I was recently interviewed for the Easy Prey podcast, hosted by Chris Parker who you may know better as the owner of https://www.whatismyipaddress.com. It was a chance to talk about how I started this journey, why ScamSurvivors was created and also to share both some horror stories as well as advice for people who are being scammed or who think they may be dealing with a scammer.

You can check it out at https://www.easyprey.com/tracking-scammers-with-wayne-may/ It’s about 30 minutes long, but (I hope) both interesting and educational. I’d like to thank Chris for the opportunity and for being such a great host.

Actually a lot of people don’t like us, but this is about one individual. This individual shall remain nameless as we don’t actually know their name. What we do know is what they tried to do, and that’s shut the site down using a cheap n nasty attempt at a DDoS attack. For those unaware what a DDoS attack is, it’s essentially flooding a website with so many requests that it can’t cope and falls over. We had this happen in the very early days of the site when we were on a shared hosting plan, and it was so bad that it took down over 100 other sites as well as us. We were very politely asked to leave and go find another service provider. Since then we’ve been on a dedicated host so we won’t take any innocent sites down if we do get attacked again.

Back to this attack though. Derek from aa419.org was able to fix this for us, and for that we’re hugely grateful. Here’s some of what we know about the attack. We know it was done by a Cameroonian, which is where all the recent fake sites selling nonexistent COVID19 PPE and cures are from. We know how they did it. We know how to stop it and how to stop it if they try it again. I personally know that the session we went through to deal with it isn’t like the movies and TV depict, with people sending each other viruses that put menacing messages on their screens or gliding through a VR world. In reality it’s a command typed in to see what’s happening and one to counteract it, rinse and repeat for over 2 hours, all on a black and white screen full of nothing but text. We know that we’re upsetting the right people if they’re going to this much effort in an attempt to stop us. One last thing we know. We know that we’re going to keep on doing what we do.

Here’s a good article we worked with the writer on for the Metro website. It even has some audio of Big Al talking to a Cameroonian scammer while pretending to be a buyer. Check it out at https://metro.co.uk/2020/05/28/ppe-scammer-brazenly-secures-deal-defrauding-customer-19000-12734092/

It goes without saying that these are strange and difficult times right now due to the Coronavirus. Where there’s a crisis, a scammer will attempt to take full advantage of it in order to separate people from their hard earned cash, and this pandemic is no different. But first, let’s talk about puppies.

Puppies are great, right? Little balls of fur with waggy tails. Who wouldn’t want a puppy? But where to buy one? Online makes perfect sense. I found our dog on Gumtree, and his previous owner still loves to get updates from us about him all these years later. There are plenty of websites that sell puppies (or cats if you’re that way inclined*). You may find a site selling dogs advertised on your social media feed, and fall in love with one of the critters you see there. A deal is struck, and you pay the necessary fees. In a few days, you’ll be able to pick up your new fur baby. But then you get a message saying there are some extra bills that need to be paid first. OK, not what you expected, but you pay it while thinking of those nights in bed with a doggy snuggled around your feet. Then another surprise bill comes. And another. And another. Maybe it’s for shots, maybe for a certificate, maybe it’s because the dog’s gotten injured. You keep on paying and paying, but never get the puppy you fell in love with. Why? Because it never existed in the first place, or at least the one the website claimed to have didn’t. The entire website is fake, and all the images were stolen from elsewhere. All you have is a big hole in your bank account and a dog shaped gap by your feet at night.

Next we jump to the subject of suicide. There are people in this world who – maybe due to depression or ill health – feel that they’d be better off dead. It’s an awful situation to be in, and one I hope to never be in myself. They may decide to look online for ways to take their own life, and discover that there are sites that will sell them the chemicals to do this, maybe in pill form or as an injection. They pay, and the same thing happens to them as to the person trying to buy a puppy. This time though, the scammer who runs the fake site is now also blackmailing them for even more money by threatening to report them to law enforcement for attempting to buy illegal drugs to end their own life.

Looking at these two scenarios, it should be fairly easy to see the link between the two. So where are these people who are running these sites, and how do they do it?

As mentioned earlier, the pet images were stolen from other sites, as most likely was any text on it. Likewise, the scammer selling fake drugs has the same setup. Why would this be? Because they’re the same scammers, or at least scammers from the same part of the world. We’ve always said that 9 times out of 10 we can pretty much instantly tell you where a scammer is based purely by the type of scam it is. In this type of scam, the scammers are almost always from Cameroon. They pay people we refer to as “faker makers” to make the fake sites, fake ID, fake documents etc. (hence the “faker maker” moniker), and scam unsuspecting people using them. The sites may even be ripped (copied) directly from a legitimate site with nothing but the company name and contact details changed.

Now, back to Coronavirus. When the pandemic started, the scammers switched to making fake sites selling N95 masks or even “cures”. Some registered new site names to do this, while others repurposed site names they already had. Instead of selling drugs that don’t exist, the sites now sell masks that don’t exist.

How do we know these scammers are in Cameroon? Some simple investigative work several years ago on the fake sites revealed it to us back when they were selling other commodities. Since then we’ve been following their progress carefully. One “faker maker” may be responsible for hundreds of fake sites. When you know what to look for, you can track the new/reused sites fairly easily. Back in February we saw the change taking place, and the new sites appearing. That’s how we know where the scammers are based. No “hacking” or “vigilante” tactics are used, simply a knowledge of how to search in the right places and for the right things. Sometimes it can be as basic as knowing what terms to search for in Google.

What do we do when we spot these fake sites? Why, we work on getting them all shut down of course. It doesn’t exactly make us popular with the scammers, and we’ve even received death threats on several occasions. You have to admit though, it’s good to know there are people like us making it harder for the scammers, right?

*I can joke about cat owners as we have (not own as no one “owns” a cat) 3 here as well as our dog.

https://www.bbc.co.uk/news/av/uk-52136987/coronavirus-tests-and-masks-sold-by-fraudsters-online A short article about scammers making fake sites to “sell” nonexistent face masks. The version shown on the BBC news program was longer than this. We’ve already had further interest from other sources off the back of this.

It’s only taken 8 years, but we finally have a book to go with the site. For those unaware, we have a sister site (well, more a redheaded stepchild) called StupidScammers.com that we place any funny scammer quotes at. We finally had enough to make a book out of them, so that’s exactly what we did. It was a blast to write and we hope that if you get a copy you’ll enjoy it too. It’s available in paperback as well as Kindle format. To find it, simply search for “The Stupid Scammer Files” on Amazon. You can even take a peek between the pages there to get an idea of how the book is.

Now the dust has settled on 2019 and our hangovers have finally been shaken off (though some scammers still insist on sending us “HAPPY NEW YEAR” emails), let’s take a look at how we did last year. The results are skewed due to our switching to a Cloudflare account partway through the year, so take these with a grain of salt.

We had over 1,234,000 unique visitors visit us last year. That doesn’t include bots etc. It’s how many actual people we had visit the site. Each person viewed an average of over 6 pages each, and our bandwidth was over 630GB.

As for the threads/posts, here are the stats as gathered by Big Al:

Am I Being Scammed 27 added topics
Blackmail 1067 added topics
419 scams 3309 added topics
Romance 459 added topics
Refugee 27 added topics
Fake sites 78 added topics
Bank Accounts reported 662
Victim warning attempts 1709

Not bad going, right? Here’s hoping that those numbers are even bigger in 2020.

Let me start this by saying I’ve been married for over a quarter of a century. My wife and I met way before we had dating sites online, and we didn’t even get the internet until 4 or 5 years after we got married. On a completely unrelated topic, the first scam email I ever received was almost immediately after I first joined the internet connected world. That’s by the by though. Let’s discuss love, romance and scammers.

I buy my wife flowers on a semi regular basis. I’m a romantic guy – kind of. The reality is though that my wife and I both understand that paying bills and keeping the pantry full is more important than flowers, chocolates or jewelry. Romance scammers however don’t have this reality block to deal with.

Scammers can promise a person the Sun, Moon, stars and everything inbetween as they know they’ll never actually have to deliver. Words are cheap, false promises even cheaper. I (and the rest of the site volunteers) have baited enough romance scammers to know and see through their lies. Not everyone can though, and it’s for those people we post up all the details of any romance scammers we deal with. We want people to see that the scammers can and do use every trick in the book to convince people they’re genuine. Those tricks are easy to spot if you know what to look for, and know how romance scammers work. THAT is the tough part. The pretty lies the scammers tell make it incredibly hard for us to break through to some people. The fantasy world the scammer weaves is something people long for, and don’t want to believe is fake. Real love isn’t perfect. Real love is accepting a person’s flaws, not being convinced by them that they don’t have any. Scammer love is and endless display of promises that never happen and never will happen. Real love is much more gutteral, more earthy, more REAL. There’s a song I love by The Kinks that perfectly describes what real love is like. It’s not perfect like a scammer will try to convince you it is. It’s an uphill struggle that requires the both of you to work at each and every day and doesn’t require one person to constantly send money to the other one. That’s not real love. Real love is a two-headed transplant – a “labour of love”. Don’t be fooled by scammer love, and never send money to someone you’ve only ever met online, no matter what they promise you in return.

Recently we’ve had a few people contact us saying that scammers are abusing their name. We have a pretty standard reply to that, and I’ll lay it out here. Scammers use these names as they feel they can do so with impunity. It’s not a good feeling to see your good name being abused by scammers, and we totally sympathise with people about it. However, asking for the thread to be removed, or the person’s/business’ name removed from the thread does a lot more harm than good. Let me explain it this way. Imagine the place you live. A neighbour has been phoning people up claiming to be you and asking them if they can borrow some money, with no plan whatsoever to pay it back. People are eventually going to approach you asking for that money you lent them several months back. What would be the natural reaction to that, to want to hide from everyone the fact that the person is pretending to be you and allow them to continue, or to let everyone know that the asshole is stealing money from people by using your name and make sure no one else falls for it and will blame them and not you? Exactly, right? It’s the same thing with online scammers. The absolute best thing to do is to let everyone know what’s happening. We’ve seen a charity that helped children in Africa do it after a particularly evil scammer pretended to be them. We’ve seen people do it after they were contacted and even threatened after people lost money to scammers pretending to be them. We’ve seen charities do it after scammers tried to say they were the boss. Trying to get the information removed only allows the scammers to continue abusing the good names of people. Warning people and publicly distancing themselves from the scam is the absolute best way to go in these cases. Make it so that if anyone does even an ounce of searching they’ll be warned away from the scam and the scammer will eventually change script to something that works better. It’s never going to stop it 100%. That horse has already bolted. It will however help minimise any damage the scammer does in his quest for easy money.

Way back then, when I first started baiting scammers, there were a lot of things being done that were deemed fine, but are frowned upon now. Unfortunately, not everyone seems to have gotten the message. Let’s look at some things that most baiting sites actively discourage people from doing.

Cash baiting. This involves flipping the script and persuading the scammer to send YOU money. Some people would keep the money, others would give it to charity. The problem is that, in most cases it’s not the scammer’s money being sent, but an unwitting victim.

Burning the scammer. This is when you tell the scammer that you know he’s a scammer. The big issue with this is that the scammer will learn from the experience. You’re in essence educating the scammer and making him better for the next person he talks to. This leads us on to:

Educating the scammer. When a scammer makes a mistake, don’t correct him on it. If his email still has Obama as president for example, don’t let him know. Far better is to DEeducate the scammer. Keep him making mistakes that can help others spot he’s not genuine.

Sending a scammer money. Yes, people have actually done this, claiming it was to prove they were a scammer. If a scammer receives money, then it encouages him to continue scamming and helps fund his continued life of crime.

Shut down their email addresses. Now, technically we don’t condone this completely. If a scammer has an email address for example that utilises a fake website to make his scam appear more genuine, then that’s fair game, and we will actively work toward shutting the site down. What we’re talking about here are email addresses set up using free hosts. Killing scamname1@ isn’t going to make the scammer go “Well then, time to go find some honest work I guess”. They expect and often prepare for exactly those cases. Many have a number of accounts already set up, so the worst you’ll do is inconvenience them for a short amount of time.

Making victims into baiters when they’re not strong enough to. Not everyone has what it takes to become a baiter. Victims may want “revenge”, but blindly recommending any victim you speak to become a baiter can put them at even more risk. There are cases where ex victims (or “survivors” as we call them) become great baiters, but those cases are rare. I’ve even seen people who were in no way ready to deal with other scammers create websites. It’s genuinely scary when you read their Tweets and can see they’re not over their own scam yet, but telling others what to do.

Sending scammers a virus. This is illegal, and that frankly should be enough. Let’s elaborate further though. Their infected PC then infects those of innocent people. Not so funny now, is it?

Involving innocent third parties. Giving a scammer details of someone else not involved in scambaiting is a definite no no now. If they’re not a part of the scam or the bait, then there’s no excuse to bring them in without their knowledge.

There are other things frowned upon these days, but I’d say those are the main ones.