WEBVTT 00:00:00.000 --> 00:00:03.840 JIM: Hello, Jack. 00:00:03.840 --> 00:00:05.700 JACK: Hello, hello. 00:00:05.700 --> 00:00:10.600 JIM: Good — well, it’s ‘good evening’ for me. I guess you’re in the states, 00:00:10.600 --> 00:00:11.800 so it’s probably the afternoon. 00:00:11.800 --> 00:00:15.800 JACK: Yeah, yeah, I just ate lunch. I’m having some chocolate. You like chocolate? 00:00:15.800 --> 00:00:20.520 JIM: Oh, yes. [Inaudible]. There’s very — well, 00:00:20.520 --> 00:00:25.306 there’s very few people, I think, don’t like chocolate, but — yeah. 00:00:25.306 --> 00:00:26.740 JACK: I know. Yeah, chocolate’s great. 00:00:26.740 --> 00:00:29.960 JIM: Yeah, yeah. Keeps you going, a bit of energy… 00:00:29.960 --> 00:00:32.480 JACK: Yeah, a little caffeine hit. 00:00:32.480 --> 00:00:33.460 JIM: Indeed. 00:00:33.460 --> 00:00:37.800 JACK: You know, there’s only a few places in the world that have caffeine. There’s tea, 00:00:37.800 --> 00:00:43.820 coffee, cola, chocolate, and I think that’s it. That’s the natural sources. 00:00:43.820 --> 00:00:47.560 JIM: Yeah. No, it’s — yeah, it’s hard to do without it, 00:00:47.560 --> 00:00:52.240 yeah. I do like a bit of chocolate. You’re actually making me hungry. I 00:00:52.240 --> 00:00:56.480 probably got you at a bad time. I wasn’t actually expecting you to say, yeah, 00:00:56.480 --> 00:01:01.660 I’m ready to go and we can just do this, but it absolutely suits me down to the ground, so… 00:01:01.660 --> 00:01:06.740 JACK: You know what? The thing is is that you are the most requested guest maybe I’ve ever had. 00:01:06.740 --> 00:01:08.914 JIM: Well, okay. That’s amazing. 00:01:08.914 --> 00:01:11.440 JACK: So, if you’re available, I’m available. Let’s go. I’m gonna put 00:01:11.440 --> 00:01:15.040 the chocolate to the side, and let’s get — let’s make a podcast. 00:01:15.040 --> 00:01:19.480 JIM: Yeah, that’s cool. I’ve gotta say even before we do this, I have listened to loads 00:01:19.480 --> 00:01:26.380 of your podcasts and honestly, it’s an honor for me even to be asked onto it. So, there you go. 00:01:26.380 --> 00:01:32.840 JACK: So, you’re the guy that everyone knows, and you’re ready to go? 00:01:32.840 --> 00:01:39.817 JIM: Oh, I’m ready, yeah, yeah. Fire away. 00:01:39.817 --> 00:01:42.120 (INTRO): [INTRO MUSIC] These are true stories from the dark side of 00:01:42.120 --> 00:02:02.820 the internet. I’m Jack Rhysider. This is Darknet Diaries. [INTRO MUSIC ENDS] 00:02:02.820 --> 00:02:10.400 JACK: Today I have the absolute pleasure to speak with Jim Browning. Jim was the first 00:02:10.400 --> 00:02:14.240 person I ever saw do scambaiting, and I was blown away that someone even does 00:02:14.240 --> 00:02:20.040 this sort of thing. Scambaiting is just as it sounds; he tries to bait scammers to scam him, 00:02:20.040 --> 00:02:24.467 and he records it for YouTube, and it’s really quite amazing to watch. 00:02:24.467 --> 00:02:27.360 JIM: [MUSIC] So, it still says ‘connecting’. 00:02:27.360 --> 00:02:28.869 SCAMMER1: [Inaudible] taking a long time because I… 00:02:28.869 --> 00:02:29.800 JIM: Yeah, I don’t know why. 00:02:29.800 --> 00:02:33.840 SCAMMER1: …your computer and internet is working really [inaudible] because 00:02:33.840 --> 00:02:36.355 it got infected with the virus. [CROSSTALK] So, let me explain… 00:02:36.355 --> 00:02:38.960 JIM: Oh, is it the virus doing this? Alright. 00:02:38.960 --> 00:02:40.839 SCAMMER1: Yes. 00:02:40.839 --> 00:02:40.884 JIM: Nothing to do with the livestream, then. 00:02:40.884 --> 00:02:43.840 SCAMMER1: Let me explain to you now what happened, actually. The alert which you got, 00:02:43.840 --> 00:02:49.320 that is that security block alert which is coming from internet, because right now you 00:02:49.320 --> 00:02:56.240 have no — any internet security. That is the reason, while browsing over the internet by 00:02:56.240 --> 00:03:03.220 mistake or by accidentally. You might have — click any link which was not secure, okay? 00:03:03.220 --> 00:03:04.620 JIM: Oh, I see. 00:03:04.620 --> 00:03:10.467 JACK: How did all this get started for you? What’s your origin story with this whole scam thing? 00:03:10.467 --> 00:03:13.760 JIM: [MUSIC] Well, I wish it was a bit more like Batman, you know? Batman has 00:03:13.760 --> 00:03:19.840 got this — an injustice [inaudible] and they — he’s after the Joker and all this. Very, 00:03:19.840 --> 00:03:28.200 very different for me. The way I got started was probably like most people; I receive lots of scam 00:03:28.200 --> 00:03:34.480 phone calls. You keep hearing those incessant phone calls, people pretending to be Microsoft, 00:03:34.480 --> 00:03:40.480 pretending they’re Amazon, your bank, and so on. Most people know just to hang up those calls, 00:03:40.480 --> 00:03:47.280 but I am one of those people who — I love to dig a little bit deeper because I am 00:03:47.280 --> 00:03:52.800 an engineer. I know about computers, know about networks, and I thought to myself, 00:03:52.800 --> 00:03:59.680 surely someone is doing something about this, and if they’re not, maybe I can do something. 00:03:59.680 --> 00:04:04.320 JACK: I’m sure you’re familiar with the fake Microsoft support scam calls. It’s 00:04:04.320 --> 00:04:07.400 typically where someone from India calls you up and says you have a 00:04:07.400 --> 00:04:12.899 problem with your computer, and it sounds something like this. 00:04:12.899 --> 00:04:13.900 JIM: [PHONE RINGING] Hi, hello? 00:04:13.900 --> 00:04:18.960 SCAMMER2: Oh, yes. Hello. I’m calling from We Support [inaudible] and my name is Sandeep, Jim. 00:04:18.960 --> 00:04:23.720 JACK: They’ll try to convince you that your computer has a virus and they can help, 00:04:23.720 --> 00:04:27.960 and they’ll ask for control of your computer to fix it. But the thing is, you don’t actually 00:04:27.960 --> 00:04:33.120 have a virus at all. They just made up this problem and they want to take your money. Jim 00:04:33.120 --> 00:04:36.680 finds this whole thing really fascinating and just can’t stop thinking about this. 00:04:36.680 --> 00:04:41.860 JIM: I really want to find out about what makes the scam tick. 00:04:41.860 --> 00:04:48.480 JACK: So, Jim finds himself on these calls to hear how it works and watch 00:04:48.480 --> 00:04:52.240 their whole operation, and then he calls them out on it like this. 00:04:52.240 --> 00:04:54.800 SCAMMER2: Yes, I just need to inform you that we have finished 00:04:54.800 --> 00:04:57.960 all the work with the computer now and everything is working fine with it. 00:04:57.960 --> 00:05:01.560 JIM: Right. Did you find any Trojans or anything? 00:05:01.560 --> 00:05:05.160 SCAMMER2: Yes. We have already removed all your network infections, 00:05:05.160 --> 00:05:10.040 and also we have blocked them so they will not enter from now onwards. 00:05:10.040 --> 00:05:16.320 JIM: Right. Just that I was watching everything you were doing and also recording what you’re 00:05:16.320 --> 00:05:20.640 doing and recording your voice, because you’ve removed nothing whatsoever from 00:05:20.640 --> 00:05:24.820 this machine. It was never infected in the first place and all you’ve done… 00:05:24.820 --> 00:05:25.480 SCAMMER2: I’m sorry? 00:05:25.480 --> 00:05:31.440 JIM: It was never infected with anything in the first place, and you know that. So, you say 00:05:31.440 --> 00:05:37.380 that you’ve removed a Trojan. Tell me what Trojan you’ve removed and show me evidence of that, then. 00:05:37.380 --> 00:05:39.840 SCAMMER2: Alright. Now, we have already removed — and 00:05:39.840 --> 00:05:42.860 everything is recorded at our end as well. Yes? 00:05:42.860 --> 00:05:47.560 JIM: Yeah, show me. Tell me what Trojan I had, then. 00:05:47.560 --> 00:05:49.680 SCAMMER2: We have removed all the Trojans. 00:05:49.680 --> 00:05:55.720 JIM: Yeah, show me. Show me one Trojan that you’ve removed. 00:05:55.720 --> 00:06:01.380 SCAMMER2: Okay, let me explain it to you. There were Trojan horses in it. 00:06:01.380 --> 00:06:04.540 JIM: Yeah, show me evidence of that. That’s what I’m asking. 00:06:04.540 --> 00:06:07.700 SCAMMER2: But how should I show you now? But they are already removed. 00:06:07.700 --> 00:06:14.240 JIM: Because if it was something like, oh, this particular tool, it would have logs and it would 00:06:14.240 --> 00:06:22.200 show you in the history what was removed, okay? There’s nothing been removed here. 00:06:22.200 --> 00:06:24.980 SCAMMER2: This is an anti-malware software. 00:06:24.980 --> 00:06:29.200 JIM: So, go on then. Tell me what software you used to remove any Trojan. Bear in mind, 00:06:29.200 --> 00:06:31.920 I’ve recorded everything you’ve done. So, 00:06:31.920 --> 00:06:35.220 are you gonna still stand by that story that you removed a Trojan? 00:06:35.220 --> 00:06:38.680 SCAMMER2: So, may I put the line on hold for one to two minutes? 00:06:38.680 --> 00:06:41.680 JIM: You can do what you want, but don’t forget; all of this is going to 00:06:41.680 --> 00:06:46.020 be uploaded to YouTube very shortly, so be very careful what you say in the next few minutes. 00:06:46.020 --> 00:06:50.520 JACK: Jim is pretty good at catching them in a lie, and then he tries to get 00:06:50.520 --> 00:06:54.980 them to explain themselves. When they continue denying it, he reports them. 00:06:54.980 --> 00:06:55.440 SCAMMER2: Definitely. 00:06:55.440 --> 00:07:00.800 JIM: What I will do is now that I’ve got your IP address, this one, and the timestamp, 00:07:00.800 --> 00:07:06.920 which is Mumbai — so it’s now 6:00 PM; it’s been running for a few hours, this one, though — I can 00:07:06.920 --> 00:07:14.240 go to your ISP, and that’s Tata Tele Services in Italy. They provide that IP address to you, 00:07:14.240 --> 00:07:19.000 and that’s the one you’re using at the minute. So, I’m gonna get them to identify exactly who 00:07:19.000 --> 00:07:25.418 you are, because I know your address isn’t in California. I know you’re located in India. Or… 00:07:25.418 --> 00:07:25.435 SCAMMER2: Okay… 00:07:25.435 --> 00:07:29.360 JIM: …I’ll probably just publish all of this on YouTube anyway. Right? 00:07:29.360 --> 00:07:30.280 SCAMMER2: So, thank you for choosing We Support… 00:07:30.280 --> 00:07:39.280 JIM: Thank you for choosing scammers in Mumbai, yes. Okay. [TO JACK] Yeah, in my — my background 00:07:39.280 --> 00:07:45.900 is that I have been in IT really all my professional life, all my working life. 00:07:45.900 --> 00:07:50.260 JACK: Yeah, let’s hear about that. What’s the specialty that you are in IT? 00:07:50.260 --> 00:07:55.880 JIM: Yeah, so, I guess up until very recently I had a real job, 00:07:55.880 --> 00:08:04.320 as in a real, normal IT job. I worked for a large company, should we say in the UK, 00:08:04.320 --> 00:08:12.120 and part of their specialty was dealing with IT services and setup, and I have personally 00:08:12.120 --> 00:08:19.680 supported an organization with more than two or three hundred people in it. So, I’m the kinda 00:08:19.680 --> 00:08:26.360 admin, the sysadmin, for a large IT company. So, that’s my background. As part of that, 00:08:26.360 --> 00:08:33.680 I am also a programmer, I’m a network engineer, and — but I have no form of qualifications in, 00:08:33.680 --> 00:08:39.480 for example, cybersecurity, although at this stage I think I could probably do 00:08:39.480 --> 00:08:49.506 fairly well in a cybersecurity exam. But my background is a normal IT job. That’s it. 00:08:49.506 --> 00:08:54.440 JACK: [MUSIC] A lot of times what these scammers will do is type commands on your computer to prove 00:08:54.440 --> 00:08:59.360 you have a virus, but all they’re doing is just showing you really normal computer activity, 00:08:59.360 --> 00:09:04.400 and it doesn’t prove anything. In fact, one time I saw a video of his where a scammer just typed 00:09:04.400 --> 00:09:10.920 on the screen that the firewall is damaged and is at 2%. The scammer was trying to say 00:09:10.920 --> 00:09:16.080 hackers are gonna soon break through and get everything. But the thing is is that firewalls 00:09:16.080 --> 00:09:22.000 don’t have a percentage, and it’s great that Jim knows a lot about IT and can easily spot 00:09:22.000 --> 00:09:26.340 every one of these bad attempts at showing him that there’s a problem on his computer. 00:09:26.340 --> 00:09:32.600 JIM: …type these things into your computer and, look, you’ve got hackers, you’ve got viruses, 00:09:32.600 --> 00:09:38.820 you’ve got computer problems. You’re gonna have to pay me $200, $300 to fix that problem. 00:09:38.820 --> 00:09:45.240 JACK: Now, these scammers are not sophisticated at all. Their scam is really basic, but their 00:09:45.240 --> 00:09:51.440 method of collecting payment is crazy ridiculous. What they should do is just act like a normal 00:09:51.440 --> 00:09:56.200 company and set up a website where you enter in your credit card details and send the money, 00:09:56.200 --> 00:10:01.720 but they can’t do that because payment processors will quickly spot and shut them down and freeze 00:10:01.720 --> 00:10:07.120 their money, maybe even charge them a fee. So, Stripe and PayPal are just out of the question 00:10:07.120 --> 00:10:13.080 here, which means they’ve gotta come up with some creative, alternative ways to get money from you. 00:10:13.080 --> 00:10:17.560 JIM: They will get you to buy a giftcard. They won’t use the word ‘giftcard’. What they say 00:10:17.560 --> 00:10:22.960 to their victims is you’ve got a security problem; you’re gonna have to solve it with 00:10:22.960 --> 00:10:27.400 a security card, and you’ll have to go to your local Walmart or whatever to get the 00:10:27.400 --> 00:10:34.400 security card. They won’t use the word ‘giftcard’ if they can avoid it, but of course, whenever you 00:10:34.400 --> 00:10:39.360 go in there and you’re outside the store, they will say, right, I need you to go in and buy an 00:10:39.360 --> 00:10:47.000 Apple card or an eBay card or whatever it is. As soon as you read out that number, that’s as good 00:10:47.000 --> 00:10:53.520 as them taking the value of that card because they can launder that almost immediately. So… 00:10:53.520 --> 00:10:56.560 JACK: So, I’m curious on that. How do they launder it? Because 00:10:56.560 --> 00:10:59.160 if you give someone an eBay card, they’re not going to buy something 00:10:59.160 --> 00:11:02.260 on eBay. They’re probably selling that for pennies on the dollar. 00:11:02.260 --> 00:11:08.320 JIM: They do, exactly, and they’d be lucky to get maybe 50% of the actual value of the card. 00:11:08.320 --> 00:11:14.280 But what they do is they take those numbers and there is quite a — well, 00:11:14.280 --> 00:11:19.600 shall we say a black market for giftcard numbers? They are legitimate websites like 00:11:19.600 --> 00:11:28.240 Paxful, for example, where people will buy Google Play cards, eBay cards, you name it, 00:11:28.240 --> 00:11:34.640 any sort of giftcard, and they will give you 50% of the value and they will mark that up, 00:11:34.640 --> 00:11:43.040 and they may directly or indirectly buy items from those stores. So, yes, absolutely, they’re gonna 00:11:43.040 --> 00:11:49.880 lose half the value, but if you’re a scammer, you have completely, cleanly washed that money because 00:11:49.880 --> 00:11:55.900 there’s almost no way of getting money back when someone’s bought a giftcard and it’s been used. 00:11:55.900 --> 00:12:00.680 JACK: This always seems surprising to me, to convince your victim to hang up the phone, 00:12:00.680 --> 00:12:05.800 go drive to the store, buy a giftcard, then drive back home and call the scammer back up 00:12:05.800 --> 00:12:12.320 to give them the giftcard details. I just think you’re gonna lose your victim every 00:12:12.320 --> 00:12:17.880 time in that process. On top of that, they’re only getting half the value that’s on the card. 00:12:17.880 --> 00:12:23.320 But this seems to be pretty effective. These scam centers are making quite a bit of money this way, 00:12:23.320 --> 00:12:28.880 and I guess this means that even though the scam is hilariously bad and the method of 00:12:28.880 --> 00:12:34.800 collecting money is ridiculously complex, the thing that makes this work is the numbers, 00:12:34.800 --> 00:12:40.880 the relentless attempts at scamming people. If they try over and over and over, 00:12:40.880 --> 00:12:47.680 they’ll eventually get people to pay them. Now, of course, some victims don’t want to send giftcards, 00:12:47.680 --> 00:12:51.380 so the scammers say, that’s fine. There’s another way; send us cash. 00:12:51.380 --> 00:12:59.640 JIM: They actually persuade people to go to their local bank and withdraw cash. They will say, 00:12:59.640 --> 00:13:03.880 I’ll instruct you in a moment what you do with the cash. So, they generally get the victim to take 00:13:03.880 --> 00:13:10.000 the cash home, and then they’ll say — and this is typically for a bank-type scam. They’ll say, 00:13:10.000 --> 00:13:16.600 we’re gonna create a new account for you and you need to send that money to a secure facility. They 00:13:16.600 --> 00:13:23.320 will say, look, you need to put the cash into pages of a book. So, between pages of a book, 00:13:23.320 --> 00:13:29.160 wrap that in silver foil, and they will actually get you then to go to the nearest 00:13:29.160 --> 00:13:37.480 FedEx or post office and mail your cash to an address, and it’s a money mule address. 00:13:37.480 --> 00:13:43.160 JACK: That sounds even more bizarre. Have these victims never paid for anything in their life 00:13:43.160 --> 00:13:49.640 before? In what world is it normal to wrap cash up in tinfoil and stuff it in a book and then ship it 00:13:49.640 --> 00:13:56.640 somewhere to get your computer fixed? I don’t want to be victim-blaming here, but come on, 00:13:56.640 --> 00:14:03.560 how colorblind to you have to be to not see these giant red flags? One of the scams that Jim 00:14:03.560 --> 00:14:08.534 sees often is called a refund scam, and it might start out with a phone call that sounds like this. 00:14:08.534 --> 00:14:12.480 SCAMMER3: [ROBOTIC VOICE] Hi. We are calling you from your computer maintenance department. 00:14:12.480 --> 00:14:17.880 If you remember, you have a contract with us. For computer support and services, 00:14:17.880 --> 00:14:22.000 unfortunately we are closing the business. So, 00:14:22.000 --> 00:14:28.680 you can give us a call for the refund of the amount you paid to claim your refund. 00:14:28.680 --> 00:14:32.280 JACK: This is a real voicemail or a phone call that somebody got, and people are 00:14:32.280 --> 00:14:38.160 falling for this and calling up the number. To you and me, that phone call sounds ridiculous, 00:14:38.160 --> 00:14:44.560 doesn’t it? Like, it’s a crappy robo voice and it’s not fooling us. But just think about the 00:14:44.560 --> 00:14:51.040 mechanics of this call. They’re clearly using some text-to-speech software, right? I don’t know why, 00:14:51.040 --> 00:14:56.320 but they’re using a terrible version and have terrible English, but technology is rapidly 00:14:56.320 --> 00:15:02.960 improving. There’s way better software out there today, and I just wonder, you know, some day the 00:15:02.960 --> 00:15:08.680 scammers are gonna upgrade and use the good stuff. Let me demonstrate. Here’s what I’m gonna do; 00:15:08.680 --> 00:15:13.400 I’m gonna improve this whole scam attempt. Are you ready? First, I’m gonna take the text that they 00:15:13.400 --> 00:15:20.040 said in that call and ask ChatGPT to rewrite this but make it sound more like a natural 00:15:20.040 --> 00:15:25.360 English-speaker would say. Cool. Now, take that and make it sound even more casual, like something 00:15:25.360 --> 00:15:31.840 you’d just hear on a phone call or something. Okay, that looks good. Now I’ll run this through 00:15:31.840 --> 00:15:39.560 a more modern text-to-speech software. Okay, it’s done. Let’s take a listen to this call now. 00:15:39.560 --> 00:15:44.120 SCAMMER3: Hello, sorry to bother you. My name is Sarah from the computer maintenance 00:15:44.120 --> 00:15:49.120 department. I need to talk with you about your support contract with us. Here’s the thing; 00:15:49.120 --> 00:15:54.400 we’re closing the business. I know, it’s a bummer. I’m sorry. But here’s the good news; 00:15:54.400 --> 00:15:59.720 you’ll be getting a refund for the amount you’ve already paid us. Whenever you have a moment, can 00:15:59.720 --> 00:16:06.980 you call me back? I want to get this refund to you as soon as possible. Hope to chat with you soon. 00:16:06.980 --> 00:16:11.840 JACK: You see how much better it is with modern tools? Seriously, 00:16:11.840 --> 00:16:18.014 that took me two minutes of just using automated tools to fix it up. The audio went from stupid… 00:16:18.014 --> 00:16:19.540 SCAMMER3: [ROBOTIC VOICE] …computer maintenance department… 00:16:19.540 --> 00:16:20.580 JACK: …to scary. 00:16:20.580 --> 00:16:22.360 SCAMMER3: I know, it’s a bummer. 00:16:22.360 --> 00:16:27.440 JACK: Maybe you can still spot that that’s AI-generated, but would your grandparents 00:16:27.440 --> 00:16:33.640 think that? I improved it because I want you to be aware of the tools that scammers have at 00:16:33.640 --> 00:16:39.040 their disposal today if they wanted to, and I want you to think about how much better their 00:16:39.040 --> 00:16:44.440 scams are gonna be in the future. We see that they’re using text-to-speech software today, 00:16:44.440 --> 00:16:48.240 and it’s just a matter of time that that text-to-speech software sounds 00:16:48.240 --> 00:16:55.800 really convincing. Then what? What red flags would you notice in this audio to make you 00:16:55.800 --> 00:17:00.080 think it’s a scam? Now you’ve really gotta think, well, hold on, do I actually have a 00:17:00.080 --> 00:17:04.600 support contract somewhere? Who are these people? Let me call them up and find out. 00:17:04.600 --> 00:17:10.920 Now you’re on a phone call with a scammer, a position you really don’t want to be in, 00:17:10.920 --> 00:17:16.760 and you can see how this whole thing is gonna get trickier and trickier in the future. 00:17:16.760 --> 00:17:21.280 JIM: [MUSIC] The scam is what you call a refund scam. So, they’ll pretend to be a 00:17:21.280 --> 00:17:27.240 big organization, typically Amazon, and the conversation will start off with — they say 00:17:27.240 --> 00:17:33.600 they’re gonna refund this charge, which the victim will know nothing about. 00:17:33.600 --> 00:17:38.080 JACK: Okay. If I’m the victim, I’d be like, okay, 00:17:38.080 --> 00:17:42.480 I have no memory of this charge. Go ahead, refund me, and see you later. 00:17:42.480 --> 00:17:46.660 But it’s trickier than that. Here’s one of the actual scam calls that Jim captured. 00:17:46.660 --> 00:17:50.240 SCAMMER4: We can easily send you the money into your account in five to 00:17:50.240 --> 00:17:55.800 ten minutes and you will get your amount right back right now, okay? Alright. So, 00:17:55.800 --> 00:18:00.340 do you do online banking then? So, which bank do you do online banking? 00:18:00.340 --> 00:18:03.360 JIM: This victim mentions Mid Oregon Bank. 00:18:03.360 --> 00:18:09.520 SCAMMER4: Just go ahead and log into your bank. Log into your bank first of all, sir. Alright, 00:18:09.520 --> 00:18:16.240 that’s great. Now, sir, you have to tell me — like, your account has been opened, right? 00:18:16.240 --> 00:18:22.520 Alright, sir. I do need that — you have to tell me in which account do your need your money back? 00:18:22.520 --> 00:18:26.680 JACK: Now, here’s where the scam part comes in. The scammer will say that they want to 00:18:26.680 --> 00:18:32.120 make sure the money goes into the proper bank account and will ask to see the victim’s screen 00:18:32.120 --> 00:18:37.320 by using some screen-sharing application, and then they’ll ask to take control of the victim’s 00:18:37.320 --> 00:18:43.800 computer. Once they have control of the victim’s computer and can see their online bank balances, 00:18:43.800 --> 00:18:49.160 then they’ll say they’re initiating the refund for, whatever, say $300. Since the victim is 00:18:49.160 --> 00:18:55.560 logged into the bank’s website, what the scammer will do is edit the web page in the browser to 00:18:55.560 --> 00:18:59.640 make it look like the money was just deposited into the account. But it’s a fake deposit, 00:18:59.640 --> 00:19:03.240 though. It just looks like the money went in, but the scammer just faked the whole transaction 00:19:03.240 --> 00:19:10.200 by editing the HTML on the victim’s screen. But here’s the tricky part; the scammer will put in 00:19:10.200 --> 00:19:16.800 the wrong amount for the refund. If the victim was expecting a $300 refund, the scammer would 00:19:16.800 --> 00:19:24.200 instead put in a $5,000 deposit instead, then act all surprised that they put in the wrong amount. 00:19:24.200 --> 00:19:26.600 SCAMMER4: $5,000 [inaudible], you said? Oh, 00:19:26.600 --> 00:19:28.980 my goodness. Will you please hold on for a minute, sir? 00:19:28.980 --> 00:19:33.080 JIM: So, the scammer obviously knows that he’s overpaid this victim. So, 00:19:33.080 --> 00:19:38.440 the key to this scam is how they get the money back again. Our scammer comes up with a solution. 00:19:38.440 --> 00:19:44.080 SCAMMER4: Sir, I just got a mail from a [inaudible] server, and unfortunately that you 00:19:44.080 --> 00:19:50.100 got extra amount in your account by mistake, sir. So, sir, will you please refund me my money back? 00:19:50.100 --> 00:19:52.720 JIM: Inevitably, the victim asks how you 00:19:52.720 --> 00:19:55.960 can refund the money. Surely they can just take it back themselves. 00:19:55.960 --> 00:20:00.240 SCAMMER4: Oh, sir, I can tell you — I can tell you, 00:20:00.240 --> 00:20:02.880 sir, what you have to do to refund me my money back to me, 00:20:02.880 --> 00:20:06.240 alright? Let me have a — speak with my manager, okay, sir? Let me have a word with them. 00:20:06.240 --> 00:20:08.660 JIM: A few moments later, there’s a proposal. 00:20:08.660 --> 00:20:12.920 SCAMMER4: …have a word with my manager, sir, and they said there is some financial institution 00:20:12.920 --> 00:20:18.200 where you can send our money back to us, alright? So, do you know any Apple Store near someplace? 00:20:18.200 --> 00:20:20.880 JIM: Yes, he said ‘Apple Store’. He wants his 00:20:20.880 --> 00:20:26.440 victim to go to an Apple Store in order to get his money back. 00:20:26.440 --> 00:20:30.760 SCAMMER4: You don’t know? Okay, well, let me find Apple Store for you, sir. Hold on for one minute. 00:20:30.760 --> 00:20:34.480 JIM: He searches on the victim’s PC for the nearest Apple Store. 00:20:34.480 --> 00:20:40.620 SCAMMER4: Can you see, sir? There is a place called Simplymart. Do you know this place? 00:20:40.620 --> 00:20:43.880 JIM: He spends the next few minutes explaining that he’s 00:20:43.880 --> 00:20:48.200 going to need $5,000 worth of Apple gift vouchers. 00:20:48.200 --> 00:20:54.040 JACK: Jim says he’s seen scammers also try to get people to send back the money using Zelle and bank 00:20:54.040 --> 00:20:59.880 wires, too, and some people have lost quite a bit of money to these refund scams. It really does 00:20:59.880 --> 00:21:05.400 look convincing when you look at your bank balance and it shows $5,000 more than what you were 00:21:05.400 --> 00:21:10.280 expecting. The victim could just refresh the page and the whole thing would reset, but the scammers 00:21:10.280 --> 00:21:17.720 are really good at preying on the victim’s goodwill, you know? The victims will give back 00:21:17.720 --> 00:21:24.840 the money, which is a pretty jerk thing to do, to exploit the goodness in people. [TO JIM] You 00:21:24.840 --> 00:21:30.560 said that up until recently you had a real job. Is this now your full-time job, is content creator? 00:21:30.560 --> 00:21:39.920 JIM: It is, yeah. So, as of just over a year and a bit ago, I gave up my full-time job, IT job, 00:21:39.920 --> 00:21:45.220 and my full-time job is now making YouTube videos and, yeah, going after scammers. 00:21:45.220 --> 00:21:51.600 JACK: So, it sounds like this is something you’re really passionate about, to leave your career 00:21:51.600 --> 00:21:58.920 behind, go right into chasing after scammers and exposing them. Is that true? This is your passion? 00:21:58.920 --> 00:22:04.560 JIM: Oh, for sure, yeah. It’s definitely a passion. I can’t stand scammers. That 00:22:04.560 --> 00:22:10.280 is my little tagline, if you like, of my YouTube channel. I can’t stand scammers. 00:22:10.280 --> 00:22:15.000 JACK: The thing about you, Jim, though, when I’m watching you and I’m listening to you, 00:22:15.000 --> 00:22:19.960 your voice is just so calm and cool and I never hear passion in there and 00:22:19.960 --> 00:22:23.320 I never hear things like, I can’t stand scammers. There’s not even — you don’t 00:22:23.320 --> 00:22:28.320 even have inflection when you say that. You’re just like, I can’t stand scammers. 00:22:28.320 --> 00:22:33.680 JIM: But this is the thing; I really don’t — and maybe it’s something to do with my Irish accent or 00:22:33.680 --> 00:22:41.640 whatever, but honestly, when it comes to scams and scammers, now I’m devoting my life, but it 00:22:41.640 --> 00:22:50.440 is for that reason. If you watch what I do, if you listen to the calls I hear every single day, 00:22:50.440 --> 00:22:57.320 you can’t help not going after these guys. I’ve kinda — I build up a bit of a hatred for them, 00:22:57.320 --> 00:23:03.400 but it probably doesn’t come across in the way I make the YouTube videos or my inflections or 00:23:03.400 --> 00:23:11.480 anything else. But in a lot of ways that helps me because if I appear calm, if I try to think it 00:23:11.480 --> 00:23:19.600 through, if I try to rationalize what I’m doing, it gives me, in some way, a bit of strength to 00:23:19.600 --> 00:23:24.160 try and combat these scammers, ‘cause I like to think I’ve got a level head when it comes 00:23:24.160 --> 00:23:29.680 to tracking these guys down, and I think that’s why I’ve been a success as well as I have been. 00:23:29.680 --> 00:23:35.320 JACK: Yeah, you have a unique approach that — you’re not sensationalizing it. 00:23:35.320 --> 00:23:39.680 This is what I loved about it, actually, honestly, is there’s kind of been a trend 00:23:39.680 --> 00:23:45.160 of people doing things similar to you now, and they’re making it into a big game and 00:23:45.160 --> 00:23:49.320 lots of excitement. They’re trying to get the other person to just lose their mind, 00:23:49.320 --> 00:23:53.640 you know, and start screaming back or something, and you’re always very calm and… 00:23:53.640 --> 00:24:00.240 JIM: Of course, there’s room for that. I encourage everyone to be a form of scambaiter. If you can 00:24:00.240 --> 00:24:04.840 waste someone’s time who’s — who you know is trying to steal money from you, it means 00:24:04.840 --> 00:24:09.680 they’re not stealing money from your parents, grandparents, and whatever. So, absolutely there’s 00:24:09.680 --> 00:24:16.960 room for everyone. I encourage everyone to do what I do. Well, maybe not quite as far as I go because 00:24:16.960 --> 00:24:22.520 it could land you in trouble, and — but there’s nothing wrong with wasting a scammer’s time. 00:24:22.520 --> 00:24:27.240 JACK: Huh, he’s encouraging everyone to waste scammers’ time, and that’s an interesting idea, 00:24:27.240 --> 00:24:30.920 I think. Imagine if every time you got a call from one of these scammers, you instantly got excited 00:24:30.920 --> 00:24:34.960 and you’re like, oh boy, this is gonna be a fun call. Of course, you don’t give them access to 00:24:34.960 --> 00:24:40.000 your computer or send them money, but what could you do to waste their time? I say someone should 00:24:40.000 --> 00:24:44.720 just create an app on my phone that’s AI-driven, that I could just pass the call over to it and 00:24:44.720 --> 00:24:49.840 it acts like me and it talks to the scammers for hours, keeping them going just a little longer. 00:24:49.840 --> 00:24:55.200 Like, maybe there’s really long loading screens or web pages aren’t loading right or something, 00:24:55.200 --> 00:24:58.640 and things just keep timing out and they have to start all over again. You know, 00:24:58.640 --> 00:25:02.960 there are a few scambaiters out there, and one of them is called Kitboga, and I did see him 00:25:02.960 --> 00:25:08.840 dabbling with a AI bot tool to try to waste scammers’ time. [MUSIC] But as Jim spent more 00:25:08.840 --> 00:25:14.680 and more time with these scammers, something really fascinating happened to him one day. He 00:25:14.680 --> 00:25:21.960 somehow ended up controlling one of the scammers’ PCs, and this sent Jim in a whole new direction. 00:25:21.960 --> 00:25:27.760 JIM: The very first time that I was able to connect to a scammer’s computer was that the 00:25:27.760 --> 00:25:36.520 scammer actually gave me his user ID and password to connect to him, and then he would switch sides. 00:25:36.520 --> 00:25:42.760 So, there was a period of time where if the scammers were using a bit of remote access 00:25:42.760 --> 00:25:47.800 software called TeamViewer, if they were using TeamViewer and the connections were coming from 00:25:47.800 --> 00:25:55.600 India, TeamViewer noticed that a lot of them were scams and they actually banned the entire country 00:25:55.600 --> 00:26:01.680 for a period of time. During that time, they wanted to keep the scams running, so what the 00:26:01.680 --> 00:26:09.160 scammers would do is say, well, you connect to me. There’s a little bit of software internally that 00:26:09.160 --> 00:26:16.480 says ‘switch sides with partner’, and then they would connect back to the victim, supposedly. So, 00:26:16.480 --> 00:26:21.220 I was actually given the scammer’s username and password, so I can connect to their computer. 00:26:21.220 --> 00:26:26.000 JACK: That must have been — the first time you did that, that must have been such a wild moment. 00:26:26.000 --> 00:26:30.600 JIM: Oh, it was unbelievable because what you can do is exactly what the scammers do, 00:26:30.600 --> 00:26:35.680 which is as soon as you make that connection, you can lock their keyboard and mouse and 00:26:35.680 --> 00:26:41.840 blacken their screen. So, I knew how to do that because I had seen it so often. So, 00:26:41.840 --> 00:26:48.560 this was a real gift for me. So, I connected to them, locked them out of their computer, 00:26:48.560 --> 00:26:51.760 started to download all the files to try and figure out who this was… 00:26:51.760 --> 00:26:56.660 SCAMMER5: Now, just beside ‘communicate’, do you see the option which says ‘connect to partner’? 00:26:56.660 --> 00:26:57.560 JIM: Yeah, okay. 00:26:57.560 --> 00:27:00.000 SCAMMER5: Hey, what are you doing? 00:27:00.000 --> 00:27:05.840 JIM: I can’t see ‘communicate’. Are you still there? 00:27:05.840 --> 00:27:07.075 SCAMMER5: [AUDIO BREAKING UP] 00:27:07.075 --> 00:27:10.600 JIM: Well, you are — you’re the one who’s scamming, aren’t you? [TO JACK] Of course, 00:27:10.600 --> 00:27:13.800 because their computer is completely locked and black-screened, they’re 00:27:13.800 --> 00:27:18.800 not really quite sure what goes on. They maybe hadn’t encountered this before. So, 00:27:18.800 --> 00:27:24.640 I knew that my time was probably limited, so I grabbed as much as I could from — I can download 00:27:24.640 --> 00:27:29.920 all their files. They weren’t seeing any of this, and I was able to work out exactly who they were. 00:27:29.920 --> 00:27:36.680 JACK: This is why I love watching Jim’s YouTube videos. This isn’t the only time he hacked into a 00:27:36.680 --> 00:27:41.720 scammer’s computer. He does it practically every video now. He’s figured out so many different 00:27:41.720 --> 00:27:48.040 ways to get into the scammer’s computers. You just heard one way he does it, and he won’t 00:27:48.040 --> 00:27:53.080 tell me any of the other ways that he gets into these computers because he says if he tells us, 00:27:53.080 --> 00:27:57.760 then the scammers are gonna hear this and fix it and he’ll lose access, so he keeps 00:27:57.760 --> 00:28:04.200 his little hacking methods secret. But my mind cannot help but start to brainstorm ideas on how 00:28:04.200 --> 00:28:09.360 you could hack into a scammer’s computer. So, let me just think out loud here for a minute. Okay, 00:28:09.360 --> 00:28:14.960 so, when you connect — when the scammer connects into Jim’s computer to do that remote support, 00:28:14.960 --> 00:28:19.680 right, that scammer’s gonna be coming from a specific IP, and Jim could probably see that, 00:28:19.680 --> 00:28:25.080 right? If he does Wireshark or something, he could capture that IP, and then he’s got their 00:28:25.080 --> 00:28:31.000 public IP. From there, could he then port scan that IP and look for open ports and then try 00:28:31.000 --> 00:28:36.800 to find some exploits or vulnerabilities to hit those ports? Maybe. Maybe that is 00:28:36.800 --> 00:28:44.160 possible. Another thing is if they’re using some remote desktop software, is there a bug 00:28:44.160 --> 00:28:50.320 in that software that Jim can exploit to reverse the connection? I don’t know how he does it, 00:28:50.320 --> 00:28:54.520 but even if I hit the nail on the head, Jim’s not gonna admit to how he hacks into their computers. 00:28:54.520 --> 00:29:01.200 JIM: No, and I probably never will simply because scammers will learn from that, 00:29:01.200 --> 00:29:05.360 and unfortunately they watch my videos just like a lot of other people do, 00:29:05.360 --> 00:29:13.480 and I don’t want to reveal that as a secret. But suffice to say, a lot of it is social engineering 00:29:13.480 --> 00:29:20.200 as opposed to some zero-day compromise of the remote access software that I’m using. So, 00:29:20.200 --> 00:29:24.880 I’m far more of a social engineer than a hacker, if that makes sense. 00:29:24.880 --> 00:29:28.160 JACK: We’re gonna take a quick commercial break but when we come back, 00:29:28.160 --> 00:29:32.040 I’m gonna play you some of my favorite clips from his channel, and you’re not gonna want to 00:29:32.040 --> 00:29:38.520 miss this. Jim is known for hacking into scammers’ computers and exposing them, 00:29:38.520 --> 00:29:42.560 and it’s really quite wild to watch. He has over a hundred videos on YouTube now, 00:29:42.560 --> 00:29:47.720 and many of them are exactly this, and it’s amazing just to hear the scammer’s reaction 00:29:47.720 --> 00:29:54.560 when he tells them some detail about them that he shouldn’t know. For instance, there’s one 00:29:54.560 --> 00:29:59.880 where he hacked into someone’s computer in the call center and got a list of everyone’s names 00:29:59.880 --> 00:30:06.300 and their fake names. This was one of my favorite videos. Let me just play a clip for you from it. 00:30:06.300 --> 00:30:07.500 JIM: Hello? 00:30:07.500 --> 00:30:08.880 SCAMMER6: Hello? 00:30:08.880 --> 00:30:10.200 JIM: Hello. 00:30:10.200 --> 00:30:16.020 SCAMMER6: Yeah, hi, sir. My name is Catalina Fernandez. I am calling you from the Microsoft. 00:30:16.020 --> 00:30:19.138 JIM: Oh, hi, Priya. 00:30:19.138 --> 00:30:19.340 SCAMMER6: [GASPS] JIM: Hi. 00:30:19.340 --> 00:30:20.260 SCAMMER6: Who are you? 00:30:20.260 --> 00:30:21.619 JIM: I’m a ghost. 00:30:21.619 --> 00:30:23.160 SCAMMER6: Idiot. JIM: Don’t call me an idiot. I’m a ghost. 00:30:23.160 --> 00:30:25.180 SCAMMER6: What’s your name? Tell me your name. 00:30:25.180 --> 00:30:29.620 JIM: My name is Ghost. 00:30:29.620 --> 00:30:36.080 SCAMMER6: I don’t understand. You tell me — you already tell my name. 00:30:36.080 --> 00:30:51.980 JIM: I know. You’re Priya. I’m a ghost, you see? Priya? At least talk to me. Hello? Hello? 00:30:51.980 --> 00:30:52.900 SCAMMER7: Hello. 00:30:52.900 --> 00:30:54.040 JIM: Yeah, who’s this? 00:30:54.040 --> 00:30:54.520 SCAMMER7: Hello? 00:30:54.520 --> 00:30:56.040 JIM: Who’s this? 00:30:56.040 --> 00:30:57.940 SCAMMER7: Yeah, do you know my name? 00:30:57.940 --> 00:30:59.800 JIM: I don’t know. What is your name? 00:30:59.800 --> 00:31:03.840 JACK: I love this part. You can hear this guy’s brain just breaking real time. 00:31:03.840 --> 00:31:04.920 JIM: What is your name? 00:31:04.920 --> 00:31:06.760 SCAMMER7: I’m talking about — yeah, 00:31:06.760 --> 00:31:10.300 I’m talking about your computer. You have a Windows computer, right? 00:31:10.300 --> 00:31:14.560 JIM: I do, but I don’t understand why you can’t tell me your name. 00:31:14.560 --> 00:31:19.480 JACK: At this point, this entire call center is listening in on this call. Like, 00:31:19.480 --> 00:31:24.360 what is happening here? They even have him on speakerphone, and this new lady jumps on the call. 00:31:24.360 --> 00:31:24.960 JIM: Hello. 00:31:24.960 --> 00:31:25.560 SCAMMER8: Hello? 00:31:25.560 --> 00:31:26.720 JIM: Yes, hello. Who’s this? 00:31:26.720 --> 00:31:28.140 SCAMMER8: Yes, hello. 00:31:28.140 --> 00:31:29.739 JIM: Who am I talking to? 00:31:29.739 --> 00:31:31.200 SCAMMER8: Hello? JIM: Yes, who am I talking to? 00:31:31.200 --> 00:31:34.040 SCAMMER8: Yeah, hi, this is Mary William from the 00:31:34.040 --> 00:31:39.320 headquarter of Microsoft Security Department. Tell me what happened. 00:31:39.320 --> 00:31:44.020 JIM: Mary, are you sure your name is Mary? 00:31:44.020 --> 00:31:48.060 SCAMMER8: Yeah, definitely. I know my name. I’m very sure for it. 00:31:48.060 --> 00:31:50.340 JIM: But it’s actually Sushmita. 00:31:50.340 --> 00:31:57.807 SCAMMER8: No, my — not — I’m not Sushmita. My name is Mary William. 00:31:57.807 --> 00:31:58.995 JIM: Are you getting… SCAMMER8: Do you understand? 00:31:58.995 --> 00:32:01.880 JIM: Are you getting a little bit hot, Sushmita? 00:32:01.880 --> 00:32:09.180 SCAMMER8: Sorry, no. Listen, you are speaking to me and my name is Mary. 00:32:09.180 --> 00:32:14.680 JACK: Now Priya picks the phone back up, and she’s really curious and wants some answers. 00:32:14.680 --> 00:32:16.340 SCAMMER6: Can I request you, sir…? 00:32:16.340 --> 00:32:17.040 JIM: Yeah. 00:32:17.040 --> 00:32:18.520 SCAMMER6: Just one request. 00:32:18.520 --> 00:32:19.080 JIM: Yeah. 00:32:19.080 --> 00:32:23.160 SCAMMER6: Can you please tell me, sir, how do you know the names that — like, 00:32:23.160 --> 00:32:29.040 Priya, Sushmita? Like, they’re Indian names. Where are you getting from? 00:32:29.040 --> 00:32:32.360 JIM: Did I get that right? ‘Cause I was just guessing. 00:32:32.360 --> 00:32:40.840 SCAMMER6: No. So, you are using some technology or anything? How do you know the names? 00:32:40.840 --> 00:32:45.400 JIM: I’m just very good at reading people’s thoughts over the phone, 00:32:45.400 --> 00:32:47.920 and I get this aura. I’m like a ghost. 00:32:47.920 --> 00:32:48.654 SCAMMER6: Really? 00:32:48.654 --> 00:32:48.670 JIM: Yeah, yeah. 00:32:48.670 --> 00:32:56.840 SCAMMER6: But sir, it’s quite impossible that — how do you know the name by hearing their voice? 00:32:56.840 --> 00:33:01.800 JIM: Just simply because whenever you speak to me, I can pick up on 00:33:01.800 --> 00:33:07.940 vibes and I kinda know — you create an aura around you. I’m a little bit like a ghost. 00:33:07.940 --> 00:33:14.500 SCAMMER6: Okay, yeah, I’m from Microsoft, sir, and you are talking about a [inaudible], right? 00:33:14.500 --> 00:33:20.000 JIM: Oh, Priya, please don’t do this to me. Come on, you don’t really work for Microsoft, do you? 00:33:20.000 --> 00:33:25.246 SCAMMER6: Sir, my name is not Priya. I’m not Priya, sir. 00:33:25.246 --> 00:33:26.420 JIM: You’re not Priya. SCAMMER6: Again, you made a mistake. 00:33:26.420 --> 00:33:30.640 JIM: Okay, but you confirmed that to me earlier and you said your friends were 00:33:30.640 --> 00:33:36.984 Sushmita and Mimi and — you told me that earlier, so you’ve already confirmed that. 00:33:36.984 --> 00:33:41.460 SCAMMER6: Mimi, yes, and then you used — you can use another name for me. 00:33:41.460 --> 00:33:44.460 JIM: Well, is Priya not your name? 00:33:44.460 --> 00:33:46.440 SCAMMER6: No, I’m not. 00:33:46.440 --> 00:33:50.820 JIM: Oh, Carolina Fernandez; you’re sticking to that, are you? 00:33:50.820 --> 00:33:54.954 SCAMMER6: Yes, I’m Carolina Fernandez. 00:33:54.954 --> 00:33:54.978 JIM: Carolina Fernandez. 00:33:54.978 --> 00:33:57.440 SCAMMER6: Why are you using the Indian names? Okay, yeah. 00:33:57.440 --> 00:33:59.040 JIM: Right, okay. Well, whatever you want, 00:33:59.040 --> 00:34:03.160 Carolina. I don’t really mind. So, what’s really wrong with my computer? 00:34:03.160 --> 00:34:08.459 SCAMMER6: Sir, your computer is completely infected by some hackers. 00:34:08.459 --> 00:34:08.470 JIM: Right. 00:34:08.470 --> 00:34:12.580 SCAMMER6: That’s why we are receiving some warning signals from your computer. 00:34:12.580 --> 00:34:13.600 JIM: Okay. 00:34:13.600 --> 00:34:14.320 SCAMMER6: Okay? 00:34:14.320 --> 00:34:15.160 JIM: Okay. 00:34:15.160 --> 00:34:18.440 SCAMMER6: And that point of time, sir, 00:34:18.440 --> 00:34:23.400 we are calling you to make you aware about your computer problem, okay? 00:34:23.400 --> 00:34:26.920 JIM: Okay. 00:34:26.920 --> 00:34:30.688 SCAMMER6: [SPEAKING INDIAN] JIM: Hello? Yeah, are you still there? 00:34:30.688 --> 00:34:31.800 SCAMMER6: [SPEAKING INDIAN] JIM: Hello? 00:34:31.800 --> 00:34:33.240 SCAMMER9: Hello? 00:34:33.240 --> 00:34:35.040 JIM: Sorry, your colleague’s listening in, 00:34:35.040 --> 00:34:38.226 but I can hear her talk as well. Oh, she’s hung up. That’s okay. 00:34:38.226 --> 00:34:38.640 SCAMMER9: Um, uh… 00:34:38.640 --> 00:34:40.480 JIM: Yeah, no, she wasn’t very good, was she? 00:34:40.480 --> 00:34:44.840 SCAMMER9: Oh my god. Who are you, sir? May I know, who are you? 00:34:44.840 --> 00:34:51.120 JIM: I just told you. You can call me Ghost, ‘cause that’s kind of the way I 00:34:51.120 --> 00:34:56.880 feel. I get this aura around people. I can tell who’s around them. I can tell just… 00:34:56.880 --> 00:34:57.839 SCAMMER9: So, what is your job, sir? 00:34:57.839 --> 00:34:58.420 JIM: How long have you been working there, Priya? SCAMMER9: You tell me the exact location. 00:34:58.420 --> 00:35:01.640 JIM: How long have you been working there? 00:35:01.640 --> 00:35:07.428 SCAMMER9: Well, I’m working. Tell me the location… 00:35:07.428 --> 00:35:08.141 JIM: A fake Microsoft. 00:35:08.141 --> 00:35:09.280 SCAMMER9: …where I am working. 00:35:09.280 --> 00:35:11.225 JIM: Salt Lake, Sector-V. 00:35:11.225 --> 00:35:12.760 SCAMMER9: Yes, then why you… 00:35:12.760 --> 00:35:14.679 JIM: Salt Lake, Sector-V. 00:35:14.679 --> 00:35:14.750 SCAMMER9: Why are you taking the name of…? JIM: Salt Lake, Sector-V… 00:35:14.750 --> 00:35:15.320 SCAMMER9: Kolkata? 00:35:15.320 --> 00:35:17.360 JIM: Salt Lake, Sector-V. 00:35:17.360 --> 00:35:18.200 SCAMMER9: Sorry? 00:35:18.200 --> 00:35:20.320 JIM: You heard. 00:35:20.320 --> 00:35:24.515 SCAMMER9: [SPEAKING INDIAN] 00:35:24.515 --> 00:35:28.420 JIM: Hello? Please don’t hang up. Hello? 00:35:28.420 --> 00:35:32.020 SCAMMER9: No, no. I’m here, I’m here, I’m here. 00:35:32.020 --> 00:35:34.500 JIM: What’s the weather like there? 00:35:34.500 --> 00:35:37.360 SCAMMER9: Weather? Now it’s… 00:35:37.360 --> 00:35:41.780 JIM: Yeah, what’s the weather like in Kolkata? 00:35:41.780 --> 00:35:47.421 SCAMMER9: You tell me. You know everything about me. Then you tell me… 00:35:47.421 --> 00:35:47.455 JIM: I’d say about 33 degrees… 00:35:47.455 --> 00:35:49.770 SCAMMER9: …what is the weather, what’s my name. Do you know my father’s name? 00:35:49.770 --> 00:35:49.827 JIM: …33 degrees, it’s raining. Yeah, I dunno what… 00:35:49.827 --> 00:35:51.120 SCAMMER9: Do you know my father’s name? 00:35:51.120 --> 00:36:00.880 JIM: I dunno, but is your father proud of you, what you do? Does he think you work for Microsoft? 00:36:00.880 --> 00:36:03.600 SCAMMER9: Yes, of course. 00:36:03.600 --> 00:36:06.860 JIM: But you don’t work for Microsoft. Did you tell him that? 00:36:06.860 --> 00:36:11.082 SCAMMER9: Sir, you just tell me one thing. Why are you wasting my time? 00:36:11.082 --> 00:36:13.475 JIM: I’m not wasting time. SCAMMER9: I’m talking about your computer and… 00:36:13.475 --> 00:36:19.000 JIM: I’m trying to — you know, you give off this aura and I’m trying to kind of work out 00:36:19.000 --> 00:36:23.160 why you do all this scamming stuff. That’s really what I wanted to know. 00:36:23.160 --> 00:36:26.080 SCAMMER9: Then why are you wasting your time? 00:36:26.080 --> 00:36:28.960 JIM: Can’t you get a different job? 00:36:28.960 --> 00:36:32.555 SCAMMER9: And how do you know the names? How do you know the names? 00:36:32.555 --> 00:36:33.347 JIM: I know everybody’s name. 00:36:33.347 --> 00:36:34.180 SCAMMER9: Do you know another name? 00:36:34.180 --> 00:36:34.830 JIM: Yes, everybody. 00:36:34.830 --> 00:36:36.060 SCAMMER9: How many names do you know? 00:36:36.060 --> 00:36:36.980 JIM: Everybody. 00:36:36.980 --> 00:36:38.695 SCAMMER9: Tell me the names. 00:36:38.695 --> 00:36:38.710 JIM: Everybody. 00:36:38.710 --> 00:36:40.620 SCAMMER9: Tell me the — tell me my colleague’s name. 00:36:40.620 --> 00:36:43.014 JIM: I’ll tell you one more name… 00:36:43.014 --> 00:36:44.720 SCAMMER9: One by one. JIM: Will I tell you one more name? 00:36:44.720 --> 00:36:45.520 SCAMMER9: Yes. 00:36:45.520 --> 00:36:46.541 JIM: Suini. 00:36:46.541 --> 00:36:49.641 SCAMMER9: Yes? JIM: Suini. 00:36:49.641 --> 00:36:57.360 SCAMMER9: [GASPS] [BACKGROUND CHATTER] My god, Suini! And tell me another name. 00:36:57.360 --> 00:37:00.760 JIM: No, I’m not gonna — look, I get this from… 00:37:00.760 --> 00:37:02.480 SCAMMER9: Any male names? 00:37:02.480 --> 00:37:04.150 JIM: Well, apart from Abhijit… 00:37:04.150 --> 00:37:04.880 SCAMMER9: Any male names? 00:37:04.880 --> 00:37:07.020 JIM: Yeah, apart from Abhijit? 00:37:07.020 --> 00:37:13.880 SCAMMER9: So, I do respect your talents, okay? Can you please…? Yes, 00:37:13.880 --> 00:37:18.940 I’m here. Can you please tell me who is beside me right now? 00:37:18.940 --> 00:37:22.280 JIM: Which side? 00:37:22.280 --> 00:37:26.080 SCAMMER9: In my left-hand side. 00:37:26.080 --> 00:37:34.240 JIM: I think that’s Mimi. 00:37:34.240 --> 00:37:34.275 SCAMMER9: [GASPS] [BACKGROUND TALK] 00:37:34.275 --> 00:37:44.720 JIM: Hello? Did I get that right? Hello? Hello? Hello? 00:37:44.720 --> 00:37:45.350 SCAMMER9: Okay… 00:37:45.350 --> 00:37:46.878 JIM: You went very quiet. 00:37:46.878 --> 00:37:48.860 SCAMMER9: Okay, yes, yes, I’m here. JIM: Can you tell me, did I get it right? 00:37:48.860 --> 00:37:50.240 SCAMMER9: I’m so excited. 00:37:50.240 --> 00:37:51.381 JIM: Did I get it right, though? 00:37:51.381 --> 00:37:52.546 SCAMMER9: I’m so excited about you, sir. 00:37:52.546 --> 00:37:53.546 JIM: ‘Cause this doesn’t always work. 00:37:53.546 --> 00:37:54.520 SCAMMER9: Who are you? 00:37:54.520 --> 00:37:55.785 JIM: Did I get it right? 00:37:55.785 --> 00:37:58.840 SCAMMER9: Tell me who is — who — wait, wait, wait. Can you hear me properly? 00:37:58.840 --> 00:38:01.080 JIM: You keep asking me questions. Can I ask you 00:38:01.080 --> 00:38:07.700 one thing? Did I get that right? ‘Cause I can never tell. Is Mimi on your left? 00:38:07.700 --> 00:38:12.520 SCAMMER9: And right-hand side? In my right-hand side? 00:38:12.520 --> 00:38:24.163 JIM: It’s coming through to me. I’m not sure. I’m pretty sure that’s Sushmita. 00:38:24.163 --> 00:38:24.194 SCAMMER9: [BACKGROUND LAUGHING] 00:38:24.194 --> 00:38:30.320 JACK: I love it. Jim caused such chaos in that scam call center. He told them their real names, 00:38:30.320 --> 00:38:34.880 their location, even the name of the company that employed them, and they passed this phone 00:38:34.880 --> 00:38:40.640 around to at least five different agents to talk to him. Of course, any information that Jim does 00:38:40.640 --> 00:38:45.320 get from hacking these scammers, he reports it. So, if he sees that they use a certain service, 00:38:45.320 --> 00:38:48.960 he’ll report that to the service provider that scammers are using their product, and this is 00:38:48.960 --> 00:38:53.400 their user ID. He’s gotten some of the actually banned from using certain software, but they 00:38:53.400 --> 00:38:59.320 could just make a new company and then register the software again under a new company name. 00:38:59.320 --> 00:39:04.600 Sometimes when these scam centers make new company names, they even get their company listed by the 00:39:04.600 --> 00:39:10.440 Better Business Bureau and then even get some people to make fake reviews about their company. 00:39:10.440 --> 00:39:14.880 So, if he can find this, he’ll definitely report that to the Better Business Bureau, 00:39:14.880 --> 00:39:20.240 and he’ll do everything he can to slow down these scammers and waste their time. Once 00:39:20.240 --> 00:39:25.480 he got into a scammer’s computer and grabbed all their files, and in there was a plane ticket for 00:39:25.480 --> 00:39:30.440 a recent trip. So, Jim had this guy’s real name, his travel details, and from there he could look 00:39:30.440 --> 00:39:36.960 the guy up on Facebook and find his friends and family. Yeah, when these scammers call him up and 00:39:36.960 --> 00:39:43.320 have no idea that Jim has all this information on them, it’s quite a riot to watch the whole 00:39:43.320 --> 00:39:47.960 thing unfold. [TO JIM] The question does come up, though — and I’m sure you’ve answered this 00:39:47.960 --> 00:39:54.400 a thousand times — which is like, hold on a second, hacking is illegal. You can’t just go 00:39:54.400 --> 00:40:00.520 hack people’s stuff, and here you are hacking into someone else’s machine. What’s going on 00:40:00.520 --> 00:40:05.000 here? Where’s your justification? Where’s your moral compass or ethical framework in this way? 00:40:05.000 --> 00:40:12.160 JIM: Yeah, the moral bit is quite easy for me because I quite deliberately let the scammers 00:40:12.160 --> 00:40:19.160 attempt to scam me. I cannot — I don’t have the technical expertise, should we say, 00:40:19.160 --> 00:40:27.080 to arbitrarily hack into anything. I can’t do it. I’m not able to do that. A lot of the people that 00:40:27.080 --> 00:40:35.720 you’ve spoken to on this podcast probably would be able to do that. I cannot. I have to rely on 00:40:35.720 --> 00:40:42.440 a scammer connecting to me and trying to steal money from me, and that’s the only way that I 00:40:42.440 --> 00:40:48.600 can ever access their computers. They have to try to steal money from me first. So, morally… 00:40:48.600 --> 00:40:52.240 JACK: This is a really nice ethical line you’ve painted yourself. Like, 00:40:52.240 --> 00:40:58.040 okay, you know what? Unless you walk into my home and get onto my computer and attempt to 00:40:58.040 --> 00:41:02.800 steal money from me, I’m not gonna do anything to you, and once they do that… 00:41:02.800 --> 00:41:03.240 JIM: Correct. 00:41:03.240 --> 00:41:06.600 JACK: …and you open your door to allow that to happen, and you see — okay… 00:41:06.600 --> 00:41:11.640 JIM: I mean, I’m not — and I hate to be known as a hacker ‘cause that always has quite negative 00:41:11.640 --> 00:41:19.640 connotations, and I hate the term because it just has all of that baggage. But that is true, 00:41:19.640 --> 00:41:27.080 and every single person that I feature on any video on YouTube has at some point connected to 00:41:27.080 --> 00:41:32.320 my computer and they — don’t forget; scammers don’t always make it clear that what you’re 00:41:32.320 --> 00:41:39.560 typing out gives them access to my computer, because they will quite deliberately say, 00:41:39.560 --> 00:41:45.080 just type this on your command — like, when they — when people question, well, 00:41:45.080 --> 00:41:48.280 what is this thing that you’re getting me to download and run and it’s in fact 00:41:48.280 --> 00:41:56.520 a remote access tool, they will not explain that. So, already there is a remote access 00:41:56.520 --> 00:42:02.840 connection which is a sort of hacking attempt, because the scammer doesn’t make it clear to 00:42:02.840 --> 00:42:10.480 the victim they are taking access of your computer and they are not making it clear. 00:42:10.480 --> 00:42:19.120 Obviously they’re scammers. I just go a little bit further to say, well, okay, you’re trying to 00:42:19.120 --> 00:42:27.440 misuse my computer. So, internally I’m thinking you’re now fair game for me to do the same to 00:42:27.440 --> 00:42:33.480 you. So, the only people — and I’ve said this a number of time in other interviews as well; 00:42:33.480 --> 00:42:41.040 the only people who could ever have a problem with what I do are the people who try to steal money 00:42:41.040 --> 00:42:50.600 from others, okay? If they ever want to raise a legal complaint or whatever, please bring that on, 00:42:50.600 --> 00:42:58.280 because I — what I will have done is record, hi, I managed to get access to their computer, and the 00:42:58.280 --> 00:43:05.320 answer is because they were trying to steal money from me. Now, that’s not a defense on its own, 00:43:05.320 --> 00:43:12.920 but it just means that if I ever have to defend myself for any reason, I have a good reason as to 00:43:12.920 --> 00:43:19.240 why I have access to their computer and it’s just because of this theft that they’re attempting. 00:43:19.240 --> 00:43:23.800 JACK: There’s almost no recourse that they can have. I mean, I’m assuming you haven’t 00:43:23.800 --> 00:43:28.071 had any legal complaints that you’ve had to have — seriously take care of. 00:43:28.071 --> 00:43:35.040 JIM: Not once, not once. The only complaints I’ve ever had are privacy complaints on YouTube. 00:43:35.040 --> 00:43:51.106 Scammers don’t like their faces or voices or documents displayed on YouTube, and — tough. 00:43:51.106 --> 00:43:56.320 JACK: [MUSIC] Okay, so, my absolute favorite video of Jim’s is when he hacked into an entire 00:43:56.320 --> 00:43:59.680 call center and could watch everything that was going on there. [TO JIM] Wait, 00:43:59.680 --> 00:44:05.629 first, before we get into this story, how do you typically find these scammers? 00:44:05.629 --> 00:44:09.840 JIM: Yeah, I have my e-mail address on YouTube and a lot of people just simply e-mail me saying, 00:44:09.840 --> 00:44:13.920 hey, have you seen this pop-up, or I’ve just had a phone call from this number, 00:44:13.920 --> 00:44:19.880 and — or I’ve had this e-mail and it’s a fake invoice, or I — my grandparents 00:44:19.880 --> 00:44:25.200 have just been scammed; he used the phone. I get all of that all the time. But actually, 00:44:25.200 --> 00:44:31.640 in a lot of ways I don’t even have to use that because I’m on what’s called a mug’s list. So, 00:44:31.640 --> 00:44:37.120 in the past I have pretended to pay scammers because — remember this bit where I say I actually 00:44:37.120 --> 00:44:44.520 lead the scammers on? I give them fake information including credit card details, and if you work 00:44:44.520 --> 00:44:50.280 your way onto a list of people who they think they’ve scammed in the past, they will call you 00:44:50.280 --> 00:44:58.240 again and again. Those lists are like gold dust for scammers. So, the end result of that is I get 00:44:58.240 --> 00:45:03.760 so many phone calls directly to my home phone number that I don’t need anyone else’s input. 00:45:03.760 --> 00:45:09.720 I’m already in the middle of a load of scams and honestly, there’s nearly too many to cope with. 00:45:09.720 --> 00:45:12.820 JACK: So, what do you have, like sixteen different phones over there? 00:45:12.820 --> 00:45:17.560 JIM: I do, literally. I mean, I have one phone service with ten different 00:45:17.560 --> 00:45:21.720 phone numbers in the UK and I have something similar with US phone numbers, 00:45:21.720 --> 00:45:26.360 though I’ve dropped a lot of those recently from the number — it’s just — it’s nearly got to the 00:45:26.360 --> 00:45:34.420 point where I just can’t have an evening free of scam phone calls. 00:45:34.420 --> 00:45:40.080 JACK: Okay, but this story doesn’t start with an inbound phone call. Instead, 00:45:40.080 --> 00:45:46.760 someone told Jim about a malvert. This is an ad on a website which has malware on it. Basically, 00:45:46.760 --> 00:45:49.175 if you went to a website, you would hear this. 00:45:49.175 --> 00:45:54.440 MESSAGE: [ROBOTIC VOICE] Important security message: your computer has been locked up. Your 00:45:54.440 --> 00:45:58.880 IP address was used without your knowledge or consent to visit websites that contains 00:45:58.880 --> 00:46:05.600 identity theft virus. To unlock the computer, please call support immediately. Please do not 00:46:05.600 --> 00:46:10.560 attempt to shut down or restart your computer. Doing that may lead to data loss and identity 00:46:10.560 --> 00:46:17.340 theft. The computer lock is aimed to stop illegal activity. Please call our support immediately. 00:46:17.340 --> 00:46:22.480 JACK: Now, this was just an ad on a website, but it had some malicious JavaScript in it 00:46:22.480 --> 00:46:28.600 which maximized the browser, showed this giant warning, played this audio on repeat, and then 00:46:28.600 --> 00:46:34.960 made the mouse disappear which made it seem like the screen was frozen. It’s not actually a virus, 00:46:34.960 --> 00:46:40.400 though. You can just tap on Ctrl+Alt+Del and close the browser and all is fine. But to someone who 00:46:40.400 --> 00:46:46.200 doesn’t know better, this could be scary and they might call the number to get help. So, 00:46:46.200 --> 00:46:50.080 Jim called the number and said that his computer is infected, and the scammers 00:46:50.080 --> 00:46:57.400 immediately tried gaining remote access to Jim’s computer and tried to scam him for money. So, 00:46:57.400 --> 00:47:07.120 that means in Jim’s mind, they crossed the line and it was time for him to try to hack them back. 00:47:07.120 --> 00:47:10.880 JIM: [MUSIC] The way that I get access to the reverse access to the — I’ll not go into that 00:47:10.880 --> 00:47:20.160 part in detail. But suffice to say that when I did get access, I got access to just one PC 00:47:20.160 --> 00:47:26.440 and it was from a supervisor, and I was able to watch what that supervisor was doing, and one of 00:47:26.440 --> 00:47:36.160 the things that he was doing was watching CCTV. So, I could see the IP address of the server that 00:47:36.160 --> 00:47:44.800 he was using. It wasn’t an internal server; it was an external one. When he logged into it, he logged 00:47:44.800 --> 00:47:52.240 in with the username of ‘admin’ and a password of eight characters. For the particular CCTV 00:47:52.240 --> 00:48:00.720 system that he was using, I did a Google search of what is the default password for this system, 00:48:00.720 --> 00:48:07.400 and would you believe they were still using the default password? I guess you could call 00:48:07.400 --> 00:48:16.480 that hacking, but I could see the IP address, the username, and I just tried the default password, 00:48:16.480 --> 00:48:22.900 and I was straight in. Admin123 was his password to protect this scam operation. 00:48:22.900 --> 00:48:29.080 JACK: Okay, so, he got into a supervisor’s PC in a scam call center, but then from there was able 00:48:29.080 --> 00:48:34.280 to get into the CCTV system. Now, this scam call center had a lot of cameras. [MUSIC] The 00:48:34.280 --> 00:48:38.520 supervisor could watch all the scammers do their calls and go on break and go outside, and there 00:48:38.520 --> 00:48:44.640 was even a camera in the boss’ office. But that wasn’t it. The supervisor also had the ability to 00:48:44.640 --> 00:48:51.080 listen in on the calls. In fact, all of these calls were being recorded with some software. 00:48:51.080 --> 00:48:56.760 JIM: It was gold dust for me because they had records of all their calls. I could see 00:48:56.760 --> 00:49:01.760 it on which server they were using and I could directly download these things 00:49:01.760 --> 00:49:06.440 because I had access to that scammer’s — supervisor scammer’s computer. So, 00:49:06.440 --> 00:49:13.400 I managed to download nine months’ worth of calls, about 70,000 separate calls. 00:49:13.400 --> 00:49:21.160 JACK: Holy moly, 70,000 calls. Man, this is a much bigger operation than I thought. But Jim 00:49:21.160 --> 00:49:26.520 started going through this and was able to match up some of the time codes of the CCTV footage and 00:49:26.520 --> 00:49:31.520 the recorded calls, and could essentially watch the scammers as they called these victims and 00:49:31.520 --> 00:49:37.240 listen in on the calls. It’s quite fascinating to watch because sometimes the scammers are playing 00:49:37.240 --> 00:49:44.200 video games or looking bored, but this also means he’s starting to identify what they look like, 00:49:44.200 --> 00:49:50.560 where their desk is, where they sit in the room, and how this operation looks from the inside. On 00:49:50.560 --> 00:49:56.120 top of that, on the supervisor’s PC, there was a list of victims which included the amount that 00:49:56.120 --> 00:50:03.480 was stolen from everyone and their names. It was quite a find. Just imagine having this access, 00:50:03.480 --> 00:50:09.960 being in Jim’s position. I mean, if I was in that position, I’d just put the computer down and take 00:50:09.960 --> 00:50:14.240 a walk around the lake or something like that, right? Like, what do you do? What do you do with 00:50:14.240 --> 00:50:21.040 all this? He would open up his computer in the morning and would have live cameras of this scam 00:50:21.040 --> 00:50:26.400 call center on one monitor watching everything that was going on, and then on the other monitor 00:50:26.400 --> 00:50:30.840 he could tap into the phone calls and listen to them live as they were trying to scam victims. 00:50:30.840 --> 00:50:35.880 SCAMMER10: You’re calling support. My name is Alwin. How can I help you today? 00:50:35.880 --> 00:50:37.320 VICTIM1: I just got an important security 00:50:37.320 --> 00:50:41.180 message. I’m making — it says my computer’s being shut down. 00:50:41.180 --> 00:50:50.589 SCAMMER10: What were you doing on the computer when you got this message? 00:50:50.589 --> 00:50:50.629 VICTIM1: [ROBOTIC MESSAGE IN BACKGROUND] 00:50:50.629 --> 00:50:53.680 SCAMMER10: Can you lower down the volume of the computer? 00:50:53.680 --> 00:50:59.520 JACK: He pretty much had full supervisor access to this whole scam call center and 00:50:59.520 --> 00:51:04.840 could watch and listen to anything. But what do you do with that access? It’s 00:51:04.840 --> 00:51:08.680 really tempting to just call them up and be like, hey, hey, I can see you, 00:51:08.680 --> 00:51:12.320 scammer. I can see you wearing a hat and playing video games. I gotcha. 00:51:12.320 --> 00:51:18.440 JIM: Yeah. Oh, it was so tempting that whenever you — I mean, I am watching live 00:51:18.440 --> 00:51:23.520 on the CCTV. I know the number that they’re using the victims to call that day. So, 00:51:23.520 --> 00:51:29.320 I can call that number and I’ll be speaking to somebody in a room that I can see on CCTV. 00:51:29.320 --> 00:51:30.200 SCAMMER11: Hello? 00:51:30.200 --> 00:51:34.680 JIM: Hi. Yeah, so, what’s all this about stopped services, 00:51:34.680 --> 00:51:37.680 then, when they should be running? I don’t get it. 00:51:37.680 --> 00:51:41.480 SCAMMER11: Yeah, sir, you’re ready to go ahead and get it 00:51:41.480 --> 00:51:45.505 fixed? There will be a one-time charge, sir, okay? 00:51:45.505 --> 00:51:49.320 JIM: [TO JACK] I don’t always know who I’m speaking to, and sometimes if the room is full, 00:51:49.320 --> 00:51:52.760 it can be quite difficult to work out which agent. There might be twenty, 00:51:52.760 --> 00:51:58.200 thirty agents in the room, and I can’t always work out who I’m speaking with. There’s four cameras; 00:51:58.200 --> 00:52:05.800 each corner of the room’s got a camera, and what I do is actually invite the scammer onto 00:52:05.800 --> 00:52:11.880 a computer. I had my desktop background set to a purple or a green color, and then what I 00:52:11.880 --> 00:52:17.640 would do is look around the cameras and look for that green screen or that purple screen, 00:52:17.640 --> 00:52:22.400 and then — ah, right; there’s the guy. That’s who I’m talking to. Sometimes I had to do that 00:52:22.400 --> 00:52:29.280 just to work that out. The really, really tempting thing would be to say to the guy, 00:52:29.280 --> 00:52:34.760 hey, that’s a nice Chek shirt you’re wearing, or stop playing Pac-Man whenever you’re speaking to 00:52:34.760 --> 00:52:39.760 me. You know, can you stop doing that? But I couldn’t give the game away. I couldn’t 00:52:39.760 --> 00:52:44.960 be just as obvious as that, although it was incredibly tempting to do that. 00:52:44.960 --> 00:52:53.600 JACK: Yeah, and 70,000 calls with a whole list of victims here, 00:52:53.600 --> 00:52:59.380 this is too much for one person to process all. So, what did you end up doing with this access? 00:52:59.380 --> 00:53:05.560 JIM: So, I kinda figured out I was really onto something quite big at that stage, 00:53:05.560 --> 00:53:15.920 and I thought I would bring it to the attention of more mainstream media, specifically the BBC. I had 00:53:15.920 --> 00:53:23.640 never had contact with the BBC until that point, but because I had to personally try to close down 00:53:23.640 --> 00:53:28.040 a lot of scam operations and being pretty unsuccessful about it — so, 00:53:28.040 --> 00:53:34.040 I have previously gone to the police in India to say, here’s a scam call center on your doorstep; 00:53:34.040 --> 00:53:39.560 here’s where they’re located. I was able to get that sort of information, but nothing really ever 00:53:39.560 --> 00:53:46.240 came of it. I thought, perhaps I’m going about this wrong. Perhaps what I really need is more 00:53:46.240 --> 00:53:55.800 mainstream media involved. So, I got in touch with really a general-purpose BBC e-mail address, 00:53:55.800 --> 00:54:04.240 and before too long I was reached out by a team called Panorama. Panorama are a very long-running 00:54:04.240 --> 00:54:09.720 documentary program where they cover all sorts of current affairs issues. But this particular 00:54:09.720 --> 00:54:16.440 team were interested anyway in scam phone calls, and as soon as I get in touch and said, look, 00:54:16.440 --> 00:54:25.080 this is what I have, of course that team were very — they wanted to work with me from that point. 00:54:25.080 --> 00:54:30.160 JACK: [MUSIC] The BBC has more resources than Jim. They can parse through this massive trove of data 00:54:30.160 --> 00:54:35.480 quicker, and started putting pieces together even more. Together they built quite a detailed 00:54:35.480 --> 00:54:39.480 understanding of this whole scam operation. They figured out the name of the company, 00:54:39.480 --> 00:54:45.160 its address, who owns it, the employees who work there, and the victims, and how much money this 00:54:45.160 --> 00:54:49.760 whole place was making. Again, it was all clearly documented with the video footage 00:54:49.760 --> 00:54:54.720 and the recorded calls and the files that they got from that supervisor’s computer. They had a 00:54:54.720 --> 00:55:01.120 ton of evidence. They even reached out to the victims to let them know they were scammed. 00:55:01.120 --> 00:55:11.680 VICTIM2: I feel angry, angry and upset, angry that someone could do that knowing that there’s nothing 00:55:11.680 --> 00:55:21.420 wrong with the computer, just to extort money from you, and upset with myself that I fell for it. 00:55:21.420 --> 00:55:29.662 JACK: Well, with all this proof, it was time to learn who is leading this operation. 00:55:29.662 --> 00:55:33.280 REPORTER: [MUSIC] We’ve identified the man behind the fraud, 00:55:33.280 --> 00:55:40.040 Amit Chauhan. But Amit Chauhan’s not an ordinary businessman. The hacked footage 00:55:40.040 --> 00:55:47.640 includes recordings from the CCTV in his office. [BACKGROUND NOISE] 00:55:47.640 --> 00:55:55.040 JACK: Okay, this is super interesting. There was a CCTV camera inside Amit’s office, 00:55:55.040 --> 00:56:00.280 the head boss of this whole thing, and it’s the only camera that actually had sound on. So, 00:56:00.280 --> 00:56:05.480 there’s hundreds of hours of him talking on the phone and having meetings with people, 00:56:05.480 --> 00:56:09.280 and in those meetings he’s scheming up new ways to scam people and basically 00:56:09.280 --> 00:56:15.080 admitting to all this criminal activity on camera. It’s extraordinary. Well, 00:56:15.080 --> 00:56:19.400 with all this evidence in hand, the BBC reporter went to India to try to meet with him. 00:56:19.400 --> 00:56:23.640 REPORTER: I want to meet Mr. Chauhan, but he’s away on a luxury holiday in 00:56:23.640 --> 00:56:30.940 Thailand. [PHONE RINGING] So, I can only reach him on the phone. 00:56:30.940 --> 00:56:33.440 AMIT: Hello? 00:56:33.440 --> 00:56:35.420 REPORTER: Hello, is that Amit? 00:56:35.420 --> 00:56:36.720 AMIT: Yes. 00:56:36.720 --> 00:56:38.140 REPORTER: Hi, Amit Chauhan? 00:56:38.140 --> 00:56:39.060 AMIT: Yes. 00:56:39.060 --> 00:56:43.760 REPORTER: I want to get your comment, please, on allegations that you’re scamming people 00:56:43.760 --> 00:56:50.200 in the UK out of thousands of pounds. What would you like to say to that, Mr. Chauhan? 00:56:50.200 --> 00:56:54.480 AMIT: I don’t think there was any case like that. 00:56:54.480 --> 00:56:58.640 There’s no such case. I’ll talk to my lawyer first and then we’ll get back. 00:56:58.640 --> 00:57:02.600 JACK: Well, it was true; there was no such criminal case against him, 00:57:02.600 --> 00:57:05.960 so the BBC reporter went to the police and asked, hey, why don’t 00:57:05.960 --> 00:57:10.920 you crack down on these scam call centers more seriously? Here’s what the Indian police said. 00:57:10.920 --> 00:57:13.280 POLICE: This crime is a difficult crime. It’s 00:57:13.280 --> 00:57:16.640 difficult to crack because we don’t have victim, we don’t have accused, 00:57:16.640 --> 00:57:20.840 we don’t have anything. It’s very difficult to link the accused with the victim. 00:57:20.840 --> 00:57:26.280 JACK: Well, in this particular case, they did have victims, and the BBC recorded the victims’ 00:57:26.280 --> 00:57:31.280 testimony to hear how they got scammed. So, when the BBC published this story and when 00:57:31.280 --> 00:57:37.040 Jim publishes YouTube videos, it couldn’t be ignored by the police. They had victims, 00:57:37.040 --> 00:57:41.040 they had evidence, they had the address, they had the name of the boss. It was 00:57:41.040 --> 00:57:46.580 a very easy case to process. So, the Indian police raided the scam center. 00:57:46.580 --> 00:57:52.040 JIM: The police did their raid. They picked up whatever computers they could. They went 00:57:52.040 --> 00:57:59.200 to the boss’ home address, and he lived in the most luxurious accommodation you could imagine, 00:57:59.200 --> 00:58:05.400 something like $6,000 a month to rent the space, which is completely unheard of if you’re in Delhi, 00:58:05.400 --> 00:58:12.920 where he was. What I had expected was that this would be such an easy case for them, 00:58:12.920 --> 00:58:19.120 there would be no problem and ultimately the guy who ran the thing would be locked up, 00:58:19.120 --> 00:58:26.240 but that was very far from the truth. What actually happened was — number one, it took about 00:58:26.240 --> 00:58:32.880 a year for the trial to even come up, then COVID kicked in, so it was delayed by another year, 00:58:32.880 --> 00:58:42.640 but eventually whenever the case did go to trial, the police never actually followed up on any of 00:58:42.640 --> 00:58:50.520 the evidence that was given to them or that they had collected. So, they had scripts about scams 00:58:50.520 --> 00:58:57.160 from the boss’ computer, but they didn’t, for example, follow the money trail from the 00:58:57.160 --> 00:59:03.920 victims to the boss. So, they could very easily — if they had any kind of incentive to do so, 00:59:03.920 --> 00:59:10.120 they could have easily gone to PayPal and say, we need evidence about what happened with this 00:59:10.120 --> 00:59:16.600 particular PayPal account. They never asked for that. They never followed up on any of 00:59:16.600 --> 00:59:23.160 the thing — in fact, what they actually relied on was the one laptop that they managed to pick up. 00:59:23.160 --> 00:59:28.440 Obviously because the documentary had gone out, the YouTube video had gone out, all of 00:59:28.440 --> 00:59:34.240 the computers were immediately wiped before the police actually arrived. So, they only really had 00:59:34.240 --> 00:59:43.640 one laptop to go on, and that wasn’t enough for them. Any of the independent evidence of scams, 00:59:43.640 --> 00:59:50.160 the 70,000 phone calls, the video footage of the scams actually happening, was never presented. 00:59:50.160 --> 00:59:58.080 In fact, what they said was, well, that YouTube footage could have been done by AI or that YouTube 00:59:58.080 --> 01:00:06.200 footage could have been faked. There was — and it looked like the judge just accepted that. So, 01:00:06.200 --> 01:00:14.280 there was no pressure whatsoever to present anything which linked the boss to any of that 01:00:14.280 --> 01:00:21.480 scam victim money, and that is just a travesty because I couldn’t have handed it on a plate 01:00:21.480 --> 01:00:27.960 any more clearly to the police — or indeed, the BBC could have handed the same evidence to the 01:00:27.960 --> 01:00:36.480 police. But the police never came to speak to me, never came to speak to the BBC or follow up with 01:00:36.480 --> 01:00:43.400 any of the evidence that I had presented in the video whatsoever. They just didn’t bother. I can 01:00:43.400 --> 01:00:50.280 only imagine that’s for one of two reasons. One is they’re desperately incompetent or — and which I 01:00:50.280 --> 01:00:55.240 think is the more likely reason — they’ve been paid off, because the guy who was in charge of 01:00:55.240 --> 01:01:02.480 this is the equivalent of a multi-millionaire as a result of those scams, and unfortunately in India, 01:01:02.480 --> 01:01:09.700 corruption is rife. So, I don’t know for sure, but I would imagine that’s what happened. 01:01:09.700 --> 01:01:19.320 JACK: Well, there you go. That’s disappointing. Indian authorities seem to not care about scam 01:01:19.320 --> 01:01:24.800 centers there. It’s illegal but they say they can’t prosecute unless they have the victims, 01:01:24.800 --> 01:01:28.680 and since the victims are far away in another country, they just don’t have enough evidence. 01:01:28.680 --> 01:01:35.480 But even when the police are given the evidence wrapped up with a bow by Jim and the BBC and are 01:01:35.480 --> 01:01:43.160 even introduced to the victims, they still don’t take serious action on this. So, despite Jim’s 01:01:43.160 --> 01:01:50.600 huge efforts of dismantling this whole industry, it looks to me, at least, that it’s only gonna 01:01:50.600 --> 01:02:00.480 keep growing since these criminals can scam victims all day with impunity. [TO JIM] Are 01:02:00.480 --> 01:02:05.360 there situations — I mean, you’ve been doing this for nine years now, and this probably was one of 01:02:05.360 --> 01:02:12.520 them where you had this huge database of victims and all this camera footage and stuff. Are there 01:02:12.520 --> 01:02:17.920 other situations where you have to just do a long stare out a window and take a walk around the lake 01:02:17.920 --> 01:02:24.360 or something wherever you’re — and just think about, what do I do with this situation I’m in? 01:02:24.360 --> 01:02:26.480 JIM: Yeah. Honestly… 01:02:26.480 --> 01:02:28.720 JACK: What are some of the difficult questions that you 01:02:28.720 --> 01:02:31.540 have to — you’re answering — asking yourself? 01:02:31.540 --> 01:02:38.080 JIM: Well, I mean, we’ve covered the moral one and I never have a problem with that one for 01:02:38.080 --> 01:02:45.400 the reason I’ve just described, but equally — it’s actually quite harrowing listening to 01:02:45.400 --> 01:02:52.640 victims actually getting scammed, because there have been times that I have tried to intervene, 01:02:52.640 --> 01:02:56.520 and I’ll have gone as far as — because the scammers typically are on the phone with the 01:02:56.520 --> 01:03:00.920 victims all the time, to their cell phone, and they’re going out to buy giftcards or 01:03:00.920 --> 01:03:07.640 they’re going out to a Bitcoin ATM, and the only way that I can try to get that 01:03:07.640 --> 01:03:14.000 scam stopped is if I can warn a neighbor. If I know they’re going to a certain giftcard store, 01:03:14.000 --> 01:03:17.800 I will call that store and say, this person is about to come in. Here’s 01:03:17.800 --> 01:03:28.600 their name. They’re about to buy $500 worth of giftcards. Could you please stop them? 01:03:28.600 --> 01:03:34.840 It’s incredibly difficult to watch when stores, for example, warn the victim, 01:03:34.840 --> 01:03:42.280 but they — unfortunately they trust the scammer more than the person in the store talking to them, 01:03:42.280 --> 01:03:50.280 and it can be very difficult to listen to that. I’ve had people go to a Bitcoin ATM; 01:03:50.280 --> 01:03:56.440 the store manager has tapped them on the shoulder and said, you’re being scammed. That person who 01:03:56.440 --> 01:04:03.440 says they’re from Customs are not who they say they are, and if you put money into that Bitcoin 01:04:03.440 --> 01:04:09.280 ATM, you are going to lose it. They’ve actually explained that they’re being scammed, but yet 01:04:09.280 --> 01:04:14.640 they trust the scammer more and they’ve moved onto the next Bitcoin ATM. I’ve had that happen right 01:04:14.640 --> 01:04:21.840 in front of me, and it’s incredibly difficult to watch that because that could be my grandmother, 01:04:21.840 --> 01:04:29.640 my grandfather, your parents. It’s someone’s relative, yet you can’t do anything about it. 01:04:29.640 --> 01:04:34.400 You try your best, but there are some people who are just going to be scammed. There’s very 01:04:34.400 --> 01:04:38.980 little that can be done about it, and that is very hard to listen to. It is very hard to watch it. 01:04:38.980 --> 01:04:40.600 JACK: Can I just do one last quick question? 01:04:40.600 --> 01:04:42.360 JIM: Sure, yeah, yeah. Absolutely, yeah. 01:04:42.360 --> 01:04:45.380 JACK: Have you ever visited India or do you ever plan to go? 01:04:45.380 --> 01:04:52.680 JIM: Actually, I would love to see India, and I’m honest about that because — and I’ve spoken with 01:04:52.680 --> 01:04:57.920 Karl Rock, sort of my partner-in-crime when it comes to all the drone footage and so on, 01:04:57.920 --> 01:05:06.400 and I actually admire India as a country, and I’m not just saying this to kind of 01:05:06.400 --> 01:05:13.800 justify me slagging off people in India when they’re scamming. This is a country 01:05:13.800 --> 01:05:19.120 that I genuinely would like to see, and I do intend to go there. I will be at some 01:05:19.120 --> 01:05:23.600 point in Delhi. The nice thing about my YouTube channel is I don’t show my face, 01:05:23.600 --> 01:05:30.320 so I’m not that scared about going. I probably would stand out a little bit if I went to 01:05:30.320 --> 01:05:46.377 Kolkata or Calcutta, but Delhi I think would be quite a place that I could easily go to. 01:05:46.377 --> 01:05:48.880 (OUTRO): [OUTRO MUSIC] A big thank-you to Jim Browning for coming on the show and telling us 01:05:48.880 --> 01:05:53.360 all about the scambaiting he’s been doing. You can watch all his videos on YouTube by just searching 01:05:53.360 --> 01:05:58.720 for Jim Browning. This episode was created by me, the fickle finger, Jack Rhysider, and this episode 01:05:58.720 --> 01:06:02.680 was edited by the wisdom feather, Tristan Ledger, mixing done by Proximity Sound, and 01:06:02.680 --> 01:06:07.120 our theme music is by the mysterious Breakmaster Cylinder. Someone asked me the other day, what’s 01:06:07.120 --> 01:06:19.880 an Ethernet? I said, oh, that’s what you use to catch the Ether Bunny. This is Darknet Diaries.