Is Action Fraud fit for purpose anymore?

After even more media reports about Action Fraud recently, I genuinely have to question its future. No doubt people will continue pointing people there as that’s the status quo. Have they done irreparable damage to themself though? After reading all the articles about how the staff there act, how many people will be put off from reporting their crime? They can claim to have sacked or “retrained” the people in question, but this was the very large tip of the very large iceberg when it comes to them. For a long time now there have been reports about how unhappy people were with how Action Fraud reacted (or didn’t react) when they were contacted after the person was scammed. Bad publicity isn’t a new thing with them, and there are plenty of stories talking about how Action Fraud did nothing after a report. Let’s ask ourselves though, can it be replaced? Should it be replaced? If it is replaced, then with what? In my opinion, Action Fraud isn’t likely to be going anywhere, but will limp along continuing to do a job people aren’t happy with, but with no other realistic alternatives to take their place. Most of the people out there working to fight scammers don’t have the finances, backing or support they do. It’s a shame, a real shame. People are being let down badly on a daily basis, and it’s unlikely to change.

There’s a fine line between love and bait.

The whole purpose of ScamSurvivors is to educate the public in how scams work, so they can avoid falling for them. It’s essential that the information is out there and easily searchable. However, this also means that less desirables can also see it. It’s a difficult balancing act between sharing enough information to help and making a “scamming 101” for the scammers themselves. That’s why we often need to be vague when explaining the specifics of a scam. Sometimes a scammer will find us and assume we’re some kind of scammer education centre. A while back we had a scammer join our “live help” room asking for help that we made our new toy. Today I woke up to see this in my inbox:

I’ve been reading your articles and I found them so useful, but I do encounter some difficulties downloading some stuffs you recommended for screen recorder. Could you please help me with that and any other useful info, like good dating sites, latest formats, spoof numbers and all that. I look forward to reading from you. Thanks in anticipation.

Yup, another scammer who’s completely missed the point of the site. From the wording, it sounds like he’s a West African. The use of “formats” for example gives it away. A format is essentially another word for the script they’d use. Time for some more fun I think 😉

Updated to add:

Seems he’s finally grown a second brain cell, but now he thinks I’m the FBI!

“I know you FBI agent!”

We’re still upsetting people.

Recently we’ve had people trying to attack us via our web host. One is a company who still doesn’t get that, because they’re mentioned in a scammer email we’ve quoted, it in no way means WE’RE trying to encourage people to abuse their service. Apparently they missed all the warnings over the site explaing how scammers work and what we do. The other is a “faker maker” who’s pissed we won’t remove his details. Thing is, we’ve spoken to him before and given him an out where all he has to do is speak to law enforcement and provide us the reference number. That apparently was too hard for him to do, so he came back and tried the exact same thing, just via a different avenue. Here’s where we stand on situations like this. Give us a GENUINE reason to remove details, and then (and ONLY then) we will. Ignore our advice and all you’ll do is make us more convinced your details should be there for all to see. We don’t post information lightly, and I will stand by those members of our site who post the information and do EVERYTHING in my power to keep it there when it needs to be there. It’s really that simple.

Stay safe.

This week was fun. I had someone call Firefly (our other admin) a “tiresome little bit*h” and then told me to go kill myself when I slapped him for it. Of course it took me all of 10 minutes to get his full name, his phone number, where he works, his DOB, what forums he’s a member of, what operating system he uses on his computer, what computer he uses, exactly where he lives and some other information I won’t mention here. It reminded me of something that happened a while back, where someone was sending abusive text messages to a friend of mine. Being the resident “computer expert”, I was asked to try and help identify where he was. He claimed he was using an “untraceable server” so we’d never find him. What he actually meant of course is that he was using a VPN. That’s all well and good, but what he didn’t know is that we could still see clear as day enough information to identify where he was and what hardware he was using. Some people do the same thing when dealing with scammers. They think they’re well hidden, but in reality the scammer can identify them as simply as if they’d given them their calling card. If you’re going to bait, you ALWAYS have to bait safely. I’ve bent many a rule when it comes to safe baiting, but I always made sure there were safeguards in place. You have to know the rules before knowing how far some can be pushed. Unfortunately not everyone understands that and end up putting themselves in danger. If you want to mess with scammers, always ALWAYS put your own safety above all else.

It’s not the scammers in the news this time.

It’s highly likely you’d have seen the media talking about Action Fraud recently. If you haven’t, then now would be a perfect time to read it, before coming back here. We’ll wait.

Up to date now? OK, so let’s continue. This has painted Action Fraud in an incredibly bad light. I’m not going to defend them. Frankly, I wasn’t at all surprised about it. Both my personal interactions with them, and comments by some some of the people who have come to us after going there first lead me to fully believe what’s being said. Again, I’m not going to defend Action Fraud. We’re already getting the standard “lessons to be learned” and “well below the standards we expect” press releases. Will it make a difference, or will they simply try to paint over the cracks and hope everyone thinks things are good there now? I have no idea. What I want to say is that I hope people won’t judge every antiscam site based on what’s been revealed to be happening in the Action Fraud call centre. There are people out there who genuinely do care, who go above and beyond to make sure they do all they can to help those people who have been scammed, and some do this completely free and give up their own time to do so. It’s going to take time for Action Fraud to regain trust. In many cases it’ll never happen. Don’t let that put you off from reporting your scammers though. If not to Action Fraud, then to sites like ours where you’ll be treated with respect and not lied to.

Three random words.

A lot has been said about secure passwords and ways to create them. Some people recommend three random words, some password managers and others a random mixture of letters, numbers and “special characters”. I deal with all kinds of people on a daily basis, some who are computer literate and some who only just know how to turn a PC on and who definitely wouldn’t want to use a password manager. I know of one person who insists on writing all his passwords in a book he keeps on a shelf by his PC. That’s the real world, not an idealized one we’d all love to see. So what can we do for people like him? Let me demonstrate a way to use three random words that takes it a step further to make what appears to be a completely random mix of letters, numbers and special characters. It’s simple enough, yet also allows you to tweak it any way you want. those who insist on writing their passwords down can still use this method too, as the final result looks nothing like the three words written down. Let’s start with three random words. Actually, let’s start with “three random words”. Look at your computer keyboard. Notice how the letters are spaced in such a way that if you go up one line and to the left or the right, there’s a corresponding key. If I wanted to type my password going up and to the left, three would become 5y433, random would become 4qhe9j and words would become 294ew. Put those together and you have 5y4334qhe9j294ew. Let’s switch it up and go to the right this time. Now we get 6u5445wjr0k305re. Some passwords require a capital letter, so let’s change the first letter we see to a capital. 5Y4334qhe9j294ew. How about special characters? There are three words, with two spaces between them that we didn’t use. The first word has five letters, so let’s put a special character in place of where that first space would go and use the special character that corresponds with the number 5. That’s a % for those paying attention. Now our password looks like 5Y433%4qhe9j294ew. Random is next with 6, and that gives us 5Y433%4qhe9j^294ew. Finally, words has 5 letters, so we put a % at the end to give us the final password of 5Y433%4qhe9j^294ew%. And how do we remember it when we need to use it again? “Three random words”. The method can be tweaked if needed, so for example the first and third words are to the left, but the second one is to the right. It’s easy when you know how.

Hacked off.

If you enjoy Youtube, you’ll likely have stumbled upon “Life hack” videos at some point. Most are utterly pointless, dangerous or nothing more than “tips” people have been using for years already. Want to keep stop your cat from bringing in dead animals? Simply hot glue a car horn and battery pack to him. Keep losing your car keys? Leave them in the car door where they’re easy to find. You know the kind of crap I’m talking about, right? https://dictionary.cambridge.org/dictionary/english/hack describes the word hack as “to cut into pieces in a rough and violent way, often without aiming exactly” which is what I’d like to do to some of the people who put out the truly dangerous “life hacks”, but that’s a whole other thread for another day. The other thing you’ll see is people boasting in their video titles about “hacking the scammer’s PC”. How can I describe this practice? How about – and you can quote me on this – “absolutely moronic, dangerous and a complete nightmare for any self respecting anti-scam advocate to have to deal with the consequences of”. Think of how much damage to a criminal investigation some script kiddie can cause by removing vital evidence from a computer because they saw a video and decided they want to do it as well. Consider the damage to the anti-scam community a well intentioned but clueless person can do due to outsiders assuming that’s what we all do. There are times we work with law enforcement on cases, and when we explain to them how we obtained the information we have, it’s essential we can prove to them that it was done using perfectly legal methods (usually a little lateral thinking when doing standard searches is all that’s actually needed). If it’s assumed we hack into computers, then the evidence we share would be compromised and the real bad guys could get away scot free. Think before you ever consider hacking into a scammer’s computer. You could be doing much more harm than good.

Regarding posting personal information.

After a recent incident, I wanted to clear up exactly what our stance is regarding posting up a person’s private details on the site. It’ll be in two parts, to cover the person’s details and their images.

Firstly, regarding images. If an image is received from a scammer, we’ll post it up. If the image contains a child, we’ll obscure their face. If we can find the real person whose images are being abused by scammers, we’ll let them know and offer any help we can if they reply. We won’t post up any images that weren’t received from a scammer, even if there are others of that person available online. That’s important to us.

Sometimes we receive an email claiming to be a particular person/entity. Again, we’ll post it as is and try and let them know about the scammer abusing their name as part of their scheme. If the scammer mentions another person/entity partway through the scam (for example, telling the person to send money to them via Western Union, Moneygram etc.) then that simply gets posted up. Where it gets more tricky is when the scammer uses banking details that belong to someone else. Here’s how we deal with that. If the information is in the first email, then we post it as that’s the script hundreds or thousands of others would also have received. If however, a scammer shares banking information further into the script, then none of that will be shared with the public. We have contacts in various banks’ fraud departments that we send the information to, and leave them to deal with it.

So in a nutshell, we’ll post up images used by scammers, as well as emails/names where they pretend to be other people. Where we can, we’ll let the real people know about it. If a scammer mentions other organisations, then they sinply get posted with no further action taken. When it comes to bank details, if it’s in the initial email we’ll post it, but simply pass it on to the banking authorities if they arrive partway into the dialogue with the scammer. Hopefully that clears it up for everyone.

On a personal note – panic attacks.

Those who know me, will know that I suffer from occasional panic attacks. They’ll also know that I have to avoid certain stimulants such as caffeine like the plague. No morning cup of coffee for me, only caffeine free cokes and Dr Pepper is completely out of the question which is a shame as I used to love that stuff. Something else was added to that list a few weeks ago. To treat a sinus infection, I was given a steroid spray. The day after, I woke up to one of the worst attacks I’ve ever had. Now usually when I get a panic attack, it’ll fade off within 15-20 minutes. Not this time. This damn thing lasted a week non stop! This is the second time I’ve had a reaction to a steroid spray or cream, but this was the one that confirmed it’s the cause. I was OK for a day or so after that week long episode, but then it came on me with a second wave that lasted on and off for two whole weeks. When these happen, it’s pretty much impossible to function. I can’t sit down, can’t sleep, can’t concentrate on anything and am generally no use to man nor beast. If you’ve never had the misfortune to suffer with a panic attack, think yourself lucky. At times it physically feels like you’re dying, and at other times you would welcome death to put an end to the suffering. I have enough experience to know what was going on, but even that’s small comfort when you’re going through it for the fifth day solid with no respite. Thankfully it’s been a week now since the last episode, so I’m hoping things are back to “normal” here. What I’d like to say is that, while all this was going on, the rest of the crew stepped up to cover me. For that I’d like to say thank you. The small group that work on this site are people I genuinely consider some of my closest friends, and times like this only reinforce that feeling. Now let’s hope the next attack is a long way away as there’s scammers to deal with!

So, about this whole “Facebook donates 3 million” thing….

I’ve had some time to think about this . If you’re unaware, Facebook has supposedly made it easier to report fake ads, and donated £3 million to a UK charity after being taken to court by a UK celebrity over misleading ads featuring his image. Now, here’s my thoughts on it in no particular order:

3 million pounds is the equivalent to 90 minutes’ worth of revenue. It’s chump change to them, and my guess is that it’s garnered them millions in publicity anyway seeing as the story was pretty much everywhere. How much do you think that much media exposure would have cost them otherwise?

One report I read claims the amount was ” in cash and Facebook ad credits “. Many, many years ago, I worked in a camera shop. A couple came in and bought several hundred pounds’ worth of equipment for a “once in a lifetime” holiday they were going on. It was around the £5-600 mark if I remember. They asked if there was any chance of a discount, and I offered them 10% off, or £100 worth of films and developing. They took the films, happy that they’d managed a good deal and made the right choice. Here’s the thing though. That £100 I gave away only cost the company about £35. How much of this 3 million is in ad credits that likely cost Facebook a fraction of what they’re selling them for?

The service is only in the UK. Elsewhere, nothing has changed. Ads will still appear, Facebook will still charge to display those ads, just now UK users can report them easier to get them removed.

The money went to set up a service called Citizens Advice Scams Action (Casa). Once that 3 million has been used, what happens then? Do we think Facebook will give more, or walk away leaving a service having to beg for money elsewhere in order to continue running.

Is it a good thing? On the surface, yes. Look a little deeper though, and maybe it’s not quite as good as it’s been made out to be.