Scammers have used our systems against us, like shipping, rental cars, and rental homes. They’ve learned how to stay off the radar and, in order to stop money laundering, we need to address fraud one step at a time. Today’s guest is Pierogi. Pierogi protects the innocent and vulnerable from internet scammers through his channel Scammer Payback. He exposes these criminals and helps victims through his technology and cybersecurity knowledge.“Scammers are using our systems against us.” - Pierogi Click To Tweet
- [1:07] – Pierogi shares his background and how he got into cybersecurity.
- [4:25] – His drive to help people and get back at scammers is why he started Scammers Payback.
- [6:03] – Scammers can get access to a bank account and ruin everything.
- [8:32] – Pierogi shares one of the projects he worked on that actually resulted in an arrest.
- [9:56] – Scammers know how to stay under the radar.
- [11:31] – Those involved in organized crime consider their victims as customers.
- [14:32] – Pierogi describes how a well-trained scammer can cater their manipulation to each individual situation.
- [17:26] – It’s a numbers game. At some point, a scammer is going to connect with someone.
- [19:04] – Scammers can learn so much about you on the internet that makes their false claims that much more believable.
- [20:56] – A lot of the time, scammers know when to give up and move on.
- [22:18] – Never send a text message of any type of personal identification.
- [26:11] – Focus on the mental aspect of this.
- [27:52] – Employees at different stores that sell gift cards are on high alert and typically do not sell certain numbers of gift cards.
- [30:14] – In some cases, banks are even calling out possible red flags.
- [31:31] – Financial institutions can use technology to determine behaviors that are not normal for you to indicate possible fraud.
- [33:29] – Hackers are using known processes that are good but for bad purposes.
- [34:58] – Major corporations have a budget for cybersecurity but regular people don’t.
- [36:28] – Phone carriers are trying to do more to prevent scam calls.
- [38:03] – While playing different roles, Pierogi shares that he actually “married” a scammer. He shares some of the craziest things scammers have done.
- [39:32] – Pierogi is also learning different languages so he can learn more about where scammers are located.
- [41:39] – A lot of the experiences of the victims and how scammers talk about them makes Pierogi emotional.
- [44:40] – These experiences are sometimes hard to listen to.
- [46:28] – A lot of people say they’ll know immediately if they are talking to a scammer, but it isn’t that simple.
- [48:54] – If we know this information, we need to talk about it to others and educate.
- [51:16] – Scammers are very good at what they do. We portray them as silly, but they are very intelligent and convincing.
Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.
Links and Resources:
- Podcast Web Page
- Facebook Page
- Easy Prey on Instagram
- Easy Prey on Twitter
- Easy Prey on LinkedIn
- Easy Prey on YouTube
- Easy Prey on Pinterest
- Scammer Payback on YouTube
Pierogi, thank you for coming on the Easy Prey Podcast today.
Thank you for having me. This is an honor to be here. I'm stoked to be here. I'm excited, and happy Monday to you.
Happy Monday to you as well. Can you give me a little bit of background about—I know you don't necessarily like to publicly disclose who you are—but a little bit of background in your cybersecurity and how you got into your YouTube series.
Let's just say, out of college, many years ago now it feels like, but over a decade ago, I'm doing help desk IT work and doing things like imaging PCs, hardware, and troubleshooting. I get all the tickets and go fix whatever problems.
To the core of me, one of the things that made me really happy and joyful in my work was helping people; it always was. If somebody has a problem, I want to be the guy that went in and fixed it and solved the problem. That's always been to the core, even in my university work. It was a data problem. How do you solve problems? I always enjoyed that. If something is broken, how do we fix it?
That led me over time into infrastructure, and then I moved over to security because I thought it was just such an interesting topic. I started working for some big box security companies that maybe a little bit more legacy, not as advanced as what we see nowadays but working for some legacy companies out there, working in security, doing endpoint security, data loss prevention, things like that, and then moved into the startup world, so some of these next generation-type startup companies, really fast-paced.
I learned a lot around the idea that you can't keep up with this. It's really a matter of time. Especially in the enterprise space, it was a matter of time before these companies were getting hacked. But I learned a lot of fundamentals of how to secure organizations, what it meant to do that, and what the implications if you did not do that.
Security became a priority, not just a conversation. It was at the board level. I had some really cool conversations with government officials, CIOs of states, and I was sitting at the table with a lot of really interesting people that are solving really big, real-world challenges. You think about hospitals, what the impact of security means for hospitals, and saving lives and protecting lives. Or one ransomware attack could mean a lot of lives lost.
I learned a lot of valuable information from that side of the house in the enterprise space. It really led me a couple of years ago to the scam-baiting world, that's what they call it. I remember seeing a few videos, and I thought it was so interesting that these scammers were doing this. We've heard about scams. We've gotten the robocalls before, but really did dive into the intricate details of how these guys work, what goes on in their minds, and their whole process because this is a business for them.
As I said, let me fire up my computer. Let me start making some calls with these guys. That was in May of 2019. Here we are sitting here today doing this. I have since left the enterprise security space and am focusing on trying to protect people now. I'm doing that every single day on YouTube.
That's awesome. Was there a precipitating event or something that triggered you to want to do this that sparked your interest in the scam-baiting aspect?
It really was just a curiosity, I don't know. Coming in and seeing how they would react to me, I thought I could put these guys and gals through some different loops as well, make them do some different things. Also, just with my experience in security, I felt like it was a good fit for me now.
A lot of people have asked if I've ever been scammed before, if I've ever had family members. No. The closest was my grandmother. It was actually a US-based scammer. A lot of people think that there aren't scammers in the US. There certainly are. There was a US-based scammer, and they call up the elderly, especially in Midwestern states. My grandmother's out of Minnesota. They called her up and said that I was in jail, and I needed legal fees and all that.
She was going to get her debit card. Thankfully, my aunt was there. Her daughter was there at the time going to get groceries for her because she's a 90-year-old lady. She didn't have her debit card at the time, while she would have gone and given the information and been out tens of thousands of dollars.
I've heard so many stories, and it continues to reiterate and continues to give me purpose as to why I do this. I get probably hundreds of stories from $2000 to $200,000. It really doesn't matter. There's a lot of pain, not just financial pain, but emotional distress that people go through, that continues to fuel me every single day.There's a lot of pain, not just financial pain, but emotional distress that people go through, that continues to fuel me every single day. -Pierogi Click To Tweet
It's the very similar interactions that I've had in thought process, seeing people lose their life savings, their homes. It's a very motivating factor that I need to do something, I need to educate people. I need to do something in a way that I can give back, help, and hopefully prevent someone else from losing it.
For sure. This isn't like somebody smashed your window and took a TV out of your house. Our bank accounts are very personal to us. It's our livelihood. These scammers are getting access to this, and they're taking everything.
Again, my goal every day is, how do I protect people? How do I save people? Not just how I go after scammers, but how do I save people? How do I make sure my next-door neighbor who's by herself and 90 years old doesn't get scammed? That stuff, that's really, really important to me.
I love that. You recently published a collaboration with Mark Rober, Jim Browning, glitter bombs, and taking it to the scammers. You are playing and toying with them. How did that come about? Can you tell the audience about that?
First off, Jim Browning and I are good friends. He's a class act. I love working with Jim. He and I have a personal relationship. Both of our channels have grown. We've just been buddies. We can text or talk on the phone and have some laughs together. Big shout out to Jim.
Mark Rober as well, everyone knows him for his glitter bombs and all the incredible videos he does on YouTube. I got a call from Jim. They're like, “Well, we know that you're able to get these packages a lot.” I've done some other videos where I will confront scammers. I'll confront these money mules that are out there that are collecting these packages because I think it's such an interesting process that this is happening.
The scammers are using our systems against us. They're using our shipping, whether it's FedEx, UPS, or USPS. They're using Airbnb. They're even using our startup companies that are out there. They're using Airbnb, they're using rental car companies, they're creating multiple cell phones with burner phones in it, and they put this system of money laundering in place. I really wanted to highlight that.The scammers are using our systems against us. They're using our shipping, whether it's FedEx, UPS, or USPS. They're using Airbnb. They're even using our startup companies that are out there. -Pierogi Click To Tweet
When I got the call from Jim and from Mark, I was like, this is a perfect opportunity to do that, because I could give Mark a lot of packages. That's what we did. We send about seven or eight packages over time. He had […]. We had the fake FedEx stuff, dropped the package off, and the results show what they show.
In addition to that, it was really interesting, because we had that glitter bomb package that was a fake delivery. There were other packages tied to one of the glitter bombs to that Airbnb address. The person actually was held responsible and arrested, which I think could have been the first arrest in the United States from anyone in the scam-baiting community.
I was really proud of that because that project was about a four-month project. A lot of phone calls, a lot of scam-baiting. We're actually starting to get some results and show some people things. There's a big interest, I believe, moving forward not just how do you protect from scam calls, but what is this? There's some intrigue about this money laundering that's going on in the US under our noses that the scammers are using.
Do you see a point where law enforcement or the FBI will actually have people in place like you, Jim, and Mark to some extent, that just becomes a part of law enforcement that they're going after this type of fraud?
I think it's two things. One, it’s resource-constrained, where you put resources with your local law enforcement or at the federal level. What resources do you put towards it? Two, it’s not big enough for a lot of people to have radar. The government or even the big box company that sells gift cards, it's not big enough on the radar because the scammers work by the death by a thousand cuts mentality, I believe. They're not just laundering over $100 million at a time. They know how to stay under the radar.
You have to collaborate with banks. You have to collaborate with the big box companies. You have to collaborate with the government, local and federal. I would hope there could be some type of task force, but you look at other issues that our government faces, whether it's human trafficking, or even drug trafficking that goes in and out of the US. And those are very difficult things to stay ahead of. It really, really is.
I'm happy to partner with anybody that wants to help fight this. I'm sure Jim is as well because he sees it in the UK a good bit. I'm happy to partner with anyone to help bring some solutions to this. It's going to be a long process, I think, to get this under control.
I think scammers will always find a way to separate people from their money, because that's what they've chosen to do as a line of work, so to speak. Can you take a step back and give us a high level of how these scams work, where do they start, and how do they unfold?
I think it's an easy barrier to entry. You look at a business, you have to think of these as businesses. They call their victims customers, for goodness sake. It's crazy in and of itself. They've trained their employees.
They have the system; they’ve trained them. They give them scripts, and they beat it into their minds that these are customers, and a lot of times, that they're helping them. These people believe half the time that they're actually helping people, or they actually do work for Amazon or whatever it may be.
It starts a lot of the time with, like I said, that low barrier to entry. The hiring process is easy. It's very inexpensive to hire these folks to be in these call centers. All you need are a few computers, internet access, the software that they're using. They use pirated software, and then they use free software, like you need to ask for TeamViewer the remote software that they remote into the victims' computers.
I think that's something that we had to think about from the beginning. That could cut down a lot of the scams that are out there by figuring out and making it more difficult for them. If you got a computer at home, they can sit at home even during Covid and scam people.
From there, then it goes into setting up phone systems. They use these virtual phone systems that they're accessing through the web. There are different types of software that are dialers and things like that that do these robocalls for them. A lot of the time, these calls are going later at night. In the afternoon, they're leaving voicemail so that the next day, they've got people hopefully calling in. You've got this huge call list that's coming in.
From there, the scammers usually have a frontline scammer that goes off of a script. Their goal is to connect to the victim's computer, that’s all their goal is. Tell them what's going on, keep them on the hook, be good enough for that, and personable there. Whether you're Amazon, Microsoft, PayPal, you name it. Apple’s another one. Cash App’s another one. I'd say know the scripts, know who you're talking to, know who your victim is, get connected to the computer, and then pass it along.
In particular, like the refund scam, I work with these a lot where the robocall is, “Hey, we're Amazon and there's a fraudulent purchase on your account. Call us back as soon as possible.” That's a really hot one right now. The victim calls up, because a lot of people have Amazon. Everyone's got Amazon Prime.
I didn't order an iPhone 11. Who would buy an iPhone 11? The 12 Max is out now. I didn't order an iPhone 11 for $1200. I want my money back, I didn't do that.
The second-line scammers are more of your senior-level scammers. They know what the heck they're doing. They're usually pretty proficient with computers. We have to give these guys credit as well. I know a lot of times, scambaiters want to depict them as goofy. I've done it before. I fall into that crowd where they're just goofy people on the phone that don't know what they're doing, but they're pretty well-trained. They do know what they're doing.
These senior-level scammers know how to work their way through these bank accounts. They'll go in, essentially, and then they'll tell their victim. They'll manipulate it based on how much is in their account.
Let's say you had $5000 in checking and $20,000 in savings, and you wrote a $1000 refund. From there, they're going to try to target $10,000 based off of your account. They'll take $10,000 from your savings, move it up to your checking, and then they will manipulate your bank out and make it look as if they have given you an overcharge. Instead of getting $ 1,000 back, you got $10,000.
The acting comes in where they're like, “Hey, ma’am. Oh my gosh. You put in an extra zero or two extra zeros.” They're like, “Well, actually, this is your fault. This isn't our fault. You did this.” Then you start to see some of the emotional manipulation that goes on and put yourself in the shoes of an 80-year-old grandmother who isn't really proficient on the computer, and you have a recipe for disaster.
From there, they put some mechanisms in place on the computer to lock you out. They'll either add new users onto the device. If it's a Windows 7 system, which everyone knows it's the end of life, but still, a lot of people are still on Windows 7, unfortunately. They'll run a thing called Syskey, which is an encrypted password that's essentially outside of your user password, that will pretty much lock up your system.
They put these kinds of things in place. If they do it to hold your computer ransom, if somebody were to become smart, you'd be like, “Hey, I know this is a scam, blah-blah-blah.” They’re like, “Well, your computer's locked up now. You need to give me money or else I won't give you your computer back.”
It's like the plan B scam. “If I can't directly scam you, I'm now going to ransomware you.”
Exactly. “I'm going to hold your computer hostage.” By the way, everyone, if you ever have been Syskeyed by a scammer and you're like, “Oh, my gosh. This happened.” Try 123456. They use that password a lot. That's one of my little hints for everybody.
I've been Syskeyed a lot of times from scammers and I'll do 123456, and it goes back into the system. They'll hold your computer ransom. From there, there are a couple of ways. Then it goes into the money phase of how the scammer gets the money back. They typically work in gift cards, which we've talked about a little bit. That's an easy way for them to stay under the radar.
I've seen a lot based on the dollar amount. I've seen a lot where they're having you transfer money to bank accounts in Thailand, or else they'll have money mules in the United States where you'll send a parcel, you'll send a package. They'll have you wrap it up in aluminum foil and all this crazy stuff, and then send it to somebody who will then launder the money. It's a crazy process. A lot of people tell me, “How would anyone get scammed like this?” It happens every single day.
It seems having talked to lots of people about scams for the podcast over the last year, there's always that emotion. There’s the urgency. There’s the authority. You just get people caught up in those three things. It's just a matter of time before someone, like you said before, it's a numbers game. Someone's going to slip up and, “OK, let me do that. OK, I'm tired. I'm worn out. OK, fine.”
You hit the nail on the head with regard to the emotion piece of it. I haven't even talked about the Social Security scams, and they have multiple levels to them. The first person is the SSA officer, and then they move into the DEA. It's just like the refund scam. The first-line person that connects your computer, they pass it off to the other one that that person is responsible for getting the money.
That one is such a scary one. On that one, you could be 18 years old. There's a report out of state where a university student lost $30,000 to the SSA scammers because they're like, “Well, I didn't do all that money laundering.” They got nervous. These scammers know where to tighten the screws on people emotionally.These scammers know where to tighten the screws on people emotionally. -Pierogi Click To Tweet
I've got text messages, harassing messages from scammers. When I'm not giving them their money back, they will move to harassment. They'll tell you that they're outside of your house. They'll tell you that they know everything about you, which can be true if they have your phone number. They're doing reverse searches on your phone number. They're looking up your name, your address. They're looking at everything about you.
That is another scary part that I tried to highlight in my videos. These scammers know a bunch. They know your husband, your wife, your kids, your parents. They know everything, and that's the power of the Internet, which makes it scary.
You previously talked about the grandchild who's been arrested for a scam. “Hey, your kid has been arrested,” especially with Spring Break starting back up. “Hey, your grandkid went down to Mexico and got caught up with some of the wrong people. He probably really didn't do anything wrong, but he's in jail and he needs to be bailed out.”
You've got the Social Security Administration, which I've gotten a variety of different ones from those. “Your account has been locked because of fraudulent activity. Someone's been using your identity without your permission.” What are some of the other SSA ones?
The voicemails I get are around that like the fraudulent. “There's been some fraudulent activity,” or whatever it may be. “There's a lawsuit that's against you. Call us back immediately.” Some of the ones I even get where it says like, if you're at work, you need to get home immediately. The scammers are so confident that they believe they can just bully people.
Like you said earlier, it's a numbers game. If they're doing two million calls, and maybe 10% of those people either call back or pick up, and then 10% of those people that call back or pick up actually fall victim to the scam and all. It really is a big numbers game for them. They know which responses they get from doing different tactics. They've done it so many times. The one that always gets me is the lawsuit against your name. That one gets people pretty, pretty nervous.
Yeah, I've gotten that call. I'm like, “What is the lawsuit about?” It's funny. Once I started asking questions, at least with the ones that I've talked to, they hang up pretty quickly. They must be used to people not pushing back at all, or they know who not to waste their time on. It's pretty crazy.
Again, when I say scam-baiting, these are people that are on their own accord, calling up scammers themselves and trying to mess with them, waste their time, et cetera. There's a huge community of people that call up these scammers. Again, please, you might be ticked off at them, but if you're not safe, don't just start calling up scammers. Warning please, don't do that. Like I said, they've got a lot of information on people.
I had one call on my personal cell phone, he knew my first and last name and everything. They know information on us, so please. A lot of scam-baiters will call these SSA scammers, because the SSA ones are very ruthless. They're vicious and they're angry. They work a lot of hours and they're agitated. They know when someone's messing with them, and they hang up quickly.
One of the things that they do as well—this is a tip for folks—is they will ask for your ID. They'll have you scan your ID and send it to them if they think that you're a victim. They will try to get that information as soon as possible. That's a big red flag. If you're talking to the government, and they're having you take a picture of your phone and text message, send a text message of your photo ID to somebody. The government is not going to ask that.
PSA announcement, don't send photos and pictures of your passport, your driver's license, your Social Security card, and any type of personal ID to someone claiming to be from the government.
Correct. You're not going to get a texting relationship with the government with some random phone number.
You mean the DMV is not going to text me?
I know, right? I try to tell people as well, think about sitting at the DMV, and you're there for three hours or whatever. Now, you've got the government. They're so advanced, where you're going to be texting them. No. We're not that advanced yet. Even though we have great information systems in our government, and we have incredible technology, we're not going to be texting the government our ID and everything.
Your local DMV person is not going to reach out to you and let you know your driver's license is expired.
I'll give you a funny story behind that. At one point, I was going somewhere. My truck had gotten stolen. They found it, and I got it over to a place to get it repaired. They're like, “OK, we've got a car rental place on site here so we can get your rental car through your insurance.” I give them my driver's license, and they're like, “Oh, your driver's license is expired.” I'm like, “How can it possibly be expired?”
Of course, you can't rent a car on an expired license. They go, “No worries. There’s a DMV six blocks down, we'll have someone drop you off, and you can take care of it.” I go down there, wait in the lines, and all that kind of stuff and say, “Hey, I never got the notice about my driver's license expiring.” They go, “Oh, your address is too long.” At some point, we updated it.
“Last year, we updated the system. Any addresses that were too long, we just truncated the address.” I'm like, “I'm not going to pay the late fee for not doing that.” “No, we're absolutely waiving the late fee because we knew everybody would come in.” I'm like, “Why didn't you just fix the problem and put the right address on there?”
Oh, my gosh. One person's idea probably was like, “Yeah, we'll just truncate all the addresses that are too long, and it will save us all this time, and we'll put the burden on everyone else to have to come in, versus just fix the dang problem.”
Government institutions don't necessarily think of what's expedient, and convenient.
Yes, and they want to do the complete opposite, like how do we make this as inefficient as possible?
I'm curious to get your feedback on this, I had a previous interview with Jim Browning. I think he talked about how the scammers are now starting to coach their victims in terms of, “Don't talk to your friends. Don’t talk to your relatives. When you're going into 7-Eleven to pick up your gift cards, here's what you need to tell them.” Are you seeing that thing as well?
Yeah. From my experience, this is just as much a mental thing as a technical thing. That's why I try to show people in my videos. Even when I stream, I stream a bunch on Twitch and on YouTube.
One of our recent YouTube streams, there are almost 12,000 people in there. I'm trying to tell everyone, focus on the mental aspect of this as well. Focus on the mental cues as to how these scammers—because they have been taught how to do this. They've been taught to coach the victims.
They do go in and say, “Hey, if somebody asks you”—because now, Target or Walmart are getting better, and they're saying, “You can't go and buy a card for Amazon. Why are you going to Walmart to buy cards for Amazon?”
The scammers are saying, “Well, tell them that it's for personal use. Tell them, if you need to send $40,000 to a bank in Thailand, it's because you're opening a business, because the bank is going to be like, ‘Why are you doing this? Why are you sending this money? Why do you need to get out all this money? Your account has $40,000 in it, why are you taking all the money out?’”
The scammers know that there's going to be this pushback. The victims, unfortunately, are listening. They're scared. The scammers will tell them, “Don't even tell your husband or wife.” That's how scary and how personal this gets for the victims, because they don't want anyone to know. Especially the SSA scammers, they'll tell them that, “We will know if you tell anybody. We're watching you, we're listening.”
I think a huge aspect of this is the mental manipulation that the scammers are putting their victims through. Again, when you get a target, and the person hears that you need to buy $3000 of gift cards, and they push back on it, they're like, “No, no, this is personal. I'm buying a present for my grandson or whatever it may be, but I will give a lot of credit.”I think a huge aspect of this is the mental manipulation that the scammers are putting their victims through. -Pierogi Click To Tweet
I hear a lot of stories where the person that works at CVS, hears the grandpa that's going to get all these cards and they said, “No, that's a scam.” You'll hear that a lot more, and we need to hear more of the stories. The scammers will eventually evolve. Right now, it's don't tell anyone, don't tell anyone. They'll figure out a way, but they don't tell anyone. Tell them it's personal is really a common tactic they're using.
I know. I was talking with someone whose parents live in a retirement community. Across the street from their retirement community, there's the 7-Eleven or the convenience store, whatever it is. They say they have people coming in there every single day trying to buy ridiculous amounts of gift cards. Because they're right next to the retirement community, they're like, “No, if you want more than $50 of gift cards, we are not going to sell them to you. You need to tell your kids. You need to talk to some friends. Talk to the workers at the senior care facility, because this is a scam.”
I'm glad that some businesses are getting smart about that. I was, awhile back, sending money overseas to a family member. It was the first time I had done that. I set up the wire transfer, I sent it, and the bank called me the next day and was like, “Hey, we noticed you're sending a wire transfer and we're holding it. Can you tell us why you're sending this money?” I'm like, “Oh, just helping out a family member overseas.” “Are you sure that you're talking to your family member?”
I started talking with this woman, and she was so good about it. “Look, we know there are a lot of scammers, and they're telling people not to say that they listen in and they know.” “Trust me, they're not listening in on this phone call.” “Did anyone tell you to send this money?”
I was so excited. She was relentless about not taking my first, “Oh, yeah, and I'm sending it to a family member.” She did not take that. “Have you met them in person? How did you communicate with them?” She was relentless.
I was telling her, “In a sense, it's really annoying, but I'm so glad you're doing this, because so many people fall victim to this. If more companies push back and just ask questions, I think it would help reduce the issue.”
That's amazing to hear. I think also with the investments of these big banks, the Wells Fargos, Bank of Americas of the world, they invest in cybersecurity to protect their infrastructure. I would assume there's some type of AI that's watching all these. There's got to be something that's watching all these accounts that's popping these red flags like Christmas trees.
It would be really cool to have conversations with those banks where it's like, “Yeah, you do have an internal fraud department, probably, that's watching over this, these wire transfers, et cetera. There's got to be some type of algorithm as well that can show why this person goes to Target and keeps dropping $1000 every couple of days or something like that?” It's like $1000 on the dot because it's $1000 of gift cards.
Scammers are adapting as well. They're not just trying to do that big wire transfer. They'll have you get $1000 here at Target. They'll have you go get $1000 at Walmart. They'll have you get a Best Buy and get $1000. They're spreading it out. They're staying under the radar. I love hearing times where the banks are calling with these things. That's amazing to hear.
The technology has got to be there from the financial institutions side to be able to at least red-flag some of these transactions. I have absolutely gotten the credit card numbers float around and get used left and right. But I get more transactions that are stopped by the entity than by the financial institution, the ones that actually get through. It always makes me wonder.
There was actually one that, I forget whether they called, emailed, or it may have even been through the app that I got an alert saying, “Hey, we think there's a fraudulent transaction at a big box hardware store,” which was 10 miles from my house or less than 10 miles from my house, which caught my attention. It's a big box store that I would normally shop at, yet for some reason, they flagged this specific transaction as concerning. They blocked it.
I obviously did not click on the link in the email or wherever it was. Even if someone called me to tell me that, I'm like, “Let me hang up and call you back.” I called the number on the back of the credit card. For one, I wanted to confirm that I had the card with me because it was a local charge. I called back and they're like, “Oh, yeah, yeah, it was at your local store, and it was a legitimately blocked transaction.”
They're obviously able to detect things that are suspicious. I don't know what was suspicious about the transaction. I had a store really close to where I normally shop. We know it's technically possible.
For sure. I think you draw parallels even in the endpoint space, trying to go enterprise and consumer here. In an anti-virus, it used to just be a bad file, you write a signature for it, and then everything is like, “Is this good or bad?” In security, we all know that that's not the case anymore. You can't just say, “Everything is good or everything's bad.” Hackers are using known processes on windows that are good to do bad things now, so you can't just say everything's good or bad.
When you look at AV stuff, there's a behavior base. People are looking at behavior analytics, you're looking at sims that are correlating all this data. My assumption and hope is that financial institutions, credit card companies, are starting to look at, “Wait, this is way out of your behavior. Even if it's local, this is way out of your behavior. Did you do this?”
I got an email one time. Actually, it wasn't a behavior, just a random thing that I got this charge from Target. It was up in New York, where I do not live. I'm like, “What the heck? Somebody hacked my account or something or whatever?” But I got at least a notification that something was happening. I went and checked it out. My credit card company fraud team was amazing around that.
Again, more behavior-based stuff. This person doesn't go and spend all this money at Target all the time. Again, it goes back to who's the one that's supposed to be watching over? Is this a service you pay for? Is it the credit card company? Is it your financial institution? Is it the actual vendor? Is it Target? Is it Walmart? Whose responsibility? Or is it just on us?
That's the challenge. Major corporations have budgets for cybersecurity. My grandparents didn't have a budget for cybersecurity. I don't have a cybersecurity line item in my personal budget. There are things that I do, but it's not like someone who's struggling to put food on the table and keep their bills paid is going to invest extra money in cybersecurity. “Let me replace my router that's 10 years old with something that hasn't already been hacked.”
Right. That's the future. It’s going to be hacked.
I feel bad for consumers because our ISPs are not going to step in and protect us on the Internet. Our wireless carriers aren't going to protect us from the phone calls. We're left to our own devices. I'm glad there are some corporations that are seeing that to be a good member of the community, they need to protect the community when they can. It's unfortunate that consumers are often left holding the bag on these types of scams.
I applaud some of the wireless carriers; I won't name any names. It's funny, I switched from one to the other. I've gotten more scam calls since I switched over. It's so crazy to think about the uptick in scam calls just switching carriers.
I think there are some things that the carriers are trying to do to prevent some of these calls from happening, or at least notify the person on the other line that this is a potential scam call. I applaud them on that. I applaud some of the banks and again, what financial institutions are trying to do. I talk with big box companies, those retailers. I talk with someone who works internally at one. They think that the fraud is down with gift card scams, but we all know it's not.
Again, I believe in stopping these scams. It’s all of these companies working together, and then you start to look at law enforcement. How do you work with them too? I think we're making some strides, but there's still a lot more work to be done. I want to give credit where it's due in some of these cases. I'd much rather have something say “potential scam call,” “spam risk,” or whatever, than just nothing and getting a voicemail saying I'm about to get sued.
What are some of the craziest interactions that you've had with some of these scammers?
I laugh because I've called thousands and thousands of scammers over the past couple of years, and been on the phone for hours and hours and hours and hours. I think some of the funnier ones—because I do play a grandma character on a lot of these and have my voice changer—I got married to a scammer one time. The funny thing was they had a scammer in the background. I went on a website and had him read out, “Dearly beloved, we are gathered here today.” He went line by line, and we did the vows.
It was pretty cringy because the scammer on the other side was like, “I want to kiss you, my bride,” and he's gone making these kiss noises. I'm streaming in front of thousands of people. At one point, it's just too much. I didn't know it was going to get that far. But that was really funny. I've been proposed to by them many times.
I actually had one write out a will for me. I was a grandmother and had all this money. I had him type up a will that pretty much said that I was writing out all my children out of my will, and that they were going to have to play a Hunger Games-style competition to get one of my cars or one of my houses. I mean, just some ridiculous stuff. That's been interesting.
Also, I've been learning Hindi. I'm very big on language. My wife is Russian, so I've been learning a bunch of Russian. I think immersing myself into their culture, learning the language that they speak, and the different dialects as well that they use, can help with information gathering.
India is a very, very big country. They're not often in the same area. You hear certain things and certain cues. Just by the way that they speak their language, it's been very interesting to me. I've gotten a lot of phone calls where I'll start speaking Hindi to them. I'll say, gussa kyu kar rahe ho, which means, why are you getting so angry? Or dhanyavaad, which is thank you.
To hear them flip a little bit, when that clicks in their brain that this person knows what they're saying or can speak the language to them. I'm not abusing them. I'm not cursing them out. A lot of people want me to say curse words to them, but that doesn't get anywhere. That doesn't further what my mission is.
I've had some very interesting calls where I'll start speaking Hindi to them. They ask me, “How did you know that?” I'm like, well, I know exactly where they are based off of how they're speaking Hindi, so I'll start to throw out some landmarks that might be near them. They're like, “Oh, you know that place? You know that hotel? Or you know that restaurant?” I'm like, “Yeah, I do. I've been there before.”
They try to pretend like they don't speak Hindi. They try to pretend like they're from the US. I start to slowly but surely let them know. I just released a video recently where the guy just completely flips his lid on me and is so abusive. I know the call center, and this call center is so vicious. They've been doing it for so many years that they don't take any stuff from people.
That was an interesting call, too, in every way. Even the glitter bomb ones, that have been really fun too, stringing them along and then getting some of their reactions when you send them glitter bombs.
The glitter bomb reactions are always the best. Were there any particularly scary interactions that you've had?
Yeah. I don't get scared by them. To me, personally, physically, or whatever, I’ve gotten every threat from them. Two things. I'll say the saddest ones, I get emotional, dude. If you watch a stream, half the time you will be in tears anyway. That's just who I am. It's no holds barred from me. I'm just who I am on my streams and in my videos, because this stuff means so much to me.
When I hear a victim in the background, and I hear them laughing about the victim, they celebrate these victims, just like you closed a big deal at a company, and then they're clapping. I hear that stuff in the background. Then I hear the derogatory comments they make about people. What they make about me, that doesn't bother me, but they make about actual victims. That stuff makes me sick. It really gets to me.
There are a lot of times where I've dealt with victims. I hear victims in the background. I run into these victims as I'm doing these calls. That makes me really sad. There's been so many, where you'll hear them coaching the victim. “Hey, you’ve got to get gift cards.” You feel like you're in such a helpless place. You can't do anything about it at the time. That stuff really makes me sad when I encounter it.
How do I minimize that as much as possible? Maybe I'll get access to a certain piece of information. I'll call a victim up, and they've already lost $2000, or they're in the process of being scammed. I'll get on the phone with their bank and we'll stop the scam from happening.
Two days later, he's like, “Well, I just got these gift cards at my house.” I'm like, “What do you mean you got gift cards? I thought we got them off your computer.” He's like, “Well, they went on to my Best Buy account, and they ordered $2000 of gift cards after they took $2000 out of my bank account, too.” I'm like, “OK, they ordered $2000 of gift cards. Let’s get on the phone with Best Buy and tell them what happened.” I'm like, “Don't do anything with those gift cards. Do not do anything.”
Don't read the numbers off the back to verify them.
Lo and behold, I talked with them a couple of days later. The scammers called as Best Buy and pretended to be Best Buy. Got him to scratch the cards off and give them the information on the back. It's such a helpless feeling you feel like you're doing, and this is one person. This is one grandpa that lives by himself in a retirement home and has no family.
It just crushes me, because here I am working directly with this guy, telling him this is all a scam. I gave him a password. I said, if anyone calls you, this is the password. This is a personal password for you so that if any scammer calls you and they don't know the password, hang up. He still fell victim to them even after we worked. A lot of interesting experiences like that.
The scariest one is—my hand still shakes thinking about it—there's a scammer that was trying to steal. This was earlier on when I first started. He was trying to steal a bunch of money from me. He actually had a victim he called his secretary. He had her call me up, and her voice was trembling. It was the saddest thing I've ever encountered. It's scary, too.
She said, “Yeah, I almost got scammed out of a million dollars. This guy, his name was Jerry, Jerry helped me get my money back.” I'm like, “Are you OK?” I think I got off the grandma voice. I was like, “Are you OK? Please tell me. This is a scam. Are you OK?” She said, “No, this is not a scam. I promise.”
I emailed her, I texted her, because it was her personal cell phone. I texted her and said, “Hey, if you're in trouble, please tell me. I want to help you right now.” She said no. Again, the scary thing about it is the manipulation that they put on their victims. The lady's voice was trembling. She was probably going to lose it all if she didn't help this guy.
They turn their victims into money mules. The victims actually help them. They use that against them. That's very scary when you get this next level of scamming.They turn their victims into money mules. The victims actually help them. They use that against them. That's very scary when you get this next level of scamming. -Pierogi Click To Tweet
It's extortion on top of fraud.
Yeah, it's unbelievable. I just got a chill thinking about it because it's sad.
Part of me says just don't ever answer your phone. Don't ever open your email. Don’t ever click on a link. Don’t go out to the interwebs. But we know we're going to do those things.
What are a couple of things that people can do that should be like, if they hear this phrase, if they hear something, someone says something specific, what should be that red flag that should go off in their head saying, “Oh, my gosh. This might be a scam,” that would just put them on an extra sense of alert?
I think that a lot of people talk about, “Well, if I heard someone that was on the phone that's a certain way or whatever, I know immediately.” You can’t make assumptions like that. There are scammers that are starting to pop up in the US, like I said, the grandmother scammers. Those folks are ruthless. They'll show up at your house, which is scary.
I think we have to take it upon ourselves to have that personal security, I call it. It's not just not clicking on a link to get a virus, a phishing attack, or whatever. But you have to be aware. I call it healthy paranoia as well. The Internet is such a great thing, and technology is such a great thing. But with those great things, we have the responsibility to protect ourselves.
We have to take that. Just as if we want to lock our door at night, we have to lock our minds sometimes, too. Or we have to put a passcode in our mind. If somebody does call us up, and it sounds believable, sounds legitimate, “OK, I understand that. Let me go verify.” Trust but verify sometimes. If you're a trusting person, go verify it somewhere else. A lot of the times, the scammers, if you do hang up the phone from them, they'll give up if you're earlier on in the process.
Again, we deal with Amazon every day. We deal with all these big companies—Microsoft, Norton Antivirus, McAfee, you name it. These big names that we hear all the time, we trust them. They have brands behind them. We have a brand behind Apple, we have a brand behind Amazon. We trust these companies, we trust them with our accounts, we trust them with our packages, with everything. That's a big issue because the scammers are using that against us.
When you hear the scammers leave you that voicemail or get you on the phone and go through their script, again, looking at as many sources as possible. Find the source of truth. What is your source of truth? Is it a person? Do you run it by a person?
Having another person to hear what's going on might help, because maybe we're not going to be able to block everything. I don't know. You're not going to be able to block every spam call. I think also, too, for those of us that are technologically aware and understand these types of scams, shame on us if we haven't had conversations with anyone and everyone that we can, just like we want to have a conversation about the new CD that came out that was great, the concert we went to, the movie that's coming out, who we voted for, or who we don't like.
If you have so much passion about that—this is such an important thing—have a conversation with somebody as well. Make sure your grandmother, your mother, or your brother or sister knows about this stuff, because scammers don't care what race, religion, age, sex, or anything. They don't care. They see money. You got to have conversations about it.
Yeah. I really liked the trust but verify. I think it's something that we should be talking to our parents and our grandparents about. “If you ever get a phone call that seems fishy, or that someone is wanting to talk to you about technical stuff that you don't understand, call me, call my brother, call so and so. Don't worry, we're not going to look down on you, but we want to make sure that we're watching out for each other. If I get a weird call, I'm going to call you. If you get a weird call, you call me.”
It seems to be that that interaction with other humans outside of the scammer really works as a good sounding board of like, “Is this legitimate or not?” I got a phone call with the caller ID matching my electricity provider saying they were from my electricity provider, saying, “Hey, your bill is really small, but it looks like you missed a payment or two. The guy is on his way out. Let's just take care of this right now over the phone.”
I recognize the phone number, so I'm like, “Oh, wait. They can spoof that.” It wasn't this outlandish story. It was so incredibly plausible that I almost was like, “Oh, yeah. Let me go look at that.” I was like, no, no, no. I'm relentless about my accounting. I know that I paid that bill, so I just hung up. They can be really, really convincing.
Yeah, I've had a few spoof calls from the White House, from the FBI on my Google Voice account. They're good. These guys, we've depicted them as silly characters sometimes, and they're very, very good at what they do. It's a big business for them. It's hundreds of millions of dollars, if not higher now.
The last thing I'll say again, because I'm very big on the psychology of this, I think one of the reasons why the senior citizens do get scammed is from the time period that they came from. We lived in a world where the kids could go play outside, maybe leave your door unlocked at night, sipping sweet tea on the front porch, and all those kinds of things, in a simpler time. They didn't have access to all this stuff that's out here. They were trusting. That's the trust but verify.
I wish we could be in a world where we can just trust people, we can trust someone's word, we can trust what they're saying. But unfortunately, all we hear is negative bad news that's out there. They have this paranoia now, unfortunately.
A lot of these grandparents in that elderly age, even when I talk with them on the phone, they trust me immediately. I call them up and I say, “I know this is a weird call, but you're being scammed right now.” They were trusting those people, then they're trusting me. It's built upon this trust. You think about that from a cultural standpoint.
Even the scammers build their business off a trust, too. How they launder money, and I could talk for two hours on that. There is a money laundering system that they do. It's built on trust. I think that's how they can connect with a lot of these victims.
We've got to protect the elderly. We've got to protect ourselves, too. We've got to have conversations about these types of scams because they're going to evolve, they're going to change, and they're not going anywhere. It's not going anywhere.
They're going to keep happening. Once we get one figured out, it'll morph into something that we don't understand for a while.
Correct. The last thing I do want to add—I had this in my mind, and I really wanted to say this. This is a fresh new thing, in my opinion. They're starting to have their victims create Western Union accounts online. Very easy to do. That's a part of their process. I've seen particular call centers do that.
From there, they will know the login and the password. They either use that as a mechanism to launder money through your account without being caught, or they'll have you launder money for them whenever they get their scam going. The second thing is they're using Zelle, which is really, really big right now, because all you need is a name and an email address. So shame on the banks. I'm sorry.
You talked about barriers to entry. To be able to launder money in a couple of clicks of a mouse like that, very, very scary. Be on the lookout as well. Everyone, I hope you're paranoid enough to go look at your Zelle accounts right now in your bank and make sure you have no Western Union accounts on your email. Look at those two things.
I always worry about these untraceable, untrackable, and irreversible financial mechanisms and what they're linked to. I have a bank account that is specifically associated that I use for those types of transactions with a specifically small amount of money in it. That way, if something goes sideways, they're not in my 401(k). They're not in a bank that's associated with our retirement account, a mortgage, or anything like that.
It's like, hey, there's $200 in that account, sure. It would stink to have someone get it, but heck, at least I'm limiting my losses to $200. Different institutions, I don't have a credit card with them. That’s the only thing I use that account for.
That sounds like a great service the financial institutions can put in place, where you can say, “Hey, I want this protection service, where you have access to only a certain amount or whatever it may be.” You'd have to get through a lot of hoops to be able to get to the other money. That would be a great idea.
OK, banking institutions listening to this call, implement.
Right, implement please. I'm sure it's really easy to implement something like that across.
Again, in my credit cards, I have alerts set up. If there's an international transaction, send me an email. Send me a text message. Alert me in the app right away. If there's a transaction over a certain dollar amount, I want an alert, because like you said, I have a healthy paranoia about these kinds of things.
If something happens outside in what I normally spend in a day, I want that extra feedback of, “Why did I do that? Did I do that? Did I not do that? Did my wife make a charge and not tell me about it?” Anything that happens out of the ordinary, I want to know about it.
I agree. Again, I go back to my enterprise security experience, where you talk about the general heartbeat of your enterprise. It's the same thing with our lives that we live. We should have a steady heartbeat of what is acceptable behavior every single day.
We have technology that can pull that data. There are things that will pull all of your financial data and tell you how much you spend a month. Why do we not have things in place that say, “This is way out of your heartbeat”? We need to just block it from happening. I think things will get better in that sense over time. I hope it does, because I think that's how you can harness technology to really protect people.
I totally agree. Pierogi, if people want to find you on YouTube, and I'm sure that's the primary way that you interact with people—I guess Twitch also—how can people find you on YouTube and Twitch?
Google can be your best friend. You can always type Scammer Payback into Google and a lot of my stuff will show up, whether it's my Twitter, my Twitch, Instagram, Facebook. We have all this stuff now, YouTube. You can just go to YouTube and type in scammer payback, or youtube.com/scammerpayback, or twitch.tv/scammerpayback. I just threw out like 90 links there, but just scammer payback anything, you'll be able to find me.
We do livestreams. We post videos. We're doing more investigative-type videos now. We're changing some of the format, not just the calls, but really the psychology and the mental aspect behind it as well. Check out some of the most recent ones we've done. There are some really intriguing pieces of information to protect yourself.
That's awesome. We'll make sure to link all those in the show notes. Again, Pierogi, thank you so much for coming on the podcast.
This is incredible. I'm so honored to be on the podcast. Thank you for the opportunity. Hopefully we can protect some people with this discussion here. Thank you so much.