Stopping Scams with Education, Awareness, and Empowerment

Scams and fraud are everywhere, and the problem keeps getting worse. Scammers keep coming up with new and innovative ways to steal from people. But fraud fighters are also coming up with new and innovative techniques for stopping scams and empowering people to protect themselves. Blogs, books, and even TV shows are tracking scammers, fighting back, and educating consumers on how to avoid becoming victims. See Only 10 Seconds to Expose a Scam with Nick Stapleton for a complete transcript of the Easy Prey podcast episode. Nick Stapleton is the producer and presenter of the BBC series Scam Interceptors – a BAFTA Award-winning program that works to expose fraud and protect victims in real time. He also provides scam advice on the BBC’s Morning Live show, which is similar to the US’s Good Morning America. His self-help book about how not to get scammed, How to Beat Scammers , includes both a list of all the scams he’s aware of and tactics you can use to spot scams and defend yourself against them. Nick worked on investigative filming for over a decade before Scam Interceptors, working his way up from being a researcher to directing his own films. He specialized in secret filming, which included a lot of undercover work exposing shady business practices. One of the people he worked with saw a collaboration scambaiter Jim Browning did with the investigative TV show Panorama and suggested a show using scambatiting techniques but focused on the victims—finding them before they pay and preventing the scam. Nick was in the right place at the right time. And his experience dealing with shady business practices segued surprisingly well into the world of scams. Five years later, Scam Interceptors has done four seasons and it’s Nick’s full-time job. Nick has never been scammed (that he knows of). But he’s come extremely close. Since he has some notoriety in the UK as someone stopping scams and working to thwart scammers, a lot of scammers target him. One particular one nearly got him. Nick uses Meta for Business because sometimes he needs to run ads on Facebook. One evening, he got an email to the email address connected to his business account that there had been a copyright strike on one of his videos. He had just posted a video that had music, so it seemed plausible. The email said he’d received a notification in the app Asana. It was late at night and Nick was in bed, sleepy, and shouldn’t have been checking his work emails. He’d never heard of the app before, so he googled it. It was a business communication app, similar to Slack. Meta using Asana to contact people seemed unusual, but not implausible. He downloaded the app and set up an account. There was a notification in his inbox. It was perfectly written in corporate language. It didn’t claim to be urgent, but said he either needed to take the video down or respond with a form. Nick didn’t do anything that night, but the next morning it was the first thing on his mind. And the link at the bottom of the form went to facebook.com. He knew enough to spot a suspicious URL, and this one was genuine. That convinced him that it must be legitimate. He clicked. The link took Nick to a form that was actually on facebook.com seemed legitimate. But when he got to the bottom of that form, there was another link. He thought that was weird, and the link was a shortened URL so he couldn’t see where it went. But it was six in the morning and he wasn’t fully awake yet. He turned on his VPN for a little extra protection and clicked the link. It took him to the most beautiful Meta for Business site he’d ever seen. The Meta logo was animated on screen, with the WhatsApp, Instagram, and Facebook logos sliding out of it and then washing back in. Then all the logos dissolved away and revealed the best Meta for Business clone he’s ever encountered. It assuaged all of his concerns. This may have been a weird way to get him here, but it had to be real. He filled out the form, and when he got to the bottom, it asked for his username and password. That’s where he stopped. He was already signed in. There was no way the form needed that information. He started looking around the site, and all the links were dead. The scammers went through all the trouble to make such a good site and fell down on the last step. If they’d made more than just the one page, Nick thinks he’d probably gone through with it. There’s no doubt in his mind that if he’d put his information into the form, they would have taken over his account. It’s still one of the highest-effort account stealing attempts he’s ever seen. Nick’s work stopping scams and educating people about them leads a lot of people to reach out if they’ve been victims. Tons of people tell him about having their accounts taken over. If you have a business account where you’ve worked for years to build an audience and use to sell products, it would be devastating if a scammer got control. One person that reached out to Nick told him that scammers hacked her account and said if she didn’t pay what they wanted within twenty-four hours, they were going to post things to get her permanently banned. She felt like she had to pay to protect her livelihood. When she did, they just demanded more. She was lucky. When she went to the police, one of the officers had a connection at Meta. They showed them screenshots, and she got her account back. Most people aren’t that lucky. It’s crucial to turn on two-factor authentication on any account that matters to you. Nick saw a figure at one point that said 300,000 Meta accounts per day were getting hacked. The only recovery process sends a notification to your email address on file. But a hacker can easily change that. What’s the use of a one-time password if it’s sent to the wrong email address? It’s useless. I’m always banging on about 2FA and how important it is to set it up on anything that you really care about. If you’ve had the account for a long time, there are a lot of new security features that aren’t enabled by default. This includes things like designating trusted friends and face recognition for people with verified accounts. But you can’t turn security features on after the fact. Check what your options are and enable them! When it comes to dealing with fraud and account takeover, people’s expectations are very wrong. Most people expect that the social media platform will look after them if something happens. They’ve been a trusted user for so many years and put time and effort into the account, so surely the network will want to help. But the reality is that the network just doesn’t care. As the saying goes, if you aren’t paying for the product, you are the product. The cost for a single customer service interaction is high, so most networks choose to have no customer service. Your bad experience doesn’t harm shareholder value, so they see no reason to look into it or help you. Scams and fraud are so big globally that this applies to more than just stolen accounts, too. Stopping and fighting scams is challenging. In the UK, scammers go to prison in about 0.1% of cases. One scam victim out of every thousand gets justice. People expect that if they get scammed, police are going to leave no stone unturned to get their money back. But there’s so much of it going on that they can’t. When Nick was first diving into the world of scams and stopping them, he was surprised by the size of the scam operations out there. Scam Interceptors found whole office blocks, thousands of people whose 9-to-5 job was stealing from people. He couldn’t understand why nobody was arresting these people. But now he understands better. These scam call centers are mostly operated out of South Asia, increasingly Southeast Asia, and to some degree the Middle East. But they only scam people internationally. There was even a scam center in the UK recently, which is unusual, but they weren’t scamming people in Britain. If it’s across borders, it’s much harder for police to do anything about stopping the scams. [Scams] have got to be cross border. Otherwise the police might actually do something. Some outfits Scam Interceptors investigated would have most of the people doing grunt-level work and then passing victims to “closers” to actually get scammed. A few were big enough to even have their own IT and HR departments. One, VRM Business Services, had a seven-floor office building where six of the floors were doing legitimate work, but one floor made money doing scams. The legitimate work helped launder the money and made it harder for authorities to figure it out. Pig butchering especially is horrific. Most of these scam call centers are just an employer. But pig butchering compounds are mostly forced labor . They’re run by organized crime who lure people in with fake jobs and force them to work. In some cases they’re threatened with violence; in most, they take victims’ passports and don’t let them leave. And pig butchering is hugely profitable – the average take is exponentially higher than other types of scams. In the past, asking someone to get on a video call with you was a good way to weed out scammers. Now there’s techniques to do that. Techniques for stopping scams are evolving, but so are scammers. You used to be able to spot an investment scam by trying to take out some of your money right away. If you couldn’t, you knew it was fake. But these days scammers might even suggest taking a little of it back out, and it works. When you can make a withdrawal, you trust that it’s real and put more in to be stolen. One of the pig butchering compounds Nick saw while working on Scam Interceptors paid two models to live there full-time. They provided the photos and videos the forced laborers used to sell the scam. Whenever a target started doubting, the scammers didn’t need a deepfake – one of the models could get on a video call. If they can afford to pay models to take video calls from targets full-time, it’s so much harder to know it’s a scam. Local governments often don’t intervene in scam operations for a number of reasons. It’s often some combination of not having resources, being paid off by the scammers, or not considering it a high priority since victims aren’t in their country. Some Middle Eastern countries have started caring more through diplomatic efforts. But as far as collaboration between the UK and India and Pakistan, Nick is only aware of one scam center being shut down in the last decade. As far as I’m aware, there is one example of a scam call center being shut down in the last ten years. It’s often hard to motivate other countries to do anything about stopping scams when the victims aren’t from that country. The situations where they do usually have an unusual element. Often a big tech company finances the investigation, or it’s a scam compound targeting domestic victims as well so there’s more political capital in stopping it. But the situation is surprisingly nuanced. In India, 25% of the population is vulnerable to extreme poverty. If they don’t get paid, they don’t eat. And they have 15-18 million university graduates entering the workforce every year. There just aren’t enough jobs. Then criminals come in and offer well-paying jobs doing scams. It’s difficult to resist when your choices are work or starve. And in many places, these scam businesses are registered and pay taxes. If you’re a government and your options are to let this business keep scamming people outside your country or to put thousands of your own citizens at risk of starving, stop getting tax revenues from this business, and humiliate the directors who are probably friends of friends, what would you do? This [scam] problem has gotten so bad that we can’t really expect anyone else to come to our aid. Scams are a difficult problem to solve because of exactly that situation. Unfortunately, the conclusion Nick came to when writing his book is that it’s ultimately up to the victims to stop it. The UK has decent legislation when it comes to scams and fraud. But a lot of it is down to the individual. There are plenty of ways to steal your money that aren’t covered by these laws. We need to be aware of what’s out there and try to understand it. Otherwise, any of us could get scammed. If stopping scams is on us as the consumer, it’s important to know how. Nick’s best piece of advice is to assume any unexpected contact is a scam until proven otherwise. Whether it’s a phone call, text, email, or message on social media, even if it looks like it comes from someone you know, verify first. Assume absolutely anything that comes completely out of the blue is a scam until proven otherwise. Do your due diligence to find out if it is a scam. Even though it’s extra effort and may seem unnecessary, it’s worth it. The emotional and psychological consequences of getting scammed can be huge. And it doesn’t have to be challenging. With a phone call, tell the person that you’re not sure they are who they say they are, and you’re going to hang up and call back. Then look up whatever organization they claimed to be from, find the official website, and call the number from there. It’s the only way you can be sure you’re talking to the correct person. Caller ID is very easy to spoof, and lots of scammers are very good impersonators. If a text message has a URL, don’t open it! If it’s shortened, see if you can press and hold to make it expand or use a link expander service. When a text claims to be from a business, find the company’s official website and compare the URL. You can even contact them directly to verify. This also works for emails. If you do the due diligence, you will never regret spending your time on that, because it’s considerably less painful than getting scammed. DMs on social media are harder to verify, because we often solicit messages on social media. If you make a post in a dating group looking for connections, it feels strange to assume messages are a scam. Nick’s rule is if you haven’t met the person face-to-face, don’t send money. It’s a good rule to live by. Buying and selling online is more complicated. If the profile was created three days ago and both photos on it are AI -generated, that’s obvious. But when scammers are using taken-over accounts, it’s not aways so clear-cut. Don’t send more money than you can afford to entirely lose. You need to be aware and on top of the information that’s out there [about scams], try and engage with it and understand it. Otherwise, this can happen to any of us. Scams are challenging, increasingly sophisticated, and extremely prevalent. And stopping scams is, for the most part, up to us. Protect yourself by knowing they’re out there and that anyone can be a target. Be suspicious of all unsolicited or unexpected contact. It’s infinitely better to take the extra time and effort to verify than to get scammed. The old saying is that knowledge is power, but when it comes to stopping scams, knowledge is also protection. Share information about scams and how to avoid them with your loved ones, too. You can find Scam Interceptors on Instagram and TikTok . UK residents can watch the show on iPlayer . (Nick would never condone non-UK viewers downloading a VPN and setting their location to the UK to watch it.) You can find Nick Stapleton on Instagram @staplenick . His podcast Scam Clinic can be found wherever you listen to podcasts, and his book How to Beat Scammers is available on Amazon.