Only 10 Seconds to Expose a Scam

“I made a film about a psychiatrist who lost half a million pounds to scammers. If someone trained in the human mind can be groomed, anyone can be.” - Nick Stapleton Share on X

What if you could stop a scam in real-time before the damage is done? In this episode, I’m joined by Nick Stapleton, an investigative journalist and the face behind Scam Interceptors, the BAFTA award-winning BBC series that exposes online fraud and steps in to protect victims as scams unfold.

Nick brings a decade of undercover documentary experience to his current mission: fighting digital deception and empowering everyday people to stay safe. He shares jaw-dropping stories from the front lines, including the near miss that almost caught him off guard, and breaks down the complex operations behind everything from romance scams to global scam compounds. 

As the author of How to Beat Scammers, Nick also gives practical advice on how to recognize red flags and build your own defense against a rising tide of fraud.

“I always bang on about two-factor authentication. Use an app, not just your phone or email. It's the best line of defense for anything you care about.” - Nick Stapleton Share on X

Show Notes:

• [01:06] Nick presents a show called scam interceptors for the BBC. He also does scam advice on a chat show called Morning Live. He also wrote a self-help book about How To Beat Scammers.
• [01:59] We learn how Nick got into the space. He began in investigative journalism and hidden camera work and now 5 years later Scam Interceptors is his full-time job.
• [06:17] He came very close to becoming a victim of a scam, because a lot of scammers try to get him. 
• [14:30] About 300,000 accounts a day get hacked on Meta.
• [15:10] There are things you can enable on Meta to help protect your account.
• [16:43] In the UK scammers rarely go to prison.
• [17:18] When he first started the series the scale of some of the scam operations out there really shocked him.
• [18:43] There can be 200 people working in a scam call center.
• [20:52] A lot of the people who run pig butchering scams are indentured slaves.
• [24:12] They would even hire models to have video conversations with potential scam victims.
• [25:22] Why local governments don't break up these scam centers.
• [26:38] It's difficult to motivate the authorities when the victims aren't from that country.
• [29:21] APP refunds in the UK. In most cases we need to be aware and protect ourselves.
• [30:52] Assume everything out of the blue is fake. Come from a position of skepticism.
• [35:04] When investigations go wrong filming the show and they lose people to scams.
• [39:10] When the show first began, sometimes the people they were trying to stop from being scammed thought they were the scammer.

“Since I gained a bit of notoriety in the UK for trying to stop scams, scammers have tried to get me too. I think it’s like a feather in the cap for them.” - Nick Stapleton Share on X

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review. 

Links and Resources:

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Nick Stapleton
• Scam Interceptors
• Nick Stapleton – Instagram
• Nick Stapleton – LinkedIn
• Nick Stapleton – Facebook
• How to Beat Scammers: The Complete Guide to Keeping Yourself Safe from Fraud
• Morning Live
• Scam Clinic Podcast

Transcript:

Nick, thank you so much for coming on the podcast today.

Thanks for having me, Chris. I really appreciate it.

I’m looking forward to this. Can you give myself and the audience a little bit of background about who you are and what you do?

My name is Nick Stapleton. I present a show called Scam Interceptors for the BBC, and I also do scam advice on another chat show for the BBC called Morning Live. It’s a little bit like Good Morning America or something like that.

I wrote a book called How to Beat Scammers, which is a self-help book about how not to get scammed, which includes a compendium, a library of all the scams that I know about, and tactics you can use to spot them, because I’m well aware that obviously writing a list of scams, there are going to be 500 more by the time the book’s out. I wanted to make a way that people could learn about lots of scams, but also build a bit of a suit of armor that they can protect themselves against other scams with.

Cool. How did you get into this space? Were you scammed and that’s why you wanted to start Scam Interceptors, or was there some other tipping point that got you interested?

I’ve worked in investigative documentaries in the UK on television for more than 10 years and before Scam Interceptors started. I worked my way up from being a researcher to directing my own films.

My specialism was always secret filming. What that means is basically wearing body cameras or filming in clandestine ways to achieve investigative goals. In my case, that was doing a lot of undercover and going into companies, basically, who were doing sharp business practices and exposing them, or working in places where they had terrible working conditions and exposing that.

Because that was always my specialism, I had worked with a lot of people within the BBC who dealt with ethically difficult subject matter. One of those people was the guy who came up with the idea for Scam Interceptors.

He had seen a famous Panorama. I don’t know if you’re familiar with Panorama. It’s the BBC’s flagship investigative show in the UK. He’d seen a Panorama where Jim Browning had collaborated with Panorama. Jim Browning, the godfather of YouTube scam-baiting.

He thought we could do something with Jim Browning, where instead of using Jim’s technical skills to secretly film people who are making scams and then expose particular scam groups, we could be focused more on victims. How we can prevent people from being scammed.

If Jim can tap into the phone networks of scammers, we could listen to their calls, we could then use the skills we have as investigative journalists to work out who those people are and contact them or their family members prior to them actually paying out.

Now doing that is full of journalistic and ethical mine fields, basically. On the one hand, you are operating a hack, so you are doing something, which is in its essence, naughty, some might even say illegal. You are dealing with a huge amount of people’s personal information, a huge amount of people’s private lives, and you’re also having to get on the phone and then talk to those people.

What he wanted when he came up with the idea was for an onscreen journalist to present the show who had dealt with similar concerns throughout their career, basically. He knew he wouldn’t be able to be there all the time, because he’s an exec producer and he’s got lots of different shows to run. He wanted someone he could trust for that role to make all those decisions, basically. I was in the right place at the right time in that I’d worked with him a lot, we really trusted each other, and he asked me if I was interested in doing on-camera work, so I said, “Yeah, I’d love to give it a go.”

At that point, none of us really knew whether the idea of Scam Interceptors would work at all. Then it very much did and I, in the process of that—this was around COVID; it was the first series we made in 2021—became very familiar with the fact that a lot of my work in investigative journalism was very much adjacent to the world of scams and fraud.

But then when COVID happened, suddenly so many people who were doing the stuff I was investigating before—setting up businesses in the UK that were completely intended to defraud customers but were dressed up as real businesses—were moving into more scammy end-of-the-spectrum stuff. Scams after COVID when the world went remote just went insane.

I thought there was potentially an opportunity for me there if Scam Interceptors worked to try and turn scams into my full-time profession, because I’ve always been in and around this world. I know it really well. I know the nuts and bolts of how these criminal organizations work because, in many cases, I have worked inside them doing undercover stuff. Now, Scam Interceptors has done four series, we’re five years later, and this is my full-time job.

Nice. You have been doing this as a full-time occupation for the last couple of years, and this has been your bread and butter. Have you ever been a victim of a scam?

I came so close. I’ve never actually been on the receiving end of a scammer I paid out. But since I gained a small degree of notoriety in the UK as somebody who is trying to prevent people from getting scammed, I’ve had a lot of scammers try and get me because I think it’s maybe a little bit of a feather-in-the-cap thing for them. This particular one was so close.

I have a Meta for Business account because I sometimes need to advertise things that I’m doing or whatever, so I have this business account. I got an email to the address that I used for my business account, which told me that there’d been a copyright strike on one of my videos. I just put something out that had music on it.

I thought, “Oh, hmm, OK. That’s plausible.” The email was a notification that I’d received a message in an app called Astana, and I’d never heard of that before. I should add, at this point, it is very typical of people who go down this road. Sometimes it was late at night, I shouldn’t have been reading work emails. I was in bed and possibly a little sleepy.

I saw this Astana thing and I thought, “That’s weird. I’ve never heard of Astana before. I’ll Google it.” Basically, it’s like Slack. It’s a business-to-business communications app. I thought, “Hmm, I’ve never heard of Meta using Astana before to contact people, but it’s plausible.” I couldn’t find anything to suggest that that wasn’t the case in my quick research online, so I thought, “I’ll download Astana. I’ll just set up an account quickly, and I’ll see if this is legit.”

I downloaded Astana, I signed up using the business email that I’d received this notification to, opened the app, and there’s a message in my inbox from Meta. I thought, “Oh, this is a little unusual. Maybe this is actually legit. I’ll read the message. There’s no harm in opening the app and reading the message.”

I read the message and it’s like this perfectly written corporate communication about a copyright strike. It wasn’t, like, “Urgent. Urgent. You must take action now,” but it did say, “You need to either take down the video, or you need to respond to this form.”

I basically shut my phone, went to sleep, woke up the next morning, and it was the first thing that came into my head. I thought, “Oh, I better deal with that. Otherwise, the video’s going to get taken down. That’s going to be really annoying because I’ve paid for it. It’s there so that I could sell tickets to something.” Open it up, look at the message again. There’s a link at the bottom to go to a form that was on facebook.com.

This is the thing. This is the bit that really got me. The form to fill out the copyright strike was within Meta. It was within their sphere of influence. Again, I was like, “OK, this must be legit. I need to click through.” So I click through and I get to the form. It was called, like, “Copyright Assistance Inbox Form” or something like it. It was slightly odd, but again, at this point, it’s like six in the morning. I’m a little blurry-eyed and I read through it all. Get to the bottom and there’s another link.

At this point I was like, “Hang on. This is weird. Why would they bring me to their site and then send me somewhere else?” But the other link was shorturl, so I thought there’s no harm. I’ll just copy-paste it, and I’ll see if I plop it into a tour or whatever. I’ll just see where it goes, so I’m at least protected.

I can’t remember what I did. I think I turned on a VPN and then I stuck it in just to see what the score was. It took me to the most beautiful Meta for Business website I’ve ever seen in my entire life. I’d never interacted with this particular part of Meta for Business before, but it was basically the Meta logo that appears, animated on the screen, WhatsApp, Instagram, and Facebook all slide out of it and then wash back into it. It dissolved away and revealed the best-looking Meta for Business clone I’ve ever seen in my life.

I looked at it again and all my concerns drained. I was like, “Oh, OK. This isn’t a scam. It’s a weird way to get me here, but this must be real.” So I started filling out the form, because now I’m actually looking at a thing with boxes that I can put information into.

I got to the very bottom and it asked me for my username and password. By this point I’d spent five minutes maybe putting information into it. When I saw the username and password thing there, I was just like, “No. I’m signed into my account already. There’s no way they need this information. Why would I have to do that?”

So I started looking around the site and all the links were dead. They’d gone to the trouble of making this gorgeous thing, this animation and all this complication to get me there, and they fell down on the very last step. If they just made more than a landing page, I reckon I might have gone through with it. But the fact that it was asking me for my username and password was the thing that stopped me. Had I put that in, I don’t doubt they would hack me in ransom outback. No doubt at all.

All those things are really plausible for you if you’re a content producer. I’ve gotten a copyright strike on my own. There was no content in there that wasn’t mine. There was no music. There was nothing, and it was like, “OK.”

Video that I had just put out as well. I was like, “Oh, OK.” So whoever did this must have been watching my account and gone, “OK, he’s just put a video out. Send the thing.” And they’ve sent the thing, then they’ve obviously had that landing page and all that stuff all designed really high level.

It was so good that I screen recorded it and I posted it on Twitter as it was at the time. I got so many people going, “What? This is the craziest clone I’ve ever seen. That is such good web design. Who bothers to do that just to steal somebody’s username and password?” The effort level was high. It was very high. One of the highest I’ve seen in terms of just trying to steal someone’s account, presumably to ransom it back.

I’ve had a couple of people that I know that someone got into their Facebook for Business accounts, and ended up using them to run ads with stolen credit cards. The person didn’t even know that their account was being used because it wasn’t hitting their credit card.

Very clever.

It was just a vehicle that was used to exploit other people effectively.

I’ve had so many people get in touch with me about this, because I know if you’ve got a business account that you’ve worked at for years and years, and you’ve got a high-follow account because you’ve been plugging away at it and you use it to sell your products or whatever, that thing is going to mean a lot to you. I know. Don’t get me wrong. I would be really annoyed if someone hacked my Instagram because I put time and effort into it.

But basically, what these guys did who hacked this person was they got control of her account, which was a shop and had products that she sells to people. Then they basically said to her, “If you don’t pay us what we want within 24 hours, we are going to post content that’s going to get you permanently banned.”

They’re basically saying, “Money or we’re going to post beheading videos,” or whatever it might be. Then suddenly your account is gone forever. The choice was none, so she felt like she had to pay. Of course she paid them money and then they just asked for more.

Thankfully, eventually, she was very lucky in that, I think, she went to the police. The police that she went to—she lived in London—had a contact at Meta, went to them and showed the situation, showed screen grabs, and she got her account back about. They didn’t go through with their thing of posting the beheading, by the way, but I think about a week later, she got her account back.

I constantly get people saying, “Hey, can you help me? Do you have a contact at Meta?” I’m like, “Nope. Sorry.”

I think people start to say that to me as well because, honestly, the message I get almost more than any other is people saying, “My social media’s been hacked,” or, “This account I really care about has been hacked.” I’m always banging on about 2FA and how important it is to set it up on anything that you really care about, particularly, ideally, with a verificator app rather than using phone and email or whatever.

I think I saw a figure at one point that suggested there were about 300,000 accounts a day getting hacked on Meta, and that they don’t have a process to help you get it back. The process they have is dead if someone gets into your account and changes the details of where the information should go. What’s a one-time passcode going to be to you if it’s going to the wrong email address? Nothing.

What’s a one-time passcode going to be to you if it’s going to the wrong email address? Nothing. -Nick Stapleton Share on X

And if you’ve had an account for a long time, a lot of new features have come into play since then that aren’t enabled by default. There are things that you could do like delegate other people’s trusted friends, and if three out of them say, “Hey, I think my friend’s account has been hacked,” they’ll roll it back to the previous mechanisms. But you can’t enable that feature after the fact if you don’t know about it.

That’s it, and I think so many people have no idea that that’s the case. I was very glad to see that they finally brought out a facial recognition thing for people with verified accounts the other day. Basically, if you get hacked and you are verified, you can do a video where you turn your head and say certain things, then you’ll get it back, supposedly.

It’s a classic fraud problem in that, basically, the expectation versus the reality of it is completely warped. The average person’s expectation—because they are on a social media platform—is that that platform will look after them if something goes wrong, and they think, “I’m under this umbrella. These guys are going to be my friends because I’m a trusted user who’s been here for years, and I put my time and effort into this account.” They don’t care.

Well, it’s that phrase: If you aren’t paying for the service, you are the service. And they don’t really have a whole lot of motivation to solve customers. The cost to deal with one customer service interaction has got to be tremendous, so let’s just have no customer service.

Exactly, and how does your experience diminish shareholder value? It doesn’t. There’s no reason for them to be invested in it. That is unfortunately the problem of scams, and fraud has gotten so enormous globally that you can repeat that and apply it to a bunch of different areas of scams and fraud.

People’s expectation, again, is that if they lose £2,000 to a scam, police are going to move hell and high water to actually get their money back, but the reality is there’s so much going on that they don’t. -Nick Stapleton Share on X

In the UK, we have people “receiving justice,” as in their scam are going to prison in 0.1% of cases in the UK. That’s like one in every thousand people who experience fraud seeing some justice. People’s expectation, again, is that if they lose £2,000 to a scam, police are going to move hell and high water to actually get their money back, but the reality is there’s so much going on that they don’t.

In running Scam Interceptors, is there anything that surprised you that you learned while producing it?

It doesn’t surprise me anymore, but it definitely surprised me at the time. When we made series one, the thing that really struck me was just the scale of some of the scam operations that are out there. The more I’ve lived in this world and the more I’ve seen the nuts and bolts of how these guys work, the more I’ve understood quite how ridiculous it is.

When we made series one, the thing that really struck me was just the scale of some of the scam operations that are out there. -Nick Stapleton Share on X

The fact that there are office blocks with 2,000–4,000 people working in them, whose entire 9–5 is just trying to steal your money in some way or another, that really did scramble my brain for a couple of years. I just couldn’t believe that there wasn’t more being done from an enforcement perspective globally about businesses of that size trying to defraud people.

The fact that there are office blocks with 2,000–4,000 people working in them, whose entire 9–5 is just trying to steal your money in some way or another, that really did scramble my brain for a couple of years. -Nick Stapleton Share on X

I now understand better why that has been allowed to carry on for so long and why that continues to exist. I’m talking here about like your mainly South Asian call centers, but then also now increasingly actually pig-butchering scam compounds all over Southeast Asia, and to some extent, the Middle East as well.

Even in the UK, there was one on the Isle of Wight the other day, which was bizarre. Of course, not scamming people in Britain because it’s got to be cross border. Otherwise, the police might actually do something. But the size of them.

We had ones in Scam Interceptors that we would investigate, and we would realize that there were maybe 200 people working in this particular call center who were just doing the scam bit. So literally grunt level pretending to be a bank and then passing you onto a closer.

But then, some of these guys were that big and had an IT department as well. They’ve got someone whose job it was to make sure their telephony didn’t collapse. One of them, in particular, who we explored a lot in series one and series two of Scam Interceptors that Jim Browning did a lot of videos about, called VRM Business Services, had their own human resources department as well to run their payroll.

You’re talking about a full-size, public-facing—to look at, you would think legitimate business who just had one floor out of seven where they were running scams, and the other six floors were doing legitimate work. They might be, for example, doing questionnaires or doing marketing of some kind, or the government calling people up and doing polls or whatever for the government in India. But the one floor that was making the money was the one that was doing scams.

Then of course when you’ve got all the other legitimate work to wash the money in, how difficult is it for the authorities to work out that you’ve got one floor of guys running scams? So yeah, the complexity, the richness of that, the depth of it, and the scale of it really blew my mind.

And that doesn’t surprise you anymore, the more seasons you do?

No, because after a while, you become desensitized to it. Since then, I’ve seen the rise of pig-butchering scams, and the scale of that is just unbelievable. There, you’re talking about even more horrific conditions.

At least the guys who are working in, say, a Calcutta scam center where they’re doing scam calls to the US or the UK pretending to be mobile phone operators, or your bank, or whatever it might be are just doing the 9–5. They are usually young people, 18–25 years old, probably fresh out of college or university, probably got a degree, decent IT proficiency, and who found a job that pays quite well in a place where there aren’t many jobs around that pays quite well.

In these pig-butchering compounds, you’re talking about people who are indentured labor. They are effectively slaves. They can’t leave. That’s why I call them compounds. They’re run by Chinese organized crime, and they basically bus people in who think they’re coming to do a different job. Then when they get there, they find that they’re in a walled compound.

A lot of them, for example, are former hotels, so places where they used to have a huge amount of tourism pre-COVID and then it all went a bit wrong. There’s a lot of them in a place called Sihanoukville in Cambodia, which is on the beach town in the south of Cambodia.

All they’ll do is they’ll get an old hotel, put grills on the balconies, and then they’ll turn the rooms, some rooms into offices and some rooms into keeper’s accommodation. Bus people who think they’re doing a different job, get a thousand of them in there running pig-butchering scams, and force them to work.

When you’re talking about being forced to work, you’re talking about, in some cases, being threatened with violence, but in most cases, just taking their passports away and saying, “You can’t go until you do X amount.” Or, “If you do X in your first month, you can go home.”

The success of pig-butchering scams is unbelievable, the amount of money that these people are making compared to other scammers. -Nick Stapleton Share on X

That is the real dark end of the scam spectrum right now, I think, and it’s huge. The success of pig-butchering scams is unbelievable, the amount of money that these people are making compared to other scammers. The average take from pig-butchering scams, it’s like tens of thousands rather than the low thousands that I would normally associate with an impersonation scam. There are victims on all sides of it. Really, really, really sad.

The average take from pig-butchering scams, it’s like tens of thousands rather than the low thousands that I would normally associate with an impersonation scam. There are victims on all sides of it. -Nick Stapleton Share on X

It’s interesting because I’ve seen from the people that I’ve dealt with that these scams are getting more sophisticated. Back in the old days, I would say, “Oh, if the person won’t jump on a video call with you, then you know they’re a scammer.” Well now, they’ve got all sorts of techniques where they can do that.

Then with the investment scams, it was, “Hey, just try to take some money out right away. If you can’t take your money out, it’s a scam.” And now, there was someone who approached me, they had invested a small amount of money and supposedly doubled it.

The person running the scam said, “Hey, you should take some money out, that way in case the investment does poorly, you haven’t lost all your money.” The person’s like, “Oh, that’s a good idea.” Takes some money, takes about a half of the original amount out.

That ultimately ended up “proving” to this individual that, “Oh, it must be legit because if it were a scam, I wouldn’t have been able to get any money out.” Then dumps his entire savings in there, his entire retirement in there, tells friends about it, they dump their retirement in there, and then it all just disappears.

Yeah, and suddenly one day he signed on the website—doesn’t exist anymore. You’re so right to make that point. I remember the first time I saw the inside of a proper big pig-butchering compound. Jim Browning had an insider. He showed it to us, just in case we wanted to use it for Scam Interceptors.

These guys were paying two models to live there full time. Glamorous-looking women who provided the photos and videos to sell the pig-butchering scam. Then when they had a target who was wavering and was thinking that they might not put their money into the crypto scheme that this woman had told them was doing so well for her, that she’d have a video call with them.

It’s like you said. Back in the day with a romance scam, you would’ve said to someone, “Oh, well, have you ever seen them in person? Have you ever been on the phone?” If these guys can afford to pay models to stick around and do a full-time job for them where they can take video calls from targets, how are you supposed to know that’s not a scam?

That’s what I really felt about pig-butchering scammers that I’ve seen, is that they have you every which way, and that they’ve really got all angles covered in a way that previous scam groups that I’ve seen haven’t.

I remember that group, particularly. They were in the Middle East. They had so many people working in their building that they ran out of bandwidth. What did they do? They paid for a 5G truck to be parked outside the compound. You could see it on Google Maps. They had this massive flatbed that had a huge satellite on the back of it parked outside the compound.

You think, “That isn’t cheap,” and it must have been parked there for a long time because it’s on Google Maps. How much were they paying to have that there the entire time? A huge amount of money. That gives you a sense of the scale, both of their operation and how much money they actually have.

Is it that the local governments just don’t have the resources to tackle it? Or are they being paid off? Or is it, “Well, they didn’t scam anyone in our country, so there isn’t a ‘crime’”?

It’s a mix of all three of those things. I think in the case of some of the Middle Eastern countries, through diplomacy, they now have started caring about this. That particular compound I’m talking about, Jim’s got a fantastic video now where you can see the largest mass arrest in UAE history of the people in that compound.

There are about 2,000 people who all get arrested at the same time. They actually raided the compound and shut it down. I think in some parts of the world, that’s extremely rare, that situation I just described.

I have a line that I say about this. As far as collaborative investigations go between law enforcement in the UK and law enforcement in India or Pakistan, as far as I’m aware, there is one example of a scam call center being shut down in the last 10 years. That tells you a lot about where the situation is at, and I think it’s because of those three things that you said.

It’s very difficult to motivate the authorities in India or Pakistan to do anything about scam call centers when the victims themselves aren’t from that country. In the situations where they do do something about it, it’s usually either because a big tech firm comes along and goes, “Here’s the money to do the investigation. These people are targeting our customers.” And then the police go and do it.

Or you find a scam compound where they’re targeting people from India or people from Pakistan, as well as people from the US and the UK or Australia or wherever it might be, then they are more willing because they can see the political capital in doing something about it. Unfortunately, I think the situation as it is is more nuanced and complicated than people understand as well.

When you talk about India, for example, you’re talking about a country where 25% of the population are classed as vulnerable to extreme poverty. That means if they don’t get paid, they don’t eat. That situation combined with them having, I think, between 15 and 18 million graduates entering the workforce every year, that’s people with university-level education entering the workforce every year, they simply don’t have enough jobs for that many trained people.

Of course in that maelstrom, you’re going to have criminals who come along and go, “Hey, come and work for us and get paid really well doing scams.” That’s going to be really difficult to resist if you are 18 to 25 years old, you’ve got a decent level of education that you want to use, and your choices are work or don’t eat. That’s a really hard problem to solve.

And if you are the government in a country like that, what’s your motivation? Why would you want to go and shut those places down who actually, in many cases, are legitimate businesses that pay tax as far as they’re concerned? They’re like I described with VRM business services. They’re a public-facing entity. They just have one floor that does scams. And they pay a bunch of tax.

If you’re the government and you think, “Hmm, our options are raid those guys and shut them down and humiliate the directors who are probably friends of friends,” why would you do it? You’re going to make a bunch of people who otherwise have jobs in your country and pay their taxes suddenly starving or looking for another job. It’s very difficult for them to make sense of that.

I really think it’s an exceptionally difficult problem to solve because of global economic conditions and diplomacy, as well as the situation I’ve just described. It’s really hard. It’s really hard.

So it’s really up to the intended victim to stop it in their case.

I’m afraid so, and that’s the conclusion that I came to with writing the book. This problem has gotten so bad that we can’t really expect anyone else to come to our aid.

We’ve got some pretty decent legislation in the UK against scams and fraud, don’t get me wrong. Last year we introduced a new thing against what we call APP (authorized push payment) fraud, where you’re basically coerced into sending money to someone that you don’t want to send money to. We now have reimbursement for that up to the value of £85,000 split between the sending and receiving bank. We basically legislated to put that on the banks to say, “You’ve got to stop this from happening.”

I think it’s a lot down to the individual. I really want people to focus on this and to understand that in most cases, APP fraud is a very specific example. There are plenty of other scams out there that people don’t need you to send money to steal your money. In most cases, you need to be on the ball, you need to be aware and on top of the information that’s out there, try and engage with it, and try and understand it. Otherwise, this can happen to any of us.

I made a film some years ago about a woman who was a clinical psychiatrist, so trained in the study of the human mind. She was groomed over three months by four different guys pretending to be the financial conduct authority in the UK. She lost half-a-million pounds.

So what’s the consumer to do? Clearly, it’s on the consumer or the individual to protect themselves. I’ve gotten more hesitant over the years to say, “Well, just watch out for this thing,” because, well, they’re not doing that anymore. By the time the person hears it, they’ve moved on to something else. What is the consumer to do? Be paranoid?

My number-one thing that I say all the time is basically to assume absolutely anything that comes completely out of the blue is a scam until proven otherwise. I apply that to phone calls, text messages, emails, direct messages on… Share on X

My number-one thing that I say all the time is basically to assume absolutely anything that comes completely out of the blue is a scam until proven otherwise. I apply that to phone calls, text messages, emails, direct messages on social media.

Whatever it is, come from the position of suspicion and go, “I think this is going to be a scam, and I’m going to take the time to do due diligence, to work out whether or not it is.”

Again, I think if you do the due diligence, you will never regret spending your time on that because it’s considerably less painful than getting scammed is. As much as you might think, “Oh, I can’t be bothered to do that. I can’t face it.” It’s worth it because the emotional and psychological pain of getting scammed is very, very, very underrated.

So what’s the due diligence that people should be doing?

I haven’t asked you a question, have I?

I’ll ask it again.

For example, with a phone call. My first approach with a phone call out of the blue would be to say to the person, “I don’t know that you are who you say you are, because honestly, I’ve got no way of telling. What I’m going to do is I’m going to hang up and I’m going to call back whatever organization it is you claim to represent by going on a search engine, finding their official website, and taking the number off there.” If it’s your bank, you just look at the number on the back of your card.

That’s the only way you can be sure that you’re actually speaking to the correct person when it comes to a phone call, because they can spoof numbers now, they can spoof names of businesses. A lot of scammers are very convincing impersonators. They might have a bunch of personal information that makes it seem like you’re talking to the bank. Calling outbound basically is the only way. Doing your own little bit of research to make sure that you’re actually going to end up talking to the right person.

When it comes to text messages, again, it’s pretty obvious stuff. Look at the text message. Has it got a URL in it? If the URL is there and it’s shortened, see if you can hold your finger over it just to get it open just so that you can see what it might be like when it expands. Don’t open it entirely because obviously you might end up going somewhere or getting something onto your phone or computer that you don’t want.

Equally, if it says it comes from a particular business, get onto your computer or go onto your phone, go on Safari, open Google, pop in the name of the company, and then check their official website against the URL that you’ve been sent.

Obviously, it is pretty easy to tell whether or not it’s company-name.com/payments or whatever it might be. Whereas if it’s some scrambled version of that that doesn’t actually contain company-name.com, then you can be sure that you’re about to get scammed.

With emails, generally speaking, I practice the same as what I do with text messages.

With social media, it’s a little more difficult because a lot of the time in the social media scam world, you’re soliciting messages. It’s harder to, say, just assume anything out of the blue is a scam until proven otherwise because it might be, for example, that you are in some dating group or whatever, and you’re basically asking for people to message you because you want to find someone. In that case, my number-one rule is if you’ve never met this person face to face, do not pay them money. That’s generally, I think, a very good rule to live by.

Starts to get more complicated when you’re talking about buying and selling things on social media. Obviously, then you need to do even more due diligence to work out whether or not they’re a legit buyer or a legit seller, and that gets a little more complicated.

Even these days you can’t even say, “Was their profile created three days ago, and does it have two AI photos as the only two photos on the profile?” These guys hack profiles now and use legit profiles knocking around for years with loads of people’s pictures and friends and stuff. I think just be very, very careful. My rule is when I’m buying and selling on social media, don’t deal in more money than you’re willing to lose.

Don’t buy something online if you can’t afford to pay for it and not get it.

Exactly. A lot of that—apply that rule to crypto as well. Basically, if you want to invest in cryptocurrency, fine, up to you. But don’t put in any more money than you’re willing to lose in its entirety.

In producing this show, did any of your investigations ever go wrong?

We lose people to scams, yeah. We’ve broadcast a few episodes where we don’t win. I think it’s just important for people to see that we are not magicians. We have this really interesting superpower which allows us to stop scams from happening, which is amazing. But there are times when we don’t win.

There’s one I can remember in particular, which was a guy who we tried so hard to get in touch with over a number of hours. In his particular case, the scammers had remote access to his phone. They’d established remote control of it as well. We were trying to contact him for several hours to tell him he was being scammed, including sending him text messages saying, “This is a scam. You need to end the call, and we’ll explain more.”

We don’t usually do that when the scammers have remote access because we don’t want to give away to the scammers that we’re able to listen to the call, but in this guy’s case, we really relentlessly tried. I think we were reaching the end of our filming run, so we didn’t mind so much about potentially losing the access because we were due to finish filming anyway. So we really threw caution to the wind by getting in touch with this guy.

He was not a wealthy person. He was a second-generation immigrant to the UK. He worked hard and he had about £1,000 in his bank account, and they stole all of his money. Every last penny of the money that he had was gone.

I remember speaking to him afterwards, and his first instinct was, “What am I going to tell my landlord? I don’t have any money now, and I have to pay the rent in three days.” I didn’t know what to say to him because obviously I’m not used to losing in that situation. I’m used to getting people on the side and saying, “Hey, look. That was a scam. You need to call your bank right now and tell them what’s happened, but at least you haven’t lost money.” But in his case, I was just speechless. I didn’t know what to say to him.

His example, I think, hammered home to me how profoundly terrible the effect of being scammed can be because he was so scared. He didn’t know what to do. He didn’t know what his next step was either. Thankfully, we helped him through the process and we eventually did manage to get him his money back.

The scammers have done a classic thing they do all the time in the UK now, which is where they’ll set up a middleman account in that person’s name, send the money to the middleman account and then send it to themselves. Basically, we just got him to turn off his phone before they’d sent it from the middleman account to themselves.

Eventually, we managed to get the company that the middleman account was set up with to send it back to him because he didn’t even understand that he had a new account. They cleverly coerced him through it. But that was a really, really, really tough one.

I had another one with a guy who only lost £30, but that £30 sent him to a food bank for the first time in his life. He couldn’t eat because he lost £30. That was tough as well. That was really difficult. I interviewed him afterwards, and that was a really difficult interview.

It doesn’t matter whether you’ve lost £30 million or £30. That can mean a huge amount to you. -Nick Stapleton Share on X

That probably made clear to me for the first time just how much different amounts of money means to different people. It doesn’t matter whether you’ve lost £30 million or £30. That can mean a huge amount to you. He’d been through a lot, that guy, as well. He’d been through cancer treatment and he was in remission, but he was still taking medication. He also didn’t know how he was going to afford his cancer pills. That was tough. Very, very tough, indeed. Probably those two stick out more to me than any other.

Was there a challenge that some people assume that you were a scammer when you’re telling them that the other guy’s the scammer?

I’m nodding furiously. Yes, all the time. All the time, and much more when we first started making the show than now. The show’s been around for a few years now and people know that we exist. We’re a daytime show on BBC, and we’ve been broadcasting primetime quite a bit as well, so we’ve gained a bit more notoriety now than we had at the start.

I think that helps us a great deal because now when we say who we are, people go, “Oh yeah. I know that.” Then that gets them on the side much quicker. But when we started, there were a lot of situations where people would go, “Well, how do I know I’m supposed to believe you? How do you know this?” They couldn’t wrap their brains around the idea that we knew what had happened to them.

It is quite unnerving when you think about it, the idea that one day you’re on the phone with someone who’s telling you that you’re about to be arrested if you don’t comply with what it is that they want you to do. Then the next minute you get a phone call from somebody else saying that they’re a journalist working for the BBC and that person’s a scammer. It’s really hard, really hard.

Yeah, because the risk is, well, if I trust you and you’re not really with the BBC, then I’m going to go to jail. The consequences are both very different, one way or the other.

But I think the other really important point to make here is that when you do this thing, your timeline for success as me or one of my colleagues trying to persuade someone that they’re about to be scammed, is, I reckon, at most, 10 seconds. Basically, once you get them on the phone, if you don’t get their trust in those first 10 seconds, they’re gone.

Why is that? It’s because the scammer’s timeline for success is probably ours. They’ve been on the phone with that person for a long time by the time we speak to them, and they’ve crafted a very believable world that person is currently existing in.

If we can’t get them in that first 10 seconds, then of course they’re going to go back to that incredibly believable world that the scammers created for them, because the scammers had ages to do it. The difference between those two things is very difficult.

We’ve cultivated a very specific set of words that we say that involve saying the word scam very early. Because a lot of the time, the moment you say the word scam, you hear a change and you hear the person draw a breath or go like that because they suddenly click. Just that word in as early as possible is always very helpful.

Interesting. If people around the world want to watch Scam Interceptors and they’re not in the UK so they can’t watch it live, are you streaming on any particular services that might be available outside the US?

We have clips of the show available on Instagram and on TikTok now. After four years of asking, we finally got our own official social media accounts, which have proved very popular so far. People seem to love it.

We put short clips just to tease you into watching the show on there. If you wanted to watch it in any official way internationally, there’s a service called BritBox, and I think it’ll be available on BritBox. I’m not 100% certain on that.

I would obviously never condone downloading a VPN provider, then using a VPN tethered to the UK and watching it on iPlayer, but it is all available on iPlayer should you wish to do something like that. There was some person who loved stealing our IP previously who put it all up on YouTube. But the BBC’s cracked down on that really hard now.

A copyright strike being used properly in this case.

Exactly. That is much harder to do now than it was before. It used to be that all of series one, two, and three were on YouTube, but they no longer are, I’m afraid.

And where could people find your book?

My book is called How to Beat Scammers. It is available on Amazon in Europe, and it’s also available at most bookshops. In the US, if you wanted to buy it on Amazon, you can buy the Kindle version. If you wanted to buy a paperback, you can go to your normal bookshop and just tell them the name of the book, How to Beat Scammers, and they’ll be able to source it for you. My publisher actually makes the books in the US, so there are definitely copies of it there.

And you also have a podcast?

I do. I have a podcast called Scam Clinic, which I make with my wife who is a podcast producer. We made our first series last year, and it went down very well with a very nice review from The Guardian newspaper.

Basically, what we do is we interview a person who’s been successfully targeted by a scam in every episode. You get the, obviously, emotional background of what it’s actually like to be scammed.

But then, where possible, we start our own investigation. We try and track down the person who scammed them, and then we try and interview them as well. That’s the goal of every episode is we talk to the person who’s lost the money, and then we find the person who stole it.

Sounds very labor-intensive.

It’s pretty hard, yeah. It’s pretty hard. We did a great episode last year that I recommend everybody listens to as well called “Conversations with Scammers,” which is where I had two very long, very in-depth conversations with people who run romance scams for a living. But that is more a conversation about their lives. I wanted to understand a bit more about why scammers do what they do.

That “Conversations with Scammers” episode is particularly fascinating, but if you want the more investigative end of the spectrum, start with episode one. The scammer we speak to in that, you will not believe what he has to say.

Cool, and all this you promote on your Instagram account?

I do, yes. I’m @staplenick in most places. My name being Nick Stapleton, I squeezed it into a funny shortened version. Instagram is the one I use the most, and I do anti-scam content there. I do a bit of consumer stuff as well, where I dig into companies who are, I think, are behaving badly. That’s probably where I do most of my social media circuit. If you want to follow me, that’s the place to do it.

Cool. Nick, thank you so much for coming on the podcast. We’ll make sure to include the links to all of those in the show notes.

Thank you so much, Chris. I really enjoyed it. I look forward to hearing it.

Thank you.