Convincing a Scammer That They’re Going Crazy
By Kevin Norman
- 10 minutes read - 2056 words
According to 419eater.com, scambaiting is “enter[ing] into a dialogue with scammers, simply to waste their time and resources. Whilst you are doing this, you will be helping to keep the scammers away from real potential victims and screwing around with the minds of deserving thieves”. These scammers aim to take advantage of the elderly, people with disabilities, and others. I occasionally engage in scambaiting, but particularly enjoyed the encounter I document here.
I received a message concerning a computer case I was attempting to sell on Gumtree. I’d listed it about 15 minutes prior to the message arriving.
Note: If you’d prefer to read this as a series of screenshots, go ahead.
Scammer: I was interested in computer case
Scammer: Good afternoon, I’m about an announcement on gumtree
Scammer: Is it convenient for you to speak now?
No suspicions yet, seems legit!
Me: Hi, sure, are you interested?
Scammer: is he in good condition?
Me: Particularly good condition yes, it was used for around a year but just lived on my desk. There’s a few scuffs here and there but nothing particularly noticeable. All screws/fittings that were included are still there, only thing that’s missing are the shields where you’ll probably be putting a graphics card anyway.
Scammer: okay, are there fans included?
Me: No, it doesn’t come with any fans
Me: It can fit a 120mm or a 140mm fan
I decided to be extra helpful and link him to a LinusTechTips video reviewing this computer case. Can’t say my customer service isn’t on point. At least he wasn’t questioning whether I was Romanian or not!
Me: https://youtu.be/8ptbpKpObzs this is the case, if you’re curious.
Scammer: well, for such a price everything suits me
Scammer: when can you pick it up?
Wait… When can I pick it up? Strange, although it could have been a language barrier thing. Whatever.
Scammer: or will you send it by mail?
Me: Pickup only unfortunately, not cost effective to send computer cases by post!
Me: You can pick up anytime today from Mayfair - just let me know when to expect you
Scammer: I’m at work today, I’ll be free only next weekend
Scammer: Can I pay for the item now and pick it up next weekend?
Me: That would be fine yes! I’ll hold it for you. You want to pay via PayPal/bank transfer?
Me: You can also pick it up tomorrow, or any day after Friday
Me: It’s up to you
Scammer: It will be convenient for me to pick up the food next Saturday
Pick up… The food? I’m not sure who eats computer cases, but I’m not sure I want to cross them! Still I suspected nothing so far.
Scammer: yes, I can transfer to the card and paypal
Scammer: as you prefer?
Me: https://monzo.me/kevinnorman/10.00?d=Gib%20me%20money%20for%20writing%20article
I sent him a link requesting money as generated by my bank. That’s a real link, by the way, feel free to send me money, I certainly would be grateful!
Given this is an ITX case (a small one which only fits certain hardware), and because I’m a nice guy, I thought I’d ask him what he’s putting inside of it to double check he was aware that the case was an ITX case.
Me: Out of interest, what are you going to put inside it?
Scammer: Intel core i7 and gtx 2070
Scammer: or it is possible through PayPal, I have money there
Me: Sure, kn100+paypal@kn100.me
Scammer: more precisely core i7 9700k
Me: Very nice
Me: Will be a very powerful tiny computer!
Scammer: Yes
Scammer: I will send a check, do you mind?
At this point my scam senses started tingling. A check? Does he mean a cheque? Does he mean a security check? For a £10 case?
Me: I’m not sure I understand
Scammer: one second
Scammer: https://paypal DOT 3sds DOT site/pay/?id=49688501 (I have intentionally garbled this link. Visit at your own risk.)
Scammer: this is check
Scammer: fill in the data to receive money
Scammer: understand?
Ah. A Scammer. Visiting this page took me to a page that looked like the following. An obvious scam, but it’s pretty reasonable to expect that a lot of people might fall for this.
I started to consider what to do, so I stalled a bit by just telling him the link didn’t work. In this time I would quickly spin up a virtual machine, and do a bit of recon.
Me: It’s not working
Scammer: what does not work?
Me: That link
Me: It just 404s
Scammer: One second
Scammer: https://paypal DOT 3sds DOT site/pay/?id=49688501
Me: Give me a minute my dog started screaming
Scammer: Ok
Scammer: try to copy the link and paste it into the browser
Still trying to stall for time, I try to delay by asking more PC related questions to waste his time and to give me time to think.
Me: What power supply are you planning to use?
Scammer: Corsair 750w
Me: The link still isn’t loading, but now I’m getting error 509
Me: 500*
I decided to claim a different error message was occurring, really get him worried. I was honestly stalling for time.
Scammer: I’ll write to technical support now
Scammer: https://paypal DOT 3sds DOT site/paychekoff/?id=49688501
Scammer: they stuck this link
Scammer: they said everything is fine
Ah, a nugget of information! With a lot of these scams, the scammer you speak to does not manage the tool they use to scam you. The tool is purchased from some skiddie, and is then run by the scammer. The use of the word “they” in his messages above led me to believe that he was in direct contact with the person responsible for hosting the tool they were attempting to use to scam me.
At this point, I decided to fire up an image editing tool.
Me: Okay now it’s refusing to accept my details
Scammer: try with another browser
Me: It says error 418 now… PayPal is really unreliable today maybe we could try another way?
Scammer: I only keep money on paypal
Me: It loaded this time at least, but I’ve tried submitting like 5 times
Me: Maybe you can withdraw 10 pounds and bank transfer me
Scammer: send a screenshot of the error, I will send to those support
Me: One second
Scammer: Well?
So I edited an image with an error 418. For the uninitiated, according to Mozilla, Error 418 “indicates that the server refuses to brew coffee because it is, permanently, a teapot.”. I used this error for two reasons. Firstly because it was hilarious to me, and secondly any person who knows anything about web development is very likely to know this error and realise what is going on. If this person catches on, I was unlikely to be able to have much fun with them anyway.
Scammer: if it doesn’t work now, write to those support, at the bottom right
Scammer: it just works for me
It just works for you huh? You’re just paying yourself money? Seems legit Mr. Scammer!
Me: I tried writing to the chat but it seems its gone offline
Me: also, the payment boxes have disappeared completely now, maybe too many attempts?
Scammer: Maybe
Scammer: all this is strange
To really confuse this guy, I decided I’d edit the screenshot so the online chat appeared offline. You’ll notice the little circle on the chat thing turned from green to red. I also hid the ‘payment’ boxes, as promised. What I wouldn’t give to see the conversation between this guy and the tech guy running it.
I wanted to create a sense of urgency, and to force this scammer to regenerate their payment link, so I engineered a situation where he’d increase the price.
Me: I think I might have another buyer for the case, I might see if they can pay for it in a different way, I just want shot of it
Scammer: as you wish
Scammer: technical support wrote: the server was restored
Scammer: can you try again?
Me: Hmnn, this other buyer is offering me cash today. Perhaps if you want it we can say 15 pounds?
Scammer: okay let’s go for 15
Me: The link still says 10
Scammer: now we will create a new translation
Scammer: https://paypal DOT 3sds DOT site/paychekoff/?id=49688501
Hey, a new link, with a name! Thanks Chekoff!
Scammer: 15£
Scammer: works?
Me: I don’t know what the hell is going on
Now, I decided to give the Script kiddie behind this nightmares. I edited the payment page to read NaN for the payment amount.
Me: this says: To Receive: NaN
Scammer: I do not know what’s happening
Scammer: try to go through another browser
Scammer: I’m already so tired, I’m ready to give 20 £
Next, I decided to engage with the scammer via their “tech support”. This screenshot is undoctored.
Scammer: how will tech support answer write me
Hilariously, after I refused to provide my card details via chat, the scammer messaged me again on Whatsapp to ask why I wasn’t providing the card details!
Me: I have no idea but I am not typing my card details into a text box for 20 quid
Me: oh man I just went to reply to support and got this
Next, I threw him a curveball. I edited the screenshot of the chat to have a fake warning indicating that the “free trial period” had expired. Next, I asked him if he’d like to sign up to my Onlyfans. I also linked him to a nursery rhyme for no good reason.
Me: Here’s a weird idea… I actually have an Onlyfans, and Onlyfans can be paid for with Paypal. What if you sign up to my Onlyfans and I make a tier that is 20 pounds?
Me: https://www.youtube.com/watch?v=B6en-O5yF0o
Me: oh sorry that link wasn’t for you
Here, he went quiet. I decided a few hours later to try to re-engage him by letting him know other buyers had lost interest. What he didn’t know is I’d already sold the case to someone else.
Me: this other buyer has fallen through, so it’s just you now. Not sure what to do.
Scammer: how paypal works, i will transfer you £ 20
Scammer: Ok?
Me: how?
Me: Hello? Do you still want it?
Scammer: Yes
Me: Then how shall we conduct this business transaction sir
Me: I’ve got the case, you’ve got the cash, can I make it any more obvious?
Scammer: I’m going to try now
Scammer: try now
Scammer: https://paypal DOT wis3 DOT site/pay/?id=73531466
Ha! He’s given me another domain to report. Excellent. More sleuthing indicates both domains were registered with the same email. A tiny bit more looking showed that there were around 50 of these domains all serving the same content. Reg.ru of course got a list.
Scammer: work?
Another curveball. My sleuthing through WHOIS records lead me to believe the scammer in question was Russian too, and the domain was registered with Reg.ru. I decided to mock up a fake domain suspension notice. The Russian reads “This website has been blocked. Get in contact with the support team”.
Scammer: I don’t know, try using another browser
Me: sorry let me try on a computer, this is tiresome
Me: Same thing
Of course, the same thing on the desktop! Left a nice easter egg in the tab bar though, which wasn’t noticed of course.
Scammer: so is the deal canceled?
Me: I can’t seem to get payment from you so I’m not sure what you want me to do
Me: maybe you have other suggestions
Scammer: there is a suggestion to put an end to this
HE’S FINALLY CLOCKED ON!
Me: go onnnn
Scammer: Goodbye
At this point, I’d done a fair bit of sleuthing, and determined his name was probably not Mark. I’d also reported both domains to their registrars, reported abuse to their host, reported them to the various safe browsing blacklist services, etc.
Me: Have a lovely evening Mark :)
Me: Does your scam work often?
Scammer: almost always
Me: how much do you make?
Scammer: it’s a secret
Me: welp, I hope you find some joy in life that doesn’t involve destroying others lives, and I hope you enjoyed having so much of your time wasted, I certainly had a whale of a time in Photoshop :)
Let me know what you thought! Tweet me at @normankev141