records lead me to believe the scammer in question was Russian too, and the domain was registered with Reg.ru. I decided to mock up a fake domain suspension notice. The Russian reads “This website has been blocked. Get in contact with the support team”.
Scammer: I don’t know, try using another browser
Me: sorry let me try on a computer, this is tiresome
Me: Same thing
Of course, the same thing on the desktop! Left a nice easter egg in the tab bar though, which wasn’t noticed of course.
Scammer: so is the deal canceled?
Me: I can’t seem to get payment from you so I’m not sure what you want me to do
Me: maybe you have other suggestions
Scammer: there is a suggestion to put an end to this
HE’S FINALLY CLOCKED ON!
Me: go onnnn
At this point, I’d done a fair bit of sleuthing, and determined his name was probably not Mark. I’d also reported both domains to their registrars, reported abuse to their host, reported them to the various safe browsing blacklist services, etc.
Me: Have a lovely evening Mark :)
Me: Does your scam work often?
Scammer: almost always
Me: how much do you make?
Scammer: it’s a secret
Me: welp, I hope you find some joy in life that doesn’t involve destroying others lives, and I hope you enjoyed having so much of your time wasted, I certainly had a whale of a time in Photoshop :)