I have always prided myself as being impervious to scams. After all, scams used to be part of my hacker toolkit. Hackers can be quite adversarial toward each other, usually when egos are bruised and their skills or knowledge is challenged by others. Needless to say, knowing how to scam my opponent was an essential survival skill.
Most everyone has at some point fallen prey to online scams. It is certainly no surprise that scammers are constantly innovating new ideas to lure unsuspecting users into their nets because the days of sending mass unsolicited emails allegedly sent from foreign Royalty needing your help have exhausted their usefulness.
I have a handful of single friends who are pretty gullible and not very tech-savvy to any conventional degree. They probably shouldn’t even own a computer because they manage to keep finding themselves swept up in the same scams.
One tactic I have been asked about on multiple occasions is when a scammer uses the photos of someone of age and slowly begins to social engineer their victims into a false relationship. At some point, the victim gets a call from someone claiming to be the “enraged father” of an “underaged child,” demanding payment in cryptocurrency as blackmail in exchange for not reporting the incident to the authorities.
The shock from the startling turn of events, mingled with the fear of being culpable of something so awful is certainly coercive tactic scammers are using in order to corner unsuspecting victims into coughing up absurd amounts of money.
A Scammer, Unmasked
I managed to avoid falling prey to scams for over twenty years, until late last year when I finally fell for a very clever scam. It was a good run while it lasted. I absolutely could have avoided it had I been more patient and thorough with verifying the professional background of a cunning imposter after the scammer pretended to be a civil rights attorney out of New Mexico.
After I looked his name up on the State Bar Registry, and briefly glanced at the website of the attorney he was impersonating unbeknownst to myself, I agreed to a phone call where we could discuss our options and potential strategies for a case I was investigating.
I was very impressed by his knowledge of civil litigation and procedure. His zeal was very reassuring, and his confidence set my mind at ease. That worked in his favor to disarm my guard, as he continued to social engineer me so he could pilfer my wallet.
A week later, he had uncovered more information about the case and merely requested that I send him $100 to cover a third of the cost of filing fees because he was putting his own money into the case. He presented me with a variety of payment options, which were an inconvenience to me, so we opted to use CashApp.
After he received the money transfer, he blocked me just like that. His mission was over. That is when it occurred to me with startling clarity that I’d just been epically bamboozled. I have to say, I was both impressed and exceedingly mortified.
How do I tell my friends that I got scammed? I was always poking fun at them for getting suckered into scams. Oh, how the tables have turned!
Going over in my head the events that had unfolded, I realized I had ignored a critical red flag. Several times I had asked for his attorney bar number, which he kept redirecting the conversation elsewhere. Sure, I googled the attorney’s bar number when I looked up the name he was using. But he himself wouldn’t divulge it.
Unfortunately, CashApp did not have any customer support feature during this time period. Trying to look it up on Google only directed me to CashApp customer support scam. Unwilling to live with myself being a sore loser, I immediately set to work uncovering the identity of the scammer, which was surprisingly not difficult.
Although he was well versed in matters of the law, he had no operations security (OPSEC) and was not practicing any useful online anonymity. This has been the case with virtually every scammer and phisher that has crossed my path recently.
Anyone can start launching phishing attacks nowadays, without prior knowledge of how it works. That is because of easily accessible autonomous phishing tools already preloaded with fraudulent phishing pages resembling the most popular online services with server functionality.
But I digress. I had to get to the bottom of how this scammer came to know the law so well and to try to recover the stolen funds.
I performed a reverse phone number lookup on the cellphone number he provided and uncovered the scammer’s name. I was able to compare it with the name I later found on his WhatsApp and Telegram accounts. So now, I had a phone number and a name.
Using PimEyes, I uploaded some of his profile display pictures. This service functions as a reverse image and facial recognition search engine and is able to use facial geometry to find matching images.
Within moments, I was able to view every location on the web these images were being used, which helped me build a profile of the scammer. It helped that he had a very active life on social networking sites. It seemed he didn’t really even have a double life.
I ran a criminal record check on the scammer’s name, which turned out to be so exhaustive that I found news articles detailing his rather colorful rap sheet of petty crimes and prison stints. He was a career criminal, plain and simple.
The Hammer Of Justice
I surmised that he must have been a jailhouse lawyer. For someone who spent so much time in and out of jail, he likely gained a working knowledge of the law and legal procedure by doing legal work for fellow inmates, which can be a pricey hustle.
A friend of mine managed to recover the stolen funds, and I notified the actual attorney he was impersonating of the ordeal I just experienced. While this was a learning experience, I still reflect back on the incident and marvel at the knowledge he possessed.
But in the end, his eagerness to make fast cash echoed every aspect of his long criminal history, denoting each failure to get away. All too often the thrill of stealing money seems to be the downfall of many scammers who are in such a hurry to close a deal and move on to the next victim.
They leave behind plenty of digital fingerprints, hoping someone doesn't put it all together and realize who they are. Then the hammer of justice falls.
An article by
Jesse McGraw
Edited by
Ana Alexandre
Like this content? Subscribe to our newsletter to get weekly cybersecurity insights and top news - straight to your mailbox!
Kommentare