Skip to content

Scam Baiting with Jim Browning

Easy Prey 041-FB-TW

Most of us have received that call from someone claiming to be from Microsoft Tech Support saying that there is an issue with our computer that they want to help us resolve. This scam has evolved into something so sophisticated and so refined that it has become big business in and of itself.

Today’s guest is Jim Browning. Jim can’t stand scammers, so he’s doing something about it. Jim has been baiting, investigating, and exposing scammers on his YouTube channel for over 5 years. His channel now has over 2.3 million subscribers and many of his videos showing how these scams work have been watched millions of times.

Show Notes:

  • [0:51] – Most people recognize tech support scams as a cold call where the scammer claims they are working for a company that needs you to get on your computer to gain access.
  • [2:34] – Jim says the way to put these people off is to deny having the device they are asking for you to connect.
  • [3:13] – These types of scammers might also claim they are your bank or credit card company. Either way, this scam is all about logging into your account and giving them access.
  • [4:32] – Jim describes what would happen if a scammer gains access to your computer after you follow the steps they give you over the phone.
  • [6:01] – Jim never intended to be a YouTuber. In fact, he has a “proper” job in IT and is an engineer at heart. But as someone who received these calls, he became curious and one day recorded what a scammer did.
  • [7:23] – More often than not, the people running these scams are out of a different country and it is near impossible to do anything about it through law enforcement.
  • [8:21] – Jim shares that India’s equivalent to the FBI has recently conducted raids and some of these operations may actually be dealt with.
  • [9:27] – Through running scams, Jim describes how one operation brought in over a million dollars per month and employed several hundred people.
  • [10:19] – When hiring, these operations may hire people who don’t know they’re scammers. Some, though, actually advertise that they are scammers.
  • [11:27] – With enough computer knowledge and the curiosity, Jim let scammers access his computer but was able to reverse it and gain access to their computer instead.
  • [12:31] – Jim tells a story about how he accessed a scammer’s CCTV recording and was able to see and hear how they are running their operation.
  • [14:12] – These scammers take the business very seriously and professionally. Like legitimate organizations, they record calls and use them to train their employees.
  • [16:39] – Sometimes scammers will retain the access to the computer, but most of the time, they will get their one-off payment and it will likely be the last time you hear from them or you won’t hear from them for a while.
  • [17:56] – If you are scammed once, your information will be sold to other scammers. Once you’ve been victimized, you are far more likely to fall victim again.
  • [19:10] – The cold calls are the most common, but a more subtle scam is to Google for genuine support. Some sites are not genuine and many people do not check the legitimacy of the site.
  • [21:27] – There are various software you can install on your computer that help identify a site that is not legitimate.
  • [22:14] – If you think you are a victim of a scam, you need to start by contacting your bank or credit card company as quickly as possible. If it has been several months, it is very hard to get your money back.
  • [23:40] – The most safe thing to do if you fall victim of a scam is to completely wipe your computer and start over. But Jim does state that most of the time, scammers are only in it for a one-off payment so you might not need to do that.
  • [25:01] – Jim has also seen scammers take identities to open up bank accounts in order to launder money.
  • [25:46] – There are scams that ask for gift cards, which is as good as cash in most cases. If you use a gift card or read out a gift card number, you will not get your money back.
  • [26:40] – No legitimate online business is going to ask for gift cards and is a big red flag. The big one right now are Amazon gift cards.
  • [27:52] – A lot of employees who sell gift cards are trained to ask the customer who is buying large denominations on a gift card to ask if they have been put up to it. But Jim gives examples about how scammers get around this.
  • [29:55] – Scamming organizations have also recruited people in the US and the UK to be a part of these scams to make it more believable because of their lack of foreign accent.
  • [31:42] – Scammers have been known to cunningly coach people into willingly transferring money to them.
  • [32:40] – No legitimate company will ever have a problem with you asking questions. Be a skeptic.
  • [33:44] – Another red flag for a scam is urgency to take action. Always stop and ask questions and call them on the number you know is accurate.
  • [34:28] – Anyone can forge a number. You cannot trust the caller ID. But there is something possibly happening in the United States that will help identify real numbers.
  • [36:49] – Jim’s YouTube channel shows how scams work and can help you recognize when a call could be a scam. His YouTube channel’s mission is to bring awareness.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review. 


Can you give me a little background on what tech support scams are?

Most people will recognize a tech support scam by a cold call. They usually phone you up and claim that they’re your internet service provider, they’re Amazon, or they have some excuse to basically get you to turn on your computer and get you to do stuff. The way that you recognize one of these is there’s a computer involved in there somewhere.

Not everyone knows to hang up on tech support scam calls.

Is that they’re wanting to connect to your computer?

By and large, ultimately, they’re after money, as pretty much all scammers are. Their way of getting money from you is to get you to follow a few instructions on your computer. Inevitably, they will want remote access to your computer. Other than that, they always tell you that they will dress it up in some way.

Typically, they’ll say, for example, we’re giving you a refund of some kind, but the way that you get your refund is you need to follow a few instructions. They’ll get you to type stuff out. What you’re really doing is giving them direct access to your computer. Sometimes, they’ll tell you that they’re getting that access. Most of the time they won’t, though.

That’s really interesting. When I think of the tech support scams that I have gotten, usually it has always been a cold call. But it’s been like, “Hey, we’re calling from Microsoft and your Windows computer has been compromised and is being used to send spam, and we want to help you resolve it.” Or, participate in a botnet or something like that.

I’m usually like, “Yeah, tell me more. Which computer is it?” They’ll start telling you a story. Then I’m like, “Well, it’s interesting because I don’t have a Windows computer.”

The way to put them off is usually, “Sorry, I don’t have a computer.” These days, they’re quite happy, for example, to say, “Do you use your mobile phone, your cellphone, or your iPad” or whatever, and they’ll still get you to run a few instructions there to give your remote access to that device as well. It doesn’t have to be a computer or a laptop. It could be any device.

Usually, that’s the classic tech support scam where Microsoft, or where your internet service provider and you’ve got a problem of some kind. These days, they have variants of that. They will ultimately want that remote access, but they will pretend to be your credit card company. Particularly in the last number of months is, “We’re Amazon, we’re Amazon Prime, and we’ve noticed something suspicious on your account.”

Again, the crux of the scam is exactly the same. They want access to your computer, they want you to log in to your online bank account. When you do that, they’ll manipulate things so that it looks as if they’ve either put in money or they’ll actually transfer money from one of your own accounts, into your current account and say, “Look, we’ve given you some money here, but hey, we’re going to want it back.”

We’re just verifying that this is a legitimate account. That type of thing?

Yeah. They usually promise some refund. If it’s Amazon Prime, they will dress this up in a way to say, “Looks like you have been charged $80 for Amazon Prime.” Of course, most people will say, “Hey, I don’t want to pay for that.” Or, “You’ve got this wrong. There is some sort of mistake.” Their script will tell them to run through the normal stuff, get you to log in to your computer, check this out by following their instructions. They get the remote access and then they’ll say, “Can you just check your bank account there just to make sure all looks OK?”

As soon as you do that, all of a sudden, your screen will go black. When it goes black, they can see your screen but you can’t. And they will manipulate your screen, particularly the amount of credit that you have on your account so that it looks as if they’ve put money in there, or even take the money out. The long and short of the scam is that if you think that they’ve actually put money in when they shouldn’t have, they will then kindly ask you to return that money because their job might be on the line if you don’t do so.

Most people, looking at their bank account, if they think it’s genuine will say, “If you never had intended to give me that money, I’ll certainly return it.” Of course, if you do that, it will be at your own expense. It will be your own money that you’re returning.

Yeah. They didn’t put in money, they gave the appearance that they put in money.

Indeed. Actually, when the screen is black, they will literally edit the screen to make it look as if money is going in. The common one is they’ll actually have a couple of different bank accounts, maybe within the one bank, and if savings had a few thousand dollars, they will transfer money from it into your current account. And then they will say, “Actually, that’s the money we’ve put in; now we want it back.” You lose your own savings.

Now, that’s particularly scary. Was there a particular event that happened in your life that got you interested in dealing with this, or was it just by chance?

It’s really by chance. I never really intended to be a YouTuber. I’ve got a couple of million subscribers on YouTube at this stage. That’s not my day job at all. I have a proper job in IT. I certainly never intended to really get into this area at all. The only reason why I did was, like most people, I get lots of these cold calls.

Because I’m an engineer at heart, I really thought, “Is there something I can do about this? Is there some way to report these calls?” Again, I’m probably curious. I want to see how their scam works. I want to know the ins and outs of what they actually do.

Curiosity is what sparked me to see how the scams were pulled off.

I literally one day allowed a phone call to ring. I answered it and I just went with what they were asking me to do and I recorded it, really so I could warn other people. Naively, I originally thought that, if I put this on to YouTube and point their internet service provider to this material, maybe their service provider will throw them off the network or maybe at least will get involved.

Unfortunately, I was very wrong about that. It’s very difficult, as it turns out, to actually do something about these people. Typically, in a foreign country—more often than not, India—even if you have very detailed information about these guys who are running scams, it’s very difficult in practice to get anyone to do anything about them.

Yeah. Unfortunately, one common thing I found out about most scams is that it’s going to be next to, if not, impossible to either get your money back or get the people in trouble.

Yeah. I’ve actually gone as far as be able to get the names, addresses, locations, groups of the people here running the scams, and I’ve reported that to relevant authorities. Until very recently, there’s really been very little or no action at all in the country where they originate.

That might be changing. Very recently, there’s something called the CBI, which is the Indian equivalent of the FBI. I’ve recently carried out a number of raids on some of the very big players. Certainly, some of that information is coming from me and other YouTubers. We might be able to maybe get to a point where even if you do present that evidence, it might be used in the future. I’m crossing my fingers on that one.

You say some of these big players have been raided. How large are these operations? We’re talking just a couple of people in a home? Or is this like a full-fledged call center with hundreds of people working at it?

The ones that have recently been raided are definitely the biggest players. The people who run the scams can be anything from three or four people. I was able to get information on one of the organizations which employed 300 people over three or four floors in one call center. They were making the order of $1.8 million per month running a scam. It’s upwards of $10 million a year running just pure scams. It was multinational as well. They actually taught the scammers to speak foreign languages so that they can run the scams in varied languages as English, Spanish, even Japanese.

Wow, that’s amazing. I’ve always personally wondered, at least with the more traditional like, “Hey, I’m calling from Microsoft and we’re going to charge you $60 to fix your computer.” Do you think all the employees know that they’re participating in the scam? Or there’s somebody maybe not as apparent to even the employees that it’s a scam?

For sure at the very start, that may not be apparent. I know for sure that they recruit graduates and they will not generally advertise that they are a scam company. It may take days or weeks, possibly, for some to figure it out. You can’t blame the people who are in there in a very short amount of time. But it doesn’t take that long to figure this out.

Some of them are even blatant enough to advertise the type of thing that they do. They’ll disguise and cloak real terms. They will say things like, “We are a pop-up business.” That simply means that we’re going to put adverts on people’s computers which maliciously compromise and then force them to call what they think is Microsoft. They will have their own little colloquialisms for describing what the scams really are. Most people who are applying for this job, in general, will know what they’re getting into.

Got you. I’ve watched a couple of the videos. You’ve got some crazy amount of detail on some of these operations. How did you go about doing that and what are the stories behind it?

The very business of this, I am an engineer, I’m a curious engineer as well. I have enough computer knowledge to allow me to do a little bit more than average. I deliberately let the scammers connect to my computer, but it’s set up in a way that when they get access to me, I can reverse that connection and get access to their computers.

Gaining access to their system, I could see them.

Chances are, if they have a lot of files lying around their computers, a lot of things including ID cards sitting around there, I can see who it is that they are. There have even been examples of where the scammers run their own CCTV, their closed-circuit television. They’re actually filming their own offices. I can see that they were giving access to a server that had all up TV footage, so I was able to see what they were seeing.

I was also able to effectively watch them as they were running their scams. It sounds incredible that anyone would have CCTV of a scam operation, but that’s exactly what they were doing. There is an example on the Internet where I was able to literally call one of these scammers. As he was answering the phone to me, I could see him, watch him on his own CCTV answering my call. They also recorded the audio of every single phone call that they made.

Again, because it was Internet-accessible, I was able to not only see them but hear examples of other people who had been scammed as well. There is a documentary, the BBC Panorama Program, where I was able to actually get footage of other people being scammed as well by putting together the CCTV with the audio recordings as well. I had very, very clear evidence that this particular call center was engaged in scamming.

They talk through scams very well. We have a good front to their organization. They set themselves up as a travel agency. To the outside world, they were taking calls, like you want to change your flight or whatever. But the fact behind all of that was the scam operation. Pretty sophisticated stuff.

That seems pretty strange to me that they would retain their own internal camera footage and they would retain their own call logs and the call recordings.

The call recordings were there because they do the scamming in a very professional way. They will actually review their agents’ techniques. Honestly, if you don’t put down enough money, they will go back through those call recordings and say, “Here, you could’ve done this a little bit better.” It’s like any legitimate organization. They will try and make their agents perform as best they can so they make lots and lots of money. Honestly, that is the reason why they record the calls.

That’s crazy that they’re sophisticated enough that it’s not just, “Hey, let’s just get the money,” but let’s try to figure out how to be better about this. We’re going to treat our scammers like employees and do scam training with them. 

Correct. If you’ve ever been in any big company and if you put yourself onto one of these performance plans, it would look like any other big company. Literally, they will have incentives for the people who pull in a lot of money. But equally, there will be disincentives if you have a lot of people who called you back and want their money back. That will come directly out of your bonus.

Even worse, though, if there’s a chargeback, that again not only comes out of your bonus, but to be put into a banned category of employee who is on a performance-related plan. If you don’t pull your socks up and don’t get enough revenue within a certain number of days, you can be thrown out of the place. It’s unfortunate if you’re in a very big Indian call center of lots of demand, then you’re very replaceable. I think a lot of company employees will know that.

That to me is so much beyond what I ever suspected these operations would be.

The big ones are certainly very professional. Some of the smaller ones definitely wouldn’t be like that. In fact, I’ve seen operations where it’s literally a few brothers and their friends, maybe who have set one of these things up. It really just depends on the type of scam they’re running typically.

Do you see them targeting more than just bank accounts when they’re on the phone with them? Are they trying to compromise the computer to put it on a botnet, allow remote access to the machine even when the user’s not there?

Sometimes they will retain that access. Most of the time, it’s purely to get a bit of money out of someone. If it’s like a pop-up scam, where you see this strange virus message on your computer, most of the time, that’s just to get a one-off payment. That’s usually the last to appear of those scammers.

There are definitely some who, even after they’ve taken money off someone, will call them a month later again saying, “We’re now your computer maintenance company. We’ve noticed more strange activity on your computer.” Once again, they’ll take you through a very set script. Of course, they’re lying to you. There’s nothing wrong with your computer at all and they want further payments from you.

The scammers follow a script.

Again, they rely on that because most people don’t know that it’s been a scam. The first thing they’ll see is, “I had a strange pop-up with a real loud warning and this guy got rid of this pop-up for me.” Most people who fall victim to that scam aren’t even aware that they’re a scam victim. That is one type of scam.

The other one is if you get on to one of these scammers call lists, inevitably, you look at lots more calls because they will sell that to other scam companies. They will follow it up saying, “We’re the guys who helped you out a few months ago. We’re going out of business and we’re going to give you a refund.” And then they’ll go through that type of scam that I mentioned at the start of the call where, again, they’ll want you to log into your bank account and ultimately transfer money back to them.

Unfortunately, that’s another common thing just even with our variety of scams. That once someone has been victimized, they’re now just an even bigger target for additional scams.

Yeah. Those lists are gold dust for other scammers. If you’ve fallen victim to a scam, you are far more likely than an average person to fall victim again. You do find that the list gets bought and sold. I’ve given fake details. I never use my real name. I give fake details pretty much to every scammer that I come across, but I hear those details echoed back to me months later from a different call center. They pass the data around without a problem.

That is amazing. We talked about pop-ups and unsolicited phone calls. Are there other ways that these scams start?

Yeah. The most common one is the cold calls and probably the ones that most people are familiar with. There’s another more subtle one, which is simply if you go into your search provider, whether it’s Google or Bing or whatever, and say you need genuine support, say maybe for a printer or some device, whatever it is, and you just type in the word printer support or printer help desk, a lot of people don’t check very well that the site that they’re going to is a genuine support site. The scammers manipulate search engines so that their phone number, even though they don’t represent the company they’re supposed to be, will appear high up in those search results.

If you phone one of those numbers, they’re going to sound legitimate. They’ll say, “What’s your make and model?” The kind of stuff you’d normally expect a typical support organization to ask you. Then all of a sudden they’ll say, “Right, to fix that problem, I’ll need access to your computer.” If you think you’ve called a genuine desk, that’s quite a likely scenario for them to be able to manipulate you and go through the same scam. They’ll say, when they have remote access, “Hey look, you’ve got hackers or whatever. We’re going to have to charge you for this software.” Search engine results, don’t always trust them. Or, look very carefully up what the domain that you’re going to actually looks like. Is it the genuine thing? Sometimes it’s very hard to tell that.

Yeah. Unfortunately, scam sites in some cases look better than the legitimate sites.

Yeah. They will create very convincing looking websites. If you look very carefully at them, you will find that sometimes, there is enough not to do certain things. The obvious one is look at the external links. Sometimes with Facebook, Twitter links, and so on. If those don’t link anywhere at all, chances are that’s a scam website. It is something small to look for.

Are there other ways to check if the companies are legitimate?

If you know what you’re doing, it’s easy enough. For someone who’s maybe not so literate with computers, it can be quite hard. There are software which you can install and that sits alongside your antivirus which will tell you whether a site is legit or not. There are ways that you can do this, but you just have to look carefully and be diligent if you don’t have that software on your computer.

Got ya. If someone thinks they’ve been a victim of one of these, is there a recourse that they should take or preventative measures that they should take?

Yeah. Depends, again, on the type of scam, I would say more than anything. The big one is if you’ve figured out that you have been a victim of that scam, go to your bank or credit card company and tell them first. In theory, if it’s happened recently, you may be able to even get your money back if you can prove that’s been a scam. That isn’t always the case. If it happened four or five months ago or more, then it’s actually, in practice, very difficult to get your money back.

I’ve recently written to a list of people that I found out were victims of certain scammers. There were maybe over 800 of these. I wrote to most of them saying, “Look, write to your bank or credit card company and try and get your money back that way.” Maybe 3% or 4% of them were able to get some money back, but most were not.

It is quite difficult because in the mass majority of cases, your money has gone overseas and it’s difficult to get that back. Although, in most cases, particularly if you send an e-check or if the credit card or the bank transfer happens within the US or some local bank, there’s always the possibility of being able to get your money back there. Again, if you act quickly enough, go to your bank and they should sort you out.

You think if someone has been able to previously gain remote access to the machine, should you reinstall the operating system and wipe it, just assume that it’s been compromised?

That is the most safe thing to do. But I find in practice, even though they’ve got remote access, all they really want is that payment. It usually happens just once. In most people’s cases, it’s probably OK just to remove that remote access software. They’ll be called something like TeamViwer, AnyDesk, UltraViewer, or some old screen connect. There are a few different variants of this. Usually just by uninstalling that bit of software usually makes your PC safe from those scammers again.

I’ve got to say, if you wanted to be ultra-sure, yeah, back everything up, wipe the computer, and put the stuff back on again. But, as I say, most people don’t have to do that.

They’re not really looking to take over the computer; they’re just looking for the financial transaction.

Typically. Ninety percent of the time, that would be the case. There are scammers who deliberately will use your computer and, indeed, your bank accounts to launder money. Although there’s not many of those, you need to be very careful. If they have put something on your computer, particularly if you leave it on and unattended, I have seen scammers take your identity documents, create online bank accounts—typically in your name—and will use that to launder money. You’ve got to be particularly careful in that case. I don’t want to sound too frightening. Most of the time they don’t do that, but it can happen.

It’s just one more thing to be aware of in this respect.

Indeed. It depends on the organization. Most are after that one-off payment.

Obviously, they’re primarily looking for credit card transactions or electronic fund transfers. Are they looking for iTunes gift cards and other types of cards?

They do that. You hear a lot of scams involving gift cards. There is a good reason for that. Gift cards are a little bit like cash. They’ve very anonymous. If you read all the gift card numbers to a scammer, that’s good as cash to them. They can pretty much instantly cash that in. You do tend to find that they try to use gift cards for the reason I was mentioning that people can get their money back. You can only do that if it’s an online bank transfer.

If you are asked to pay with a gift card… it is probably a scam!

If you use a gift card or read out a gift card number, that’s a one-way thing—you’re never going to get your money back that way. That’s why gift cards have become the currency of scammers. They prefer to use that because, say, once you read that number, that’s the end of the story.

Yeah. That should almost be a red flag. No legitimate online business is going to primarily look for gift cards as a form of payment. They’re going to want a credit card number.

Correct. It’s a big red flag. If anyone says gift card to you, that should be ringing alarm bells. That’s pretty much always a scam.

Is there a particular type of gift card that they’re particularly looking for?

It depends. The big one at the moment are Amazon gift cards. Those are the ones which are probably most easy to launder at the moment. It used to be iTunes, Android, or Google Play cards. These days tend to be more Amazon. But honestly, there could be others—Walmart, Target. They’re equally as valuable to a scammer.

Got ya. Have you ever talked to any of these companies that have the gift cards and talked to them about ways that they can put additional securities? It’s almost like the gift card purveyor should almost be able to see these series of transactions as being suspicious because they can see these things in bulk.

A lot of employees are trained to say to people, particularly if you’re buying large denomination gift cards, that they will challenge the person buying the card. “Have you been put up to buying these cards? Has anyone got access to your computer?” That’s what they should be asking.

It doesn’t always work because quite often, what happens is the scammers will coach the victims what to say whenever they go into these gift card shops. The way they usually spin the lines is they’ll say, “We’ve given you too much money. You’re going to return it to us via gift cards.” But if you say to the employees of the gift card store that you’re in to buy these to get a refund, they will add on 20% tax. They’ll just make that up.

It’s only purely to avoid that questioning by the employees. They will be coached to say, “I need to give these gift cards to a relative, or there’s a medical emergency.” Whatever. That will be drummed into those victims before they go into the store. It’s really to say just a way to combat the questions, which they should be being asked. Unfortunately, not all store employees are fully trained in this. They’re not always recognized that someone going in to buy $2000 worth of Apple iTunes cards looks suspicious, but it should be part of the training. But everyone is human.

Yeah. I wish one of those additional warning signs that you’ve been scammed or someone’s coaching you on what to say to somebody else, or do not talk to a relative, or to not explain to people what’s going on. That should be a huge red flag.

Absolutely. I’ve literally watched in the last month or two, they’ve managed to recruit people in the US and the UK to assist with these scams. Sometimes a few here, a foreign-sounding accent over the phone, it can be more suspicious than somebody who sounds local. They’re not coaching people who are complicit with the scam to run through the same sort of thing. They will coach their victims what to say, not only for gift cards but even to make a bank transfer.

I’ve watched one person in the UK trying to convince another person in the UK—the scammer and the victim—to go into the bank to make a transfer. The way that they run that scam was to say that there’s a person in the bank who is in league with these scammers. We need your help to try and figure out who that bank employee is. What we need you to do is to go into that bank and make what they describe as a dummy transfer to another bank account. That will unveil that scammer who works in the bank.

That is just purely a story to avoid the questions that the bank employees should ask. They will be coached, say, “When you go into the bank, don’t alert anyone in there because you don’t know who’s the scammer and who isn’t. Just make this transfer. Say you’re transferring your money to your friend or relative and here’s what you should say.”

Literally, they will try and coach the victim to avoid any of the questions that the bank employee should be asking, and if they can successfully coach the victim, then that’s their best way of getting money out of that victim’s bank account.

Wow. That’s particularly cunning.

It is. Unfortunately, it works. I’ve literally watched scammers in the last month or two making a massive amount of phone calls to get maybe one or two victims, maybe will make tens of thousands of calls to get one or two people who are prepared to believe what is quite a far-fetched story, but nevertheless, particularly if you’re maybe slightly older, people who are just very unfamiliar with this sort of scam. If you sound legitimate, then you can be believed. Literally anyone can fall for these sorts of scams.

The advice is don’t talk to anybody ever.

I think the general advice is always to be wary of cold calls. No legitimate company would ever have a problem with you just asking questions about the phone call. Being a skeptic would be my best course of advice to anyone. Don’t take things at face value. Research them. If it sounds a bit odd, then use your gut instinct and check it out.

Even when I’ve had fraudulent charges on my credit card and had the bank call me and say, “Hey, there was this fraudulent charge on your card.” They were able to give me enough information. It was very clear that they were from the bank. I gave them nothing, and it was just like, “Nope, I will call back the number on the back of my credit card and contact the fraud department.” Any real fraud department is going to say, “Yes, that’s the right thing to do.” Any fake fraud department’s going to try to spin a line of, “No, you have to do this right away” or something. 

Indeed. That’s one of the big telltales. There’s some sense of urgency. That’s always a bit of a hallmark of there’s got to be a scam. You’re right, I get the same phone calls from my bank to say there’s something suspicious has happened. No one will mind if you call them directly on the published number for the bank.

That’s great advice. I don’t know for so much in the UK this happens, but in the US, you can forge a caller ID. Even if the inbound call appears to match the number, you can’t really even trust that either.

Correct. Literally, whenever I’m calling scammers, I am forging my caller ID. Sometimes, I even use the scammer’s own number so they can’t block me. Anyone can forge any phone number; you can’t rely on a caller ID. There’s nothing in the telephone system which verifies that the number being presented is a real number or the number of the actual caller.

I believe, at least in the US, there’s legislation in the works to try to change that.

Yes. I’ve heard of this. At best, that will be able to identify a real legitimate number, but it won’t be able to filter out the hundreds of scams from calls that are either international or they’re just not a registered number. If you don’t know much about the number at all, it wouldn’t be able to filter that. It’s only limited in what can be done on the telephone system, but I think the best advice is just never to trust the caller ID, especially at the moment.

Yeah. A lot of the systems that we use, both for the Internet and phone, were built on implicit trust. Email is the same way. The systems were designed such that everybody is who they claim to be, and trust but do not verify.

Indeed. Nothing wrong with asking some basic questions with any phone call you make and receive.

That’s great advice. Is there any final parting advice you’d like to give the audience? Also, where could people go to learn more about what you’re doing and to find your videos?

I guess the advice I would give, I probably mentioned it already, is just to be skeptical about any phone call you get. I mentioned a few other scams. Cold calls are fairly easy. Robocalls, I would say the vast majority are probably scams. Although, some companies do use them.

The advice about search engine results are not always your friend and is something to pay heed to, particularly if you’re going to phone a number that the search engine throws up. Again, be a little bit skeptical, look into that in detail. I guess, overall, is just research things.

My channel shows what the most common types of tech support scams are. If you get a chance at all, just Google Jim Browning, my name. You’ll be able to see examples of all sorts of different types of scams. I think if you understand how they work, even if the scams themselves change a bit, you should be able to recognize when a scam is happening to you.

That’s the reason for the channel. It is about awareness. If I can help anyone just by helping somebody to identify when you might be being scammed, then it’s a success. If you just Google Jim Browning, you’ll find me. There are lots of entertaining videos in there as well. It’s not just about “this is how scams work.” It’s kind of nice to wind those people up. Actually, even the odd time, get them arrested, which is one back for the victims.

Related Articles

  • All
  • Easy Prey Podcast
  • General Topics
  • Home Computing
  • IP Addresses
  • Networking
  • Online Privacy
  • Online Safety
Stuart Madnick has been in cybersecurity since 1974 and knows a lot about the costs of cyberattacks.

The Cost of Cyberattacks: Minimizing Risk, Minimizing Damage

Most of us view the internet as a useful and benign tool. But in many ways, it’s…

[Read More]

How to Keep Your YouTube from getting Demonetized

You finally did it–you hit all of the markers for acceptance in the YouTube Partner program, and…

[Read More]

How to Stay Out of Facebook Jail

Many of us have been there before–behind the proverbial bars of social media punishment. We’re left shocked…

[Read More]
Lisa Plaggemier's job is to promote cyber security awareness.

Cyber Security Awareness for Everyone

You can do anything on the internet – shop, bank, meet your future spouse, become famous, and…

[Read More]

Cyberbullying Prevention: What Parents Can Do

It’s very easy for anyone to create a fake online profile and say or do mean things…

[Read More]
Lost iPhone

Lost iPhone? If It’s Missing, Look Up to the Cloud for Help.

Here's an important piece of advice: You need to learn what Find My and can do...

[Read More]