Woop-woop! That’s not the sound of da police.

At the time of writing this, it’s just a few short weeks until the 14th anniversary of my falling down this rabbit hole. People have made a lot of assumptions, one that we work hand in hand with the police. The reality couldn’t be further from the truth. I’m not denying the fact we do on occasion work with law enforcement, not that law enforcement has in fact contacted us asking for help/advice/an explanation into how we managed to track down the real person behind a particular scam. On occasion we’ve even been asked to be put in touch with other victims of a particular scammer. Here’s where it gets difficult though.

Sometimes we’re contacted by law enforcement asking us to plug a particular service they provide, to put a link on our site or to share a hashtag. In almost every case we politley refuse. Why? Well, there’s several reasons.

Firstly, why should we? This may sound selfish, but let me jump you back several years when we found the National Crime Agency had taken our work (and by “our” work, I mean words I’d likely rewritten a dozen or so times until I was completely happy with them) on sextortion and included it in their press release, a year after meeting with me to seek out my experiences on the scam. All well and good you may think, but this was done without our knowledge, permission or even acknowledgement. Imagine seeing the words you’d written, rewritten, deleted, written once again and ultimately rearranged many times used by someone else, who then told people who were dealing with that particular problem to go to sites who had NOTHING to do with the scam, but were under the same umbrella as them. Yes, that left a bad taste in our mouths that remains to this day.

Secondly, why bother? As I said earlier, I’ve been around for a long time. I’ve seen hashtags come and go, I’ve seen campaigns start in a blaze of publicity, to practically disappear within weeks. If we supported a particular movement, what’s to say it’ll still be around in a year’s time? Better to stand clear of them all and not get snared into putting your name against the LE equivelent of Betamax or HD DVD.

Thirdly, what have they done for us? Think about this one, something that has happened to me on more than one occasion. I get a call out of the blue from a policeman I’ve never spoken to before asking for me to put a link on our site to a campaign that’s never once so much as looked our way before, who the only dealings I’ve had with were due to one of them being in the same conference as me, and who pretty much looked down his nose at the work we do becasue we’re not Government funded. I’m happy enough to help out where I can, but I firmly believe in “quid pro quo”. Help among various agencies should never be a one way street. If we can help, we’re happy to help, but we’re not a charity and we’re not being paid for this. We do this purely because we want to help people. Common decency says there has to be reciprocation. If not, then I see no reason to help.

Fourthly, “screw those guys”. I’ll keep this one short, as I could rant for hours over it. If you’re going to try and belittle the around 40 years’ combined knowledge our volunteers have because you’ve never personally experienced one of the scams we have, why the hell should we give you the time of day? You’ve never seen it, so it must not exist? Screw you!

And fifthly, the “Action Fraud” effect. ScamSurvivors is independant, receives no government funding and has fought tooth and nail to be in the position where we’re at right now, where some people see us as “experts” and trust the information we share with them. the last thing we want is to be tarred with the same brush as organisations that have been outed in the public as not caring about the people who contact them. We care. We care enough to give up all our free time to help people. We care enough to do this for free, to have put our own money into it, and we care enough to have been doing this for a number of years.

There are instances where we’ve worked with law enforcement or government agencies, but they’re few and far between. It takes a lot to get us to trust you, and a single moment to blow that trust. We are always going to walk on the side of caution, and if that means we have a smaller profile then so be it. We are proud to be ScamSurvivors, and we wil never compromise our principles for anyone.

Financial domination.

We’ve spoken in earlier blog posts about what we will and won’t post on our forums. There’s another one that we haven’t mentioned yet, and this one is related to sextortion scams. There are people out there that make a living as dominatrixes. It’s a sub culture I personally have no interest in, nor any judgment about, similar to cam girls. I’ve actually had conversations with former Pinay scammers I dealt with, who switched to becoming cam girls and contacted me to let me know. This is how I see it. You agree to a contract with the person, and so long as both sides give/get what they agreed, then we can’t call it a scam. If, hypothetically, I paid a female $50 to strip naked on webcam for me and she strips naked on webcam for me, then both parties have followed through with their side of the deal. I’m not a lawyer, nor am I law enforcement. In the same vein, if someone agrees to be a financial domme and the other a financial sub, if both parties do what they agreed to, who am I to judge? I have enough to deal with as it is with the scams we receive every day. Again, this is just my opinion. If someone writes to us and says “Mistress Melania” (a name I made up purely for the alliteration value) has taken money from them, there’s nothing we can do. They both agreed to play their parts at the beginning, and they both did. If it’s a fake findomme, then yes that’s another story. However, if there was no hiding the fact that’s the agreement the person was entering into, we won’t post the details up on our forum. It’s a variation of “ignorance of the law is no excuse” would be the best way to describe our stance on it. More power (or “domme”) to those who make a living that way.

The path of least resistance.

Way back in the 1980s, I did my electronics O’level exam among others. It’s a subject I’ve always loved for most of my approaching 50 years on this planet, and the reason I would rather tear down a server than install a website on it. One of the basics we were taught way back then is that electrons will always follow the path of least resistance. Simply put, electricity will always flow in the easiest route from A to B. Imagine it like water trying to flow from high to low round. Of course, we have to make a comparison with scammers to justify this post. Simply put, a scammer will always use the simplest method to make money. Despite the scams being 14+ years old, the same methods are used. Why? Because they work and they’re easy. Want to get money from a young male? Sex is the answer. A female who isn’t into the “lovey dovey” stuff? Hit them with a fictional child. Greed? Offer them millions. Pure and trusting? Throw them a sob story as part of a charity scam. Very, very rarely are there new scams. 99 out of 100 times it’s simply the same old scam we’ve seen before, polished and presented as something new. Scammers are lazy and complacent in most instances. If they think a script from 10 years ago will work, then they’ll use that script. It’s all about, to quote John Wetton from way back in 1973, “Easy Money”.

Utterly disgusting!

We’ve been told about a “company” that supposedly helps victims of sextortion. I’d already seen their videos, which are a joke. Today though I was given more information after someone we previously helped actually called them up. Here’s what the email said:

I ended up giving them a call and was reached out to by someone who said they have several plans based on length of time and cost (ex. 1500 dollars for 9-5 support for a month up to 20000 for 3 days 24-hour surveillance). The guy sounded extremely confident and very knowledgeable on the phone but it seemed fishy as they have literally no reviews but he was claiming they have locations all over the world with ties to local police. Their proposed plan of attack is to track the person blackmailing you (which you guys have said isn’t really possible as they are hiding behind fake profiles etc.) and reach out to them and tell them to back down or they are going to contact local law enforcement. I said I’d call them back and never did they also said your proposed method (which is the one that I went with and I’m glad I did) wouldn’t work and then they tried to scare me into saying they were going to doctor the videos and still release everything anyway and that going into hiding would not work.”

What complete and utter bullshit! Everything they say is wrong. The videos they have up on YouTube are ridiculous, making it appear as if they do forensic examinations of your hardware, rather than tell the scammer “Don’t do it again or we’ll call the cops”. Yeah, like that’s going to work! The simple truth is, what they’re doing is dangerous and can cause much more trouble for the person. They claim ” We have a success rate of more than 90 percent for keeping these criminals from ever sharing our clients’ personal and private images and information”. 90% is good. No, wait, 90% is terrible as it still means 10% sent this company money and got no useful help. We’ve said time and again that our method works in well over 99% of the cases. It’s also used by law enforcement. On top of that, it’s free. It doesn’t cost anything up to the $20,000 they quote for “3 days 24-hour surveillance”. I mean, sure you can donate a few bucks if you want, but we’re not going to refuse to help you if you don’t.

If you want to see their videos, check out https://www.youtube.com/channel/UCDfYaNXa5xraFmvo7lnV6aA and let me know what you think.

Is Action Fraud fit for purpose anymore?

After even more media reports about Action Fraud recently, I genuinely have to question its future. No doubt people will continue pointing people there as that’s the status quo. Have they done irreparable damage to themself though? After reading all the articles about how the staff there act, how many people will be put off from reporting their crime? They can claim to have sacked or “retrained” the people in question, but this was the very large tip of the very large iceberg when it comes to them. For a long time now there have been reports about how unhappy people were with how Action Fraud reacted (or didn’t react) when they were contacted after the person was scammed. Bad publicity isn’t a new thing with them, and there are plenty of stories talking about how Action Fraud did nothing after a report. Let’s ask ourselves though, can it be replaced? Should it be replaced? If it is replaced, then with what? In my opinion, Action Fraud isn’t likely to be going anywhere, but will limp along continuing to do a job people aren’t happy with, but with no other realistic alternatives to take their place. Most of the people out there working to fight scammers don’t have the finances, backing or support they do. It’s a shame, a real shame. People are being let down badly on a daily basis, and it’s unlikely to change.

There’s a fine line between love and bait.

The whole purpose of ScamSurvivors is to educate the public in how scams work, so they can avoid falling for them. It’s essential that the information is out there and easily searchable. However, this also means that less desirables can also see it. It’s a difficult balancing act between sharing enough information to help and making a “scamming 101” for the scammers themselves. That’s why we often need to be vague when explaining the specifics of a scam. Sometimes a scammer will find us and assume we’re some kind of scammer education centre. A while back we had a scammer join our “live help” room asking for help that we made our new toy. Today I woke up to see this in my inbox:

I’ve been reading your articles and I found them so useful, but I do encounter some difficulties downloading some stuffs you recommended for screen recorder. Could you please help me with that and any other useful info, like good dating sites, latest formats, spoof numbers and all that. I look forward to reading from you. Thanks in anticipation.

Yup, another scammer who’s completely missed the point of the site. From the wording, it sounds like he’s a West African. The use of “formats” for example gives it away. A format is essentially another word for the script they’d use. Time for some more fun I think 😉

Updated to add:

Seems he’s finally grown a second brain cell, but now he thinks I’m the FBI!

“I know you FBI agent!”

We’re still upsetting people.

Recently we’ve had people trying to attack us via our web host. One is a company who still doesn’t get that, because they’re mentioned in a scammer email we’ve quoted, it in no way means WE’RE trying to encourage people to abuse their service. Apparently they missed all the warnings over the site explaing how scammers work and what we do. The other is a “faker maker” who’s pissed we won’t remove his details. Thing is, we’ve spoken to him before and given him an out where all he has to do is speak to law enforcement and provide us the reference number. That apparently was too hard for him to do, so he came back and tried the exact same thing, just via a different avenue. Here’s where we stand on situations like this. Give us a GENUINE reason to remove details, and then (and ONLY then) we will. Ignore our advice and all you’ll do is make us more convinced your details should be there for all to see. We don’t post information lightly, and I will stand by those members of our site who post the information and do EVERYTHING in my power to keep it there when it needs to be there. It’s really that simple.

Stay safe.

This week was fun. I had someone call Firefly (our other admin) a “tiresome little bit*h” and then told me to go kill myself when I slapped him for it. Of course it took me all of 10 minutes to get his full name, his phone number, where he works, his DOB, what forums he’s a member of, what operating system he uses on his computer, what computer he uses, exactly where he lives and some other information I won’t mention here. It reminded me of something that happened a while back, where someone was sending abusive text messages to a friend of mine. Being the resident “computer expert”, I was asked to try and help identify where he was. He claimed he was using an “untraceable server” so we’d never find him. What he actually meant of course is that he was using a VPN. That’s all well and good, but what he didn’t know is that we could still see clear as day enough information to identify where he was and what hardware he was using. Some people do the same thing when dealing with scammers. They think they’re well hidden, but in reality the scammer can identify them as simply as if they’d given them their calling card. If you’re going to bait, you ALWAYS have to bait safely. I’ve bent many a rule when it comes to safe baiting, but I always made sure there were safeguards in place. You have to know the rules before knowing how far some can be pushed. Unfortunately not everyone understands that and end up putting themselves in danger. If you want to mess with scammers, always ALWAYS put your own safety above all else.

It’s not the scammers in the news this time.

It’s highly likely you’d have seen the media talking about Action Fraud recently. If you haven’t, then now would be a perfect time to read it, before coming back here. We’ll wait.

Up to date now? OK, so let’s continue. This has painted Action Fraud in an incredibly bad light. I’m not going to defend them. Frankly, I wasn’t at all surprised about it. Both my personal interactions with them, and comments by some some of the people who have come to us after going there first lead me to fully believe what’s being said. Again, I’m not going to defend Action Fraud. We’re already getting the standard “lessons to be learned” and “well below the standards we expect” press releases. Will it make a difference, or will they simply try to paint over the cracks and hope everyone thinks things are good there now? I have no idea. What I want to say is that I hope people won’t judge every antiscam site based on what’s been revealed to be happening in the Action Fraud call centre. There are people out there who genuinely do care, who go above and beyond to make sure they do all they can to help those people who have been scammed, and some do this completely free and give up their own time to do so. It’s going to take time for Action Fraud to regain trust. In many cases it’ll never happen. Don’t let that put you off from reporting your scammers though. If not to Action Fraud, then to sites like ours where you’ll be treated with respect and not lied to.

Three random words.

A lot has been said about secure passwords and ways to create them. Some people recommend three random words, some password managers and others a random mixture of letters, numbers and “special characters”. I deal with all kinds of people on a daily basis, some who are computer literate and some who only just know how to turn a PC on and who definitely wouldn’t want to use a password manager. I know of one person who insists on writing all his passwords in a book he keeps on a shelf by his PC. That’s the real world, not an idealized one we’d all love to see. So what can we do for people like him? Let me demonstrate a way to use three random words that takes it a step further to make what appears to be a completely random mix of letters, numbers and special characters. It’s simple enough, yet also allows you to tweak it any way you want. those who insist on writing their passwords down can still use this method too, as the final result looks nothing like the three words written down. Let’s start with three random words. Actually, let’s start with “three random words”. Look at your computer keyboard. Notice how the letters are spaced in such a way that if you go up one line and to the left or the right, there’s a corresponding key. If I wanted to type my password going up and to the left, three would become 5y433, random would become 4qhe9j and words would become 294ew. Put those together and you have 5y4334qhe9j294ew. Let’s switch it up and go to the right this time. Now we get 6u5445wjr0k305re. Some passwords require a capital letter, so let’s change the first letter we see to a capital. 5Y4334qhe9j294ew. How about special characters? There are three words, with two spaces between them that we didn’t use. The first word has five letters, so let’s put a special character in place of where that first space would go and use the special character that corresponds with the number 5. That’s a % for those paying attention. Now our password looks like 5Y433%4qhe9j294ew. Random is next with 6, and that gives us 5Y433%4qhe9j^294ew. Finally, words has 5 letters, so we put a % at the end to give us the final password of 5Y433%4qhe9j^294ew%. And how do we remember it when we need to use it again? “Three random words”. The method can be tweaked if needed, so for example the first and third words are to the left, but the second one is to the right. It’s easy when you know how.