Scam Busting

Email scams have been a problem almost as long as there has been email.  Today's joint is not about the basics of that, I have dealt with those before

Scambusters is a great source of detailed information about these scams, and how to avoid being taken in.  But what I want to explore here is a practice that is a source of some consternation: scamming the scammers.  People reply to email scams as if they were interested in the "offers" or "opportunities." Their motivation for doing this is wasting the scammers' time, supposedly keeping their attention away from others who might be taken in, while they are responding to people who, in turn, are determined not to become victims. If you explore 419 Eater, you will find a lot of material there about this practice, including a page of discussion about whether or not this is ethical.  What is not well-treated on that page is, the fact that emailing lies intended to induce action based on false pretenses is exactly as illegal when it's in reply to same.

419 Eater has been around for fifteen years.  A more recent innovation has been, not surprisingly, to automate the process of scam busting.  One example is Re:scam, a service of the New Zealand org NetSafe.  Its purpose is also to drain profitability out of email scamming, by wasting the scammers' time in unproductive conversations but here using bots posing as willing marks, not volunteer cyber-vigilantes.   

Now for the bad news.  I forwarded an email to Re:Scam and a reply came back telling me the service was on hiatus.  A forward to another site publicized recently, sp@mnesty.com, simply bounced.  No specific word on why these are not currently functioning.  Possible reasons include, issues with the technology working well... issues with the resource requirements (i.e., costs), and issues with the legal authorities.  Again I caution readers on the legality and ethicality of fighting fraud with fraud. Be careful out there!

This article was updated on 2023-05-13 06:51:10

CISO-in-a-Box

Infosec geekosaurus.  All opinions my own.

Information security since 2005.  IT... well into my second millenium.