The Anatomy of Scams

I discovered scambaiting for a year now and, since then, I’ve been participating in the sport.

Like many others, the discovery of scambaiting probably comes from the wonderful Atomic Shrimp. I discovered his videos in my recommended page on YouTube back in the summer of 2020, when I had nothing to do after my suspension from Twitter.

After watching his content, I decided to educate myself on scams and how to combat them. Unfortunately, for someone at my skill level, I am unable to be another Jim Browning. However, I do have one or two hours in my days where I am allowed to do whatever I want, so I spend this time to reply to emails. Scam emails.

The main point of scambaiting is talking to the scammer for long enough that he or she does not have enough time to contact actual victims, or just waste their time to the point of frustration for them in (thin) hopes that they might abandon this career choice and pursue something more noble.

For me, I am not one to be easily fooled. I tend to ignore messages from people I do not know, I never pick up phone calls that are not in my contact list, and I never reply to emails that I didn’t expect. Still, one can never be too careful. I have been sent scam emails–that land outside of my junk mailbox–and I have, in the past, landed into one of those JavaScript scam webpages. I tend to close the tab before I read the text because, most of the time, those pages play a loud noise and freak me out so much that I just want out. The page itself is harmless, so I just move on. Sometimes, I notice that the scam page says, “Windows 10,” when I had been using an Apple machine at the time, which further proves that it’s a scam page.

A few of the scam emails that I received in my junk mailbox–and once outside–generally shocked me. It’s one of those, “I know your password,” scam emails and the email title is a password you used. I never thought much of it, of course, and nothing happened when I ignored it. The blackmail content didn’t make sense for me, or at least in relation to the way that I behave. Luckily enough for me, the scammers didn’t actually have access to my computer, they just got my password from compromised sites.

After that, of course, I went and did a deep clean of all my accounts and changed all my passwords with a password manager. Here’s why you should do that too.

This made me realize two things. Not only is it important to have strong passwords and to make sure change passwords regularly, but it’s also important to really pick apart any suspicious emails or messages you get.

Making rash decisions might cost you a lot more than you bargained for.

That is how most scams work. They utilize your fight-or-flight mechanism to trick you into making decisions that you haven’t thought through. Remember that video, where a girl is asked to name a woman for a dollar? She panics, blanks, then runs away. That is what being pressured feels like. You just forget and do what is instinctive. Then, some scams include a big red button for you to click on, or a mobile number for you to dial that promises to fix all of your issues. So, naturally, you fall for it.

Of course, you should never dial a number that is being shoved in your face, or click a link that is in an email with some vague and threatening time-limit. In fact, just keep it on your best interest to not click on any links in any email, even if they’re emails from senders that you trust. If they’re from websites you’ve signed up to, then you can probably just go to the website itself to do whatever the email told you to do. Unless the email was sent as a direct result of your actions and you were expecting it, then try not to click on any links.

Let’s take a look at a scam to identify the basic structure of a scam, as they all–more or less–follow the same system.

Steam scam carried out through Discord.

A few months ago, I was contacted by this person called anubxx31 on Discord. They claimed that they had something really important to talk about, lacing their messages with a pleading tone. As you can tell, my responses are chipped. I do not like to talk to strangers on the Internet, especially not if their only shared server with me is a Discord bot support server–a server that I rarely appear in, nonetheless.

After sending me more details of the scam, I immediately noticed the threatening time-limit. I did panic for a moment, but then I remembered: Steam doesn’t function like this. Without proper evidence, they wouldn’t suspend you. If you’re completely free of any wrongdoing, you have nothing to worry about.

I was very dismissive in my messages, which probably caused him to back off. I tried to reel them back in by attempting to get them to send me more material–an attempt at getting their attention so that they may not have time to send baiting messages to others, but I had been too harsh. They had blocked me.

Regardless, we have a few things to go from here. Let’s dissect the screenshot they sent me.

Note: I did not contact John McCaskey Official#9135 after anubxx31 told me to.

The supposed screenshot of the response of the report.

First off, we can see that the message is directed to “Steam User.” Now, Steam does not refer you as “Steam User” when they email you. Here is a screenshot of an email I got from Steam. In fact, more damningly, this is a screenshot of an email that is sent as a direct response after I submitted a help request.

You can see a few key differences here. The email referred to me as “redskiez,” as that is my Steam name. So, unless the person who “reported” you had the display name of “Steam User,” Steam would’ve referred to that person as whatever their display name would be. Next, Steam doesn’t allocate a Valve employee to oversee your request. They are probably, and logically, queued up so that a dedicated team can take a look at your request. Then, they refer back to their webpage as that is their main portal for communication with Steam users. Nowhere in the message do the tell me to contact a Valve employee via Discord, or any other third-party messaging applications.

Then, of course, we can see that an official message from Steam will sign off with, “The Steam Support Team,” and not “The Steam Team.” The footnote is also different. There is a lack of a PO Box address and the Valve icon is outdated and of a wrong aspect ratio.

After all of this, we can come to the conclusion that the screenshot anubxx31 provided is fake.

Next, let’s delve into the profile that they sent me. John McCaskey.

Screenshot of John’s profile page at the time of the scam messages. Also, note that John’s Steam ID is john, not jmccaskey.

Right off the bat, we can see that John lacks the green outline, verification tick, and badge that marks him as an official Valve employee. Here is a screenshot of a Valve employee with a Valve employee badge displayed on their mini-profile (more on why I don’t show their entire profile later).

This doesn’t mean that John is not a Valve employee, or that this isn’t the legit profile of John. After a bit of digging, I found that John is in two official groups that are invitation only. Valve and Steam. These two groups are for people who work at Valve and for people who worked on Steam, respectively. This marks John as an actual member at Valve, although he just chose not to show it.

But what does this mean? Simple answer: this is a real profile of a real employee, that the scammers are just linking to in order to gain your trust. The person behind the profile is not the person operating John McCaskey Official#9135.

While I have not messaged John McCaskey Official#9135, I can deduce what would happen next. They would ask me for a screenshot of my previous transactions, once they see that money had gone in and out of the account, they will then tell me they are sending me a code in order to “get rid” of the report on my account. If I give them the code, they will log into my account, change my password and email, essentially locking me out. They will then extort me for cash, until they deem it is enough to give me back the account.

As shown in previous screenshots, I had reported this to Steam itself. And, not surprisingly, the Steam Support Team did not tell me to contact one of their employees on a third-party messaging app. They responded to me right on their official help page. The response I got is as follows:

As I predicted, Valve can’t really do anything about it as this was carried out on Discord. I also took the liberty to report these accounts to Discord and I got a standard, seemingly AI-generated reply saying that they are looking into the matter.

The anatomy of this scam is pretty cut and dry. They threaten you with a termination of something you care about, something that you probably sank a lot of money and effort into, and then they bank on you making rash decisions under the pressure to gain access to said account, then they threaten you–for real this time–in order to earn money.

Therefore, when faced with anything similar to this, keep calm. Take a deep breath and analyze what is happening. Most things do not have a time limit to it. Especially not when dealing with things like reports. Valve won’t ban their Steam users willy-nilly like that, that’s not how one runs a business.

Also, how does one even accidentally report someone by mistake? In order to report a user, from what I understand, you have to actively click into their profile, click on the three dots, then go all the way to the bottom to press on “Report Player.” That seems like a lot of steps to accidentally make when you’re trying to report a completely different person.

Anyway, logic aside, Valve employees have now posted these messages on their profiles. It’s reassuring to know that any future attempts at scamming Steam users will now be futile if they use the same tactics again.

id/john
id/afarnsworth

Another few things to note about scams: they always seem to send you emails or screenshots with poorly written English, which should never be the case if they come from big companies such as Valve, PayPal, Amazon, or Apple. Secondly, their formatting is always off. The logos are either outdated, stretched, or positioned awkwardly. Moreover, they are never going to refer to you by your name, because they don’t know your name, even though the company they claim to represent already has access to such information.

If you respond to scam emails, they are very likely to ask for your personal information–the kind that, you know, you should never share with a stranger over the Internet. This is a clear mark of a scam. Also, big corporations (banks, the United Nations, W.H.O), rich and famous individuals (Bill Gates, Mavis Wanczyk the nurse that won the USD$758.7M Powerball jackpot back in August 23, 2017) or terminally ill widowers would never email you. Not even randomly. Ask yourself this: how did they even know your email? You might know them, but they certainly don’t know you (unless you signed up for the bank with said email). If you happen to be an account holder of the corporation that supposedly emailed you, please double-check the email address that sent the email. Some email services hide the address, but clicking on “show more” or “more info” will usually reveal the email address. If you do not recognize the email address that sent the email, then don’t bother with it.

Most scammers target the elderly. They are trusting or are not well-versed when it comes to technology. Please, if you are able to, inform the elderly around you. Tell them to be wary of messages they aren’t familiar with and make sure to drill them on what to look out for. Some elderly people will respond to services they don’t even have accounts for.

If you are interested in scambaiting, please be aware of the risks. Do not click on any links. Do not download anything. If you want to help but you don’t want to waste your time talking to scammers, you can forward any scam emails you have received to the Re:scam bot. (At the time of writing, the re:scam bot is currently offline in preparation for phase II.)

If you are interested in watching more scambaiting content, or to learn more about scams, I recommend the YouTube channels Atomic Shrimp and Jim Browning. Atomic Shrimp is a YouTuber that does a variety of content, but he also uploads narrated scambaiting emails, which I consider as passive scambaiting. The purpose of these emails are to entertain, but he does have two or three scam-related videos that educates. Jim Browning is an active scambaiter. He calls up scam support hotlines in a rouse to get them to connect to his virtual computer, then he reverses the connection to gain access to the scammer’s PC in order to dismantle and to learn more about the scam. During these acts, he also helps prevent others from being scammed, such as contacting the victims he finds in the scammers’ machine or actively disrupting any ongoing scams he might have stumbled across.

1 reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s