It’s time for another set of scammer videos from none other than our good friend Jim Browning.
Today we have the first in a trio of videos he produced this past summer on scammers going through very.. obtuse, shall we say, methods, to get into a victims bank account, and how he got into their systems to make their scamming lives a virtual hell, at least, as best he could.
In this particular case, we have scammers posing as British Telecom, or BT, to catch the attention of the scam victim. Should the victim call back, as Jim does here, you get the typical tech support scam story, in this case the “other people are using your internet connection to do bad things” (or something like that) story. Of course, the internet doesn’t exactly work that way, but we all know their targets are people who have no clue how things work, and will panic at the thought of this.
We start, as usual, with good old teamviewer – the scammer has the victim install the software to gain remote access to the victims computer, but in this case puts up a front that he cannot actually see the screen – a key element in the scam, set up early so as to not alert the victim to what is eventually to come.
Of course, the typical other tech support scam tricks, event viewer, and the good old “typing a message at the command prompt” trick is shown as well, the usual things to impress people who don’t have a clue how technology works – grammar failures and spelling errors be damned, right?
Next up, for this scam, the scammer has the victim navigate to the NCA (National Crime Agency in the UK) website. More lies come, with the scammer acting like the victim has been allowed “secret” access to some hidden data, while stating that 2 criminals wanted on charges certainly not related to “hacking” shown on the page are the hackers in question.
Of course the scammer wants the victim to not spend time reading the site, wanting them to close it quickly because they “aren’t allowed to show the website” and all that crap. Clearly he doesn’t want the victim to actually read what the people named are actually wanted for.
The scammer then goes on to throw out some location names and what have you, saying that the victim is going to help, being given “secret work” that will save “thousands of lives!” It’s some junk right out of an action movie, but delivered by someone as good at acting as a potato.
Now here’s the bait – for helping with this “secret work” the victim is going to get £1000 as compensation! This is where the magic of the scam happens – yes, all the stuff above was just the basic setup, and what a setup it was. Give these scammers the Oscar right? Yeah….
So the scammer puts the victim (again, our friend Jim) on “hold” while he does fuck all (claims to be talking to his supervisor and his “investigative team”) before transferring Jim to the “billing” team, but not before going on again about the magical “Secret Work” that Jim will be doing. Yep. Secret work. Never share information with anyone, it’s a super secret work! Did I mention it was secret work, because it’s secret work. Don’t tell anyone. Got it? It goes on like that for a while even ending with the hilarious notice that his secret work “will be recorded for quality and training purposes!”
Now here is where things get clever – after setting all this up, he has the victim press the Windows key + U. This brings up the “ease of access” prompt, which the scammer eventually closes, but not before he loads up from his end the request to blank out the victims screen – this is where the scam gets dark, no pun intended.
At this point the scammer wants the victim to install a screen blanking driver which will, well, blank the screen of the computer. This is for “security” and, well, it’s not a lie – it is, but here it’s, of course, it would be used for something more sinister.
In this particular case, since Jim has a document called “Bank Info” on the desktop, the scammer blacks out his screen (which, for whatever reason fails) and, with Jim lying about the screen being blank, the scammer goes and copies this document to his own computer. I can only presume that were this a different situation the scammer would use whatever methods he could to get the victim to log into their bank account and then, once they are actively in the account, they would blank the screen on the victims end and gather whatever information they can – in this case, opening this very tempting document.
Incidentally, it doesn’t open on Jim’s computer, so the scammer goes and copies it to his own machine. This is where the magic of scambaiting comes in – that bank info document isn’t a document at all – it’s an executable file, one that allows remote access to any machine which opens it. You can actually hear in the video the sound of the scammer opening the file, setting us up for the following videos.
Scams always evolve, but the broad tactics never seem to change – they just shuffle up what they do each time, and in this case, it’s a mix of the old and the new, but a mix out friend Jim was ready for.
Next, we hit on what happened after that scammer opened that file, and have a little fun.