Scam baiting explained: The internet's war on scammers

How does scam baiting work?

The first step to scam baiting is to recognize a scammer, although often the scammer is so blatantly obvious it's hard not to tell. Few scammers are slick operators. Many are clumsy, as evidenced by poorly written scripts.

It requires a bit of mental deftness, then, on the target's part, to realize what's happening and quickly turn it on the scammer. Scam baiting is not for everyone. Proficient practitioners are quick-witted improvisers.

A good scam baiter accomplishes the following two outcomes during the interaction: keeps the scammer on the phone for a long period and increasingly frustrates the scammer during this time. The longer the baiter extends the call – and aggravates the scammer – the more flustered the scammer's reaction when it appears on social media.

Typical methods of scam baiting

There are different levels of scam baiting, starting with casual or individual baiting. A person receives a call from, say, a scammer pretending to be with Microsoft's technical support or, perhaps, an email promising wealth or financial assistance. The baiter goes along, asking ridiculous or embarrassing questions or politely requesting the scammer, "Please repeat that last part again." It's all to draw out the interaction.

The second type is professional or investigative scam baiting. This process is more organized and professional. In fact, it's often instigated by the baiter rather than waiting for the scammer to attack.

The third type, ethical scam baiting, also targets scammers in a well-ordered fashion. Both investigative and especially ethical scam baiters often employ fake identities, proxy servers and phone number spoofing to protect their identities.

Among the different scam baiting scenarios are the following:

• Email scam baiting. The baiter receives unsolicited email spam, such as the legendary Nigerian prince scam, and decides to feign interest while sending unusual or confusing requests to the scammer simply to waste their time.
• Phone call scam baiting. The target receives an unsolicited phone call from someone proclaiming to be from Apple tech support, the IRS or a Social Security office. Similar to an email baiter, this "target" plays along to irritate the would-be scammer.
• Virtual machine scam baiting. Since virtual machine (VM) scams are less common, so is VM scam baiting. Still, in these remote technical support scams, the scammer asks to connect to the user's PC. Baiting involves recording the would-be scammer's actions to expose their tricks.
• Social engineering scam baiting. The target pretends to fall for the scam to gain the scammer's trust. Rather than simply cajoling the scammer, the baiter's purpose is to extract information.
• Professional or investigative scam baiting. Either an individual or, far more often, an organized group works to attack scammers proactively. Some in this project pose as victims, while others trace the scamming infrastructure – email addresses, IP addresses and servers – back to its source. These teams initiate contact with scammers and are far more likely to share findings with law enforcement than individuals.

Why do people do it?

For an individual scam baiter, it's often done purely for fun. Each baiter knows the other person is a scammer. Each knows there is very little chance of retaliation. And each enjoys frustrating the scammer before disconnecting, then easily puts the failed scammer out of mind.

Organized scam baiters are typically more resolute and goal-oriented in their approach. At minimum, they relentlessly frustrate scammers, but their true objective is catching and exposing them. Scam baiters see scammers the same way ethical hackers see malware authors—someone to stop, if at all possible.

What are the ethics of scam baiting?

Scam baiting is not illegal. Merely frustrating and annoying, a scammer maintains a baiter's lawful standing. Asking silly questions is one thing, but harassment, including threatening language and encouraging illegal activity, is itself illegal.

Scam baiting is ethical when baiters act with steadfast restraint in protecting others and vexing scammers. When done recklessly, however, it undermines its own purpose and potentially harms innocent people.

Yet scam baiters unquestionably waste any scammer's time – a resource otherwise spent targeting real victims. And many scam baiters publish videos on YouTube or their own blogs to help others recognize scams. Some skilled baiters trace back scammers, identify them, then report them to the authorities or, at the very least, publish their names online.

The impact of scam baiting

Beyond just the baiter's personal entertainment, scam baiting raises public awareness and has proven to prevent scams. While some scams are patently obvious due to poor English or ridiculous promises, there are some slick scammers in operation, along with plenty of people who simply don't know any better when they pick up a call or read an email. Education is the best counter to scammers.

On the downside, scam baiting sometimes encourages behavior that isn't merely risky or provocative; it's illegal. Also, there is always a risk of unintentional harm to third parties. Moreover, there is the possibility of blowback on the baiter. The scammer called using a phone number, after all. It's not difficult to track a home address from that.

Therefore, when considering scam baiting, it's crucial to employ strong cyber hygiene and anonymity tools. Finally, never engage scammers from work devices or accounts.

Andy Patrizio is a technology journalist with almost 30 years' experience covering Silicon Valley who has worked for a variety of publications on staff or as a freelancer, including Network World, InfoWorld, Business Insider, Ars Technica and InformationWeek.