A Scam Tracker Explains Scammers’ Tricks – and How to Stay Safe
Scams are everywhere, targeting all kinds of people with all kinds of phony stories. They will go after anyone who has any money. Anyone can get caught in a scam, no matter your age, gender, intelligence, education, or anything else. One scam tracker wants to explain to everyone how scams work and provide tips to keep yourself safe.
See Tracking Down Scammers with Ryan Kelly for a complete transcript of the Easy Prey podcast episode.
Ryan Kelly is a stand-up comedian who hunts scammers in his spare time. His journey to become a scam tracker was circuitous. In college, he studied business, advertising, and international relations with a concentration in counter-error, civil war, and ethnic conflict. You might not think those things go well together, but you’d be surprised. At time time, the marketing strategy Coke was using was also being used by ISIS for recruiting.
After college, Ryan moved to LA. He was a personal assistant and, briefly, an accountant before becoming a Disneyland character actor. Disney had a program called Disney Aspire where they paid for 100% of employees’ education. Ryan used that benefit to get his master’s in homeland security. He also started to build a social media presence.
The Scam that Started it All
After graduating with his master’s degree, Ryan moved back home to Missouri. And while moving, he got scammed. The shipping company set him up with a scammer. They were a broker and they didn’t do it intentionally, but they still took his money. Unfortunately for them, Ryan was a stand-up comedian, so he had a lot of free time.
By the end of the day, he had their ID, home address, IP address, and what car they drove. He called his local FBI office and asked if they could help. When he explained the situation, the agent he was talking to said that he had just gotten caught in the same scam. The FBI ended up getting the scam company and the broker gave Ryan his money back.
Ryan posted the whole story on social media. At the time he didn’t have a big following, but those videos blew up. He was shocked by how many people said they had also been scammed. One person said they had been scammed by a car moving company. Ryan did some research and found a bunch of data on the company – including the fact that they weren’t legally allowed to ship across state lines. He gave the information to the victim and encouraged them to report it. In addition, he posted a video.
About three days after posting the video, the Department of Transportation emailed him. At first Ryan was concerned he was going to be in trouble. Instead, they said they thought his scam tracking was great and asked him to give them the information directly.
Ryan loves being a scam tracker because it’s fun to mess with scammers. He also likes being able to say that it’s happened to him, and it can happen to anyone. Anyone can be a victim.
Scammers are Professional
Another scam that Ryan got shut down was a call center in India that was pretending to be PayPal. Ryan always says if you call PayPal and they pick up immediately, it’s not PayPal. Fake companies generally have better customer support than real companies.
Ryan’s social media community often reports scams to him, and he got a bunch of reports about the same phone number claiming to be from PayPal. So he called them. In the background, he could hear them doing a full call center around scams – trying to get access to caller’s computers and things like that. It’s often hard to get call center numbers like that shut down because they use VoIP. But because they were all using the same number, Ryan released it to social media. They got so many call that they voluntarily shut the number down themselves.
I think we picture them as hackers. Most of them aren’t hackers. … Most of it is social engineering.Ryan Kelly
We often have the idea of a scammer as some kind of genius, tech-savvy hacker who will turn our devices against us. The people who set up the scams tend to understand technology. But most of the people running the scams don’t know anything more about computers than you do. Instead, it’s mostly social engineering. If they can make you think or feel a certain way or catch you at a bad time, they can use that to manipulate you into a scam.
How Ryan Tracks Scammers
Ryan gets a lot of emails asking him to look into scammers. When he does, he goes through a process. First, he talks to the person who reported the scammer and builds a victim profile. He identifies who the scammer wants to target, and then builds a profile for himself that looks like exactly what the scammers want. Then he makes contact with the scammers.
Normally after the initial contact, they want to figure out more about who you are. If it’s a romance scam, they want to see a picture of you. If it’s a moving scam, they want to know where you’re moving to. At that point, Ryan sends them a link.
That link includes an IP grabber. If Ryan can convince the scammer to click on the link, it can provide a lot of information. The grabber Ryan uses gets information about what device they’re on, their general location, their IP address, and their local IP. Sometimes the scammers use a VPN that makes their location less accurate. But often Ryan can get a pretty good idea of where they are. If they won’t click the link, Ryan does an email header analyzer to get the data.
If the scammer is using their phone and they click the link, that makes Ryan’s scam tracker efforts even better. But if he can pull the phone’s GPS data, it doesn’t matter if they’re using a VPN. And if he has other data that he can pull to know what’s going on at a location, he can hook up to devices and follow the scammer’s phone around. At that point, it doesn’t matter if they turn the phone off. Ryan has access to the location history, and he can guarantee they had it on them when they went home.
A Scam Tracker’s Favorite Tool
Most of the information Ryan uses as a scam tracker is OSINT, or open-source intelligence. OSINT is everything you can Google and the information you can put together from what’s out there. It can get even more intense if you’re able to buy data. Your phone sells more information than you think about you. So do other places. The United States government sells traffic cameras’ live feeds from every state except Montana. Ryan knows a company who has access to that.
There’s a lot of OSINT you can get access to if you pay the right price. There’s also a lot you can get for free. Some of it is really fun because people don’t understand what they’re connecting to when they open social media or download an app.
What OSINT Can Reveal
The military had to tell service members not to wear fitness tracking apps because they tracked GPS coordinates. If you track enough soldiers running around the perimeter of a base, you’ll end up with a really good idea of the exact boundaries of the base. A Russian submariner captain was recently assassinated with help from OSINT. He had a jogging fitness app and uploaded and posted the data from his run on social media. That make it easy for assassins to find him. One program Ryan has lets him set up a fence to see what devices are in a certain area. When it was set in a base in San Diego and the fence was put around the most popular brothel in Tijuana, there were a lot of devices going back and forth.
You see a lot of funny things when … you’ve got access to all this open source data.Ryan Kelly
In a more personal example, Ryan was once in West Virginia going to a wedding. He had some time before it started, so he started a live stream while sitting in his car outside a CVS. One of his fans saw the background of the video and used that to find him. They actually came up and knocked on his window. Luckily for Ryan, they were very nice. But if it was someone who didn’t like him, it could have gone much, much worse.
You’re never alone and you are never anonymous anymore.Ryan Kelly
Top Tips to Identify a Scammer
Scammers will reach out to you in all sorts of ways with all sorts of stories. But there are some characteristics that indicate they may be a scammer. From his time as a scam tracker, Ryan has identified a few things that should make you very suspicious.
Catch Them In a Lie
This is one of Ryan’s favorite things to do as a scam tracker. Even if they’re not a scammer, if they’re lying to you, that’s someone you don’t want to work with. Usually he does this by finding their location – pinging their device, accessing their GPS, or getting them to click his IP grabber link. Then he asks where they’re located. When they lie, he can send them the information he has and say, “No, you’re not.” He’s gotten some fun responses with this method – scammers really don’t like it.
A simple IP grabber is a great way to start. Ryan feels like they are easy enough for almost anyone to use. Email header analysis is a little more complex, but also doable. (WhatIsMyIPAddress.com has a Trace Email tool to make it easier.)
Bad English and Poor Grammar
It sounds weird, but Ryan has found that sometimes scammers intentionally use bad English or poor grammar. They’re trying to weed out the suspicious people and target people who aren’t thinking too hard about it. The terrible part is that often end up victimizing immigrants and refugees who won’t see it as suspicious because English isn’t their first language. It makes Ryan furious that they would prey on these people.
Email from Outside Your Organization
If you’re in a company, be aware of emails that have a notice that they came from outside your organization. That doesn’t necessarily mean they’re a scam, but it does mean you should be cautious. But if they’re claiming to be part of your organization but they still have that notice that they’re from outside, that’s a scam.
Ryan has seen this feature in Gmail and in a few other tools. Don’t ignore those warnings. He has also seen some email systems flag mail as “Phishing Attempt.” Don’t ignore those, either – and don’t click on anything in them.
If they’re claiming to be in your organization and they’re coming from outside, don’t trust them.Ryan Kelly
Weird Ways to Pay
Ultimately, scammers want your money. And they have all sorts of weird and unique ways to get it from you. If you’re buying something or sending money and it seems like a weird way to do it, don’t send that money. It’s probably a scam.
If you’re paying for something and it sounds like a weird way to pay, stop.Ryan Kelly
Cryptocurrency is a very common one for weird ways to pay. Scammers are especially targeting people in countries where cryptocurrency is illegal. Ryan always encourages people to report scams, but some people can’t report because they were doing something illegal by trying to send cryptocurrency.
Suspiciously Good Investments
Cryptocurrency investment is also something to watch out for. In Ryan’s time as a scam tracker, he’s seen a lot of scammers promising cryptocurrency investments with really high returns. This appeals to people for two reasons. First, people are either desperate or greedy to make that kind of money. And second, everybody knows or has heard of someone who made millions in crypto. But Bernie Madoff’s Ponzi scheme promised people 18-20% returns – if you see anything promising that, it’s not legitimate. In fact, anything more than 8% annually should be suspicious.
The key with investments is to realize that you can lose all of it. Your losses aren’t limited – it’s completely possible to lose all of the money you invested, and a lot of people don’t think about that. Never invest any money you can’t afford to lose.
Take Steps to Protect Yourself
As a scam tracker, Ryan has seen a lot of scams and talked to a lot of scammers. This is his advice for protecting yourself from scams and losses.
Verify Anything that Involves Financial Data
Verify any requests to change financial data. And verify them with a different method of communication. This is true for both business and personal matters. You got a voicemail from a vendor asking you to change the account where you wire their payment? Send them an email to confirm. You got an email from your doctor’s office asking you to click this link to pay your bill? Pick up the phone and give them a call to confirm it’s real.
Using a different method to contact them will help make sure the request is legitimate before you send money. If someone is SIM swapped, using email will let the real person respond. If their email is compromised, calling them will give them an opportunity to tell you it was a fraudulent request. For anything financial, you should always verify with a different communication method before you send.
Turn on Two-Factor Authentication
Two-factor authentication, or 2FA (sometimes called multi-factor authentication, or MFA) is a process that adds extra security to your password. After entering your username and password, you must also enter a code from a text message, app, or security key. This means even someone who has your password can’t get into your account.
Ryan things everyone should have 2FA on everything. Some systems require having 2FA turned on. But even if it’s not required, do it. It will keep your accounts more secure.
This URL is the same as your bank’s, right down to the letter. That means you can trust it, right? Not necessarily. In his scam tracker investigations, Ryan has seen people use Greek or Russian letters that look almost identical to English letters. Since they look the same to our eyes, they convince us that the site is real – even though to a computer, it’s a completely different letter. Ryan runs every link through Google’s Transparency Checker before he clicks.
Use a VPN
Ryan always runs a VPN, and he feels like it’s a good first step. A VPN protects your data and anonymizes your real information. It can’t stop you from sending information, but it can keep other people from easily tracing you. There are a lot of VPNs that do similar things, some with cooler features than others. (If you need help figuring out the best VPN for you, try WhatIsMyIPAddress.com’s VPN Simplifier tool.)
Having a VPN is a great start to protect yourself.Ryan Kelly
Remove Your Data from the Internet
Whether it’s TruePeopleSearch or Whitepages, you’d be surprised how much of your information is out there. One of Ryan’s friends recently told him that he’d received a call where the scammer knew his name and address. Ryan looked around and found all his friend’s information available through People Finder. If you’re a content creator, Ryan can’t recommend this enough. But it’s a good step for anybody. Scammers can pull that data and pretend to know you in order to trick you.
You can do this removal yourself, but it does take time. It’s much faster to have a data removal company do it for you.
Don’t Send Nude Photos
This may seem like an odd piece of advice, but Ryan gets five or ten people a day contacting him about this. He’s not judging people for sending nude or otherwise revealing photos, but it’s incredibly dangerous.
Sextortion is a scam where the scammer convinces you to send explicit photos, and then uses them to blackmail you – unless you pay them money, they’ll send those photos to your boss or your loved ones. This scam especially (but not exclusively) targets men. To stay safe, don’t send naked photos to someone you don’t know.
From a safety standpoint, it’s actually better not to send them at all. Even if you trust the person not to blackmail you, do you trust them not to get hacked? Because anyone can. A number of celebrities have had their iCloud accounts compromised and their pictures revealed. Ryan’s rule is that if you want to show someone yourself naked, do it in person.
The Scam of Scam Recovery
If you’ve been scammed, your instinct is to do everything possible to get that money back. Scam recovery services seem like exactly what you need. But in Ryan’s experience as a scam tracker, most legitimate scam recovery companies only work with high net worth people who have lost millions. It’s a lot of work and money to recover the money. If you’ve lost $4,000, unfortunately nobody is going to help you get that back.
Ryan has traced some of the scam recovery scams. Frequently, they are coming from the same place as the original scam. The scammers are creating a secondary market for themselves. They steal someone’s money, then they reach out offering to help them get that money back and steal even more.
I’ll trace all these [scam recovery] things back and they are in the same places the original scam is happening. They’re creating a secondary market for themselves.Ryan Kelly
Recovery scammers bother Ryan the most because they are going after people who have already been scammed. Anyone who wants you to pay for recovery is a scam – legitimate companies take their fee out of the amount they recovered for you.
This is actually a pattern across a lot of scams. They refunded you too much and want you to send back the difference, or they accidentally sent you money and want you to send it back. But legitimate companies have the ability to reverse the charges on their end. They don’t need you to send them the money. Only scammers need that.
- Easy Prey Podcast
- General Topics
- Home Computing
- IP Addresses
- Networking Basics: Learn How Networks Work
- Online Privacy
- Online Safety
Many parents assume that grooming is something that happens to other kids, not theirs. But that assumption…[Read More]
In an era where cyber threats are a constant risk rather than a possibility, businesses cannot afford…[Read More]