I'm Jim Browning. I'm
known as a scam baiter, and I hack into scammers' CCTV, and I've managed to close down hundreds of scam call centers. This is how crime works. What I do is disrupt
multimillion-dollar scams. The ring leader's exposed, and those people have an awful
lot of money behind them. Why the silhouette? Well,
it can be quite dangerous. You can imagine the type of things that they may decide to do to stop me. Up until recently, had a normal day job, and sometimes I would work at home, and I would constantly
get the same phone calls that I think most people get, and you instantly know it's a scam. But I was getting those so often that it was interrupting my normal work. I thought, I am an engineer. I know about computers,
know about networks. Maybe I can do something about this, or at least I want to find out what it is they're really after and
maybe report the people in the hope that I can stop the calls. I encountered Faremart
Travels back in 2019. They were operating a pop-up scam. I was browsing the internet. Suddenly this message pops up saying I've got a virus and
I had to call a number that locked my keyboard mouse. And from experience, I
know that that's a scam, but I deliberately called the number. They told me that they
were a Microsoft affiliate and they needed access to my computer. But I have this little trick where, if someone connects to my computer, I can reverse that connection, and that enables me to see their computer. And I was able to find out quite a lot of data and video and audio. Of course, the people on the
end of the phone are primed to persuade you that you've
got a computer problem. They will want you to, although they may not say the words "remote access to your computer," they will deliberately misdiagnose it. And to fix that problem, even though there's no problem, you will have to pay them. And it varies anywhere between
maybe a few hundred pounds up to a few thousand pounds. They will talk reasonably
technical-sounding language deliberately, but it's all just a script. Most people who are victims of that scam think that it's some friendly
person trying to help them out when in fact there was
nothing wrong whatsoever. It's not just done once; they're scammed multiple times after that. The setup can be very tiny. You can run a scam call
center out of a hotel room. You don't need particularly
expensive computers to run a scam, and I think
a lot of scammers know that. And what I typically find is they will run the oldest of old computers, just because they're cheap. The average scam call center
has between 10 and 20 people. Faremart Travels, they set
themselves up as a travel agency. They were running out of two buildings in a suburb of New Delhi. In those days, the front offices were all running legitimate work, but in literally the offices
behind that building, they ran a scam operation. In fact, they used the
same telephone system that they did for their legitimate work, but in the background, they
would run this scam call center. So they had almost a perfect setup, so that if the police
ever did raid the places, they could always point the
police to their legitimate work. They actually recorded their phone calls, and I was able to download over 70,000 scam phone calls from other operators in that room. It did help that I could see
the supervisor's computer. So I could see the messages
going from the people who actually operated the calls right back to the CEO of the company. So, if you can think about any
normal office organization, they had exactly that structure. The agents are incentivized
on how much money they make, and because of that, they get a bonus at the end of the month. So they had supervisors who would tot up every
agent's performance, and if you can make more
than 30 successful calls, for example, you will make more money. I have seen in other operations that if you don't make your targets, typically you're out of
the business completely. It was an operation that ran 24/7. They would have different shifts. So they would target Australia
early in their daytime. It would move to Europe in
the afternoons and evenings. And then at nighttime it would be the USA. There was another person who was the accountant for the company. They knew which channel it came from, so what sort of scam operation
they were running that day, which country it involved,
which currency it involved, which payment gateway it involved. You would have all the
detail of that money going into huge spreadsheets, and of course then that
would be laundered elsewhere. So, they had everything you would expect in a real office building. They had a HR department,
quality-assurance department. They would actually listen to
some of the scam phone calls and feed back to the agents how they could run the scam better. I was able to see exactly
what the CEO was doing because there was a CCTV
camera in his office. It was the only one with audio, and he would spend a
small portion of the day looking after his legitimate business, the travel-agency business, but an awful long part
of the day was spent making sure that the next type of scam was going to happen. But I did hear him
discussing an Amazon scam and how he would set that up. Things like how they would
process the money were discussed. Occasionally I will encounter
networks of money launderers, and if they're asking
victims to transfer money, normally it will be to a bank
account in their own country. And the reason for that is
it's much, much more simple for money to go out of a victim account into a local bank account, a
reasonably local bank account. But of course it hasn't got
back to the scammer yet. So there has to be a network of people who will take that initial transfer and move it between a number of countries. An average scam will have at least one money mule in the UK, one money mule at least
in a different country other than India, typically Thailand. And between them, they will move money
between jurisdictions. I have seen Telegram and Skype groups specifically set up to allow money transfers to happen. So, I know with Faremart technologies, I was able to see exactly
where the money went when it came between the victims and right through to the company. So, I could see as each
payment was being made, there was an individual
transaction in PayPal which went to a company
called Adhrit Technologies. And Amit Chauhan is the CEO of, or was the CEO of, Adhrit Technologies. So I got a direct payment link between the victims and his company, and I could tell that he was making at least tens of thousands
of dollars per month, but it was closer to $100,000 a month. What they would get is average about $10,000 to $12,000 just from scams each day. But I've seen call centers which are upwards of 200 employees, and they can make more
than $8 million a month. I have encountered a victim in the UK who had already lost £100,000 to scammers. People write to me as well to say that they have lost a lot
more than that, again. And again, there's
practically nothing I can do once the money has already been stolen. Seeking out victims, criminals absolutely use social media. I'm on a Facebook group where scammers sell
people's personal data. And there's very little
enforcement for that. They will also sell things
like credit-card numbers. Those are sold openly on Facebook. I get to hear a lot of the
calls that scammers make, and I've heard everything from teenagers right through to people well in their 90s falling for these. The types of scam though that I look at are more likely to affect older people. Faremart Travels were
a little bit different from the average scam
call center that I look at because they pay a third party to put adverts onto websites, and the advert itself is called a malvert, a malicious advert. It goes full screen, has a bit of very loud audio saying, "Your computer has a virus," but most importantly, it
has a phone number on it. The one way to tell whether
it's a scam is a phone number. If you see a phone number on your screen, 100% of the time, that
is going to be a scam. Your antivirus will not ask
you to call a phone number. They wait for victims to come to them. Then they would simply
get the inbound calls. That's how they seek out victims. The kind of victim they're after is somebody who's not computer literate. I have to lull them into
a false sense of security, so I have to appear convincing. I can't be somebody who is
very good with computers, type stuff in really quickly, because they'll instantly get suspicious. So, whenever I engage with
scammers, I have a voice changer. I know in advance what my name, address, credit card, and everything else will be. I also have a fake bank page, which I will deliberately
flash or show to a scammer to make it look as if
I have loads of money. All I need is a little bit of knowledge about the system they use
to make that phone call for me to hear other phone calls. I not only can hear the calls, I can see the phone
numbers they're calling. And I can see a phone call has lasted more than, say, five minutes, it's very likely that that
person is being scammed. And what I do is typically call the person when they've hung up and say, "By the way, did you know that you were
not speaking with your banker? You were not speaking with Amazon." And that is quite often a surprise to the people who've been
on the phone for so long, because they can be incredibly persuasive. They use terminology all the time. There's never a "victim,"
there's always a "customer." So, you're a customer, of course, and that's the term I kind of hate because not one person that I encounter is a real customer in any shape or form. Yes, "process." And whenever you go for an
interview in a scam call center, you have to use the
term an "Amazon process" or a "banking process"
or a "refund process." But that is just shorthand
for the refund scam or the bank scam or whatever. Whenever they build a
rapport with their victims, everyone will sound just
like their grandmother or their grandfather, because that way they
sound more endearing. Obviously, when I can see one computer, just like the phone system, I can potentially also see
the CCTV system that he used. A good example is Faremart. I can see the guy actually
run up his CCTV cameras, and he logged in with a username of admin and an eight-character password. It enabled me then to log in and just use the computer or the CCTV. The scam room itself
actually had four cameras pointing all four directions.
Each corner of the room. It was difficult to know
exactly who you're speaking to. Obviously they give fake names, but knowing that they will
want to connect to my computer, the very easy thing to do is to change my desktop
background to a very garish color, like purple or green or something, and then as the scammer connects to it, look on the CCTV and see who has got the
green or purple screen. And then I can pinpoint
and go, "Ah, right, I'm speaking to that particular
guy in the corner there. That's the one I'm going to focus on." So, I'll be kind of picking
up bits and pieces of files which may be on their computers, again, just to help identify who they are. Sometimes some of the computers
have ID card information or spreadsheets with real names on it. So I'll be kind of looking for that. I know this is a little bit vague, but, equally, I don't want
to let the scammers know exactly all of my tricks, but there are definitely
techniques that I can use to figure out exactly what they're doing. I was in the fortunate position that not only could I see live CCTV, but they actually had recordings of historic events. And when I did rewind the footage, I could see them position certain cameras and actually turn them around. I was able to kind of roughly
work out where things were, but I still couldn't figure it out. So, I have a colleague who does something very similar to me. He's called Karl Rock, and he's in India. He's got a drone, and I asked him, "Would you be able to
help me take photographs to figure out where
these scam offices are?" He flew the drone over the
top of the main building and then out to the back
of the building as well. When it comes to reporting crime, it's actually very difficult in India. The best way to get any action
on the ground from India is to go directly to the local police where that call center is nearest. It is not enough to say,
"The people in that building are pretending to be a bank or Amazon." What I have to do is present a victim to the local police to say this person has had money stolen, and it comes from that building, and here are the people involved. And that makes it very, very difficult. Obviously, I try to
approach the police to say this scam is operating on your doorstep, but quite often that's ignored. And it's kind of a tolerated scam. If you seem to be stealing money from rich Westerners, for an example, that may be less of a
crime in those countries than maybe other types of crime. Now, in the case of Faremart, I was working with a documentary team. The BBC were involved. The police became interested only because of that involvement. Then the police raided those buildings. So, they arrested Amit Chauhan. They dismissed the case because there wasn't enough evidence. I would love to see tougher laws when it comes to call centers. I think there should be laws to say if you're running a call center, you have to give the
person you're speaking the details of who you are, where you are, your real name, and
your real company name. It would be easier, I think, to prosecute some of
the scam call centers. And maybe that's the way to
reduce some of them at least. I actually ask scammers,
"Why do you do this?" The answers that I usually get, there will be people who say, "The only way that I can make
money is through scamming." And undoubtedly that's the case. But everybody's different. There are not enough
jobs for young people. And don't forget, these people in general, they speak English, so
they're well educated. They come from the equivalent of middle-class backgrounds. Their education levels, I've seen the CVs sitting
on some of the computers. They generally know what
they're getting into. So, if there was an opportunity
to have another job, some will tell me that they
will take those other jobs. And some of them do
say, "I have no choice. I'm only going to do
this for a year or two." I personally think the primary reason is, the reason why so many
people are in it, is greed. I have had scammers who have said, "Well, I do this as kind of revenge for colonial corruption." I do speak to some scammers
who do have a conscience, and some of them have
already reached out to me and exposed their own
bosses in the whole thing, and that's admirable. India is more than likely where your robocall is going to come from, which is a really sad reflection on India, because India is a fantastic country. But it now means that people when they hear an Indian
accent on the phone are just that more wary,
and that is incredibly sad. Other than India, I have
personally encountered ones in Ukraine and Tunisia. The Tunisian call center targeted
French-speaking countries, including France. There's a few different ways that scammers will
attempt to find victims. And I guess the primary one, someone pretending to be your bank or a large company like Amazon. Unfortunately, if you've got a landline, that is a typical thing that
you will hear every single day. And one of the biggest ones,
for example, is a fake invoice. If you've started a
conversation with a scammer, they'd want to get at your money, and they will target you
in a few different ways. The first one is wanting
access to your computer and therefore wanting
access to your bank account. They will get you to make a transfer or they'll blacken your screen and they'll make the transfer. The other one is they don't really need or want access to your computer, but they will try to convince
you to go to your bank and move money by socially engineering you to send money or withdraw
money, put it in a box, and people unbelievably still do this, and send it to another address. And the third one is they will persuade you to
go out and buy a gift card. And there's different
ways that they can do that and read out the gift card number. And if you do that, that's equivalent to directly putting it into
a scammer's account. And the most obvious way these days of getting money cleanly for scammers is to use cryptocurrency. There's other sorts of scams. You may have seen SMS messages saying that there's a parcel being delivered or a different sort of SMS message targeting someone in your family. Recently I've come across a group who were operating out of London, and they were pretending
to be the son or daughter of someone who had lost their phone. So they would send a message saying, "Hi, Mom, I've lost my
phone. This is my new number. Can you contact me on this? I need to get some money quickly." It's not easy having multiple identities, and I have my own family
life to deal with, like everybody else. Doing this in the evening times did take up an awful lot of time. So, I do work very odd hours, and I have to keep the
same hours as scammers do. So I'm on the night shift just
with the scammers as well. So it can be difficult. I have worked in IT for
quite a number of years, although these days I could
maybe teach a course on it. I haven't got the formal qualifications. Because I have dug into scams
more than the average person, I probably know scams
better than most scammers. I'm still learning. I still want to understand better some of the systems that
scammers use. They evolve. But I would like to
think I evolve with them. I am working on projects that will help victims using AI, before scammers start
using AI against victims. So, I have a YouTube page, the channel name is Jim Browning, which is dedicated to combating scammers.
