Everyone hates scams. That’s because everyone’s a target.
As we all know, social media websites like Facebook, Twitter and LinkedIn are rife with fraudsters. Most of those scammers just want a few hundred dollars or access to their target’s account. But some want more. Some try to steal their victim’s identity, while others attempt to exploit a single employee’s human weakness by going after entire organizations. In those cases, corporate scammers sometimes make off with millions of dollars in the process.
Given the growing threat and proliferation of scams, is it any wonder security researchers are fighting back against bad actors who peddle them?
Some have made it personal. Security researcher Christian Haschek, for instance, looked up a scammer’s personal information after they attempted to cheat him out of 380 USD for the purchase of two Apple gift cards.
After Haschek contacted their mother and brother on Facebook, the scammer begged him to stop and promised they would never swindle anyone ever again.
Others have taken a different approach. Faced with the interminable deluge of anonymous spam, Brian Weinreich, co-founder and head of product at Destiny, had a brilliant idea: spam the spammers, and in the process, waste their time so they can’t work on perfecting their technique.
The idea came to him in early 2015. As he explains in a blog post:
“It became clear to me: it’s my job to stop spam. That ‘Spam’ button on Gmail just didn’t get me going anymore. There’s no reward. I was seeking revenge. and some comedic relief.”
Driven by the desire for a little fun, Weinreich created Sp@mLooper.
Here’s how it works:
- Whenever Weinreich received any spam or scam message, he forwarded it to firstname.lastname@example.org.
- The Sp@mLooper bot removed all personal information and started up a new conversation with the spammer.
- Once the spammer responded back, the bot used a variety of open-ended questions to keep the conversation going, such as “Very interesting… are you offering this for free? What is the pricing?” and “Wow! This sounds like an awesome opportunity. Can you tell me a little more about it?”
- Sp@mLooper continued to respond until the spammer gave up and realized they’d been scammed, like what happened in this conversation.
Not wanting to stop the fun there, Weinreich used a little snippet of code, so that his bot would begin using hipster lingo after the first couple of exchanges. Here’s one such example:
“Alright! This looks really cool. Do you possibly have a LinkedIn or Facebook? Before doing any kind of business going forward, it’d be great to see I’m talking to a real person. Sorry! Just being cautious! Pitchfork kogi yuccie thundercats five dollar toast messenger bag godard hoodie 3 wolf moon.”
Best of all, it eventually got to the point where the security researcher didn’t even need to send messages to Sp@mLooper anymore. People began spamming it on their own, meaning the fun could have continued on forever.
It didn’t. Weinreich gave up on the project due to a lack of time. But fortunately, he kept the code and made it available on GitHub, so that others could build their own spam-spammer bots.
Interested in having a little fun? If so, you can access the Sp@mLooper code here.
In the meantime, you can read all the exchanges Weinreich’s Sp@mLooper participated in here.
What’s the best spam message or scam you’ve ever received? Please let us know in the comments!