Hacking Back Scammers - BSides Prishtina 2022

Hacking Back Scammers - BSides Prishtina 2022 Megi Bashi, Ryan Dinnan, Jacob Abraham, Joshua Pardhe The scammer epidemic is ever-present in our connected world and shows no sign of slowing down. Last year in the United States alone, an estimated $29.8 billion USD was lost to scammers, a number that has more than quadrupled since 2015. Scams of all kinds are ubiquitous, and we as student researchers hope to raise awareness about these dangerous (not to mention plain annoying) security threats. Our team is comprised of Arizona State University seniors who, for our graduating capstone project, decided to fight back against this scammer epidemic. Over the past eight months, we have researched, designed, and tested various approaches and tools for actively combatting and reporting scammers. Through scambaiting (the process of pretending to be a victim in order to waste a scammer’s time), we have gathered intelligence on how different scams operate and have used this knowledge to produce repeatable social engineering tactics to gather actionable intelligence. Additionally, we use our collective technical skills to design seemingly realistic personalities and financial institutions to ensure the collection of intel. Once we have gathered actionable intelligence, we investigate the scam operations in order to find anything further before creating a report and submitting to the proper authorities. Such investigations include tracking domains, fake profiles, and even victims who have been targeted in order to provide a wholistic report. In this talk, we'll break down our approach to a project of this scale, our findings, and the lessons we've learned. Join us for a dive into the world of scams, social engineering, and ethical hacking!