What gets reported are not the only crimes that you see on a daily basis. But the numbers of what gets reported are shocking enough to put you on alert. Taking the stats of 2025, FTC recorded $15.9 billion in consumer fraud losses in the USA. This is not a decline in the numbers from 2024 which recorded a loss of $12.5 billion in 2024. The worst is yet to be disclosed. In 2025, FBI reported crime losses on the internet worth 21 billion dollars in 2025. 

Who would resist such numbers? Nobody, right? Because not all of us are in IT and can save ourselves from falling victim to such crimes. Hence, scambaiting came into the picture. A game in return to end (if not end), at least reduce such internet crimes. Long story shot, scambaiting is basically acting like you are pretending to be innocent in the eyes of the scammer but you actually aren’t. Result?? You are able to watch the whole game and process of the scammer so that you can make the world aware about it. 

If you are planning to play this game, you cannot just start right away. There is a lot that you need to know before you begin with scambaiting.  Let’s get started!  

Jim Browning exposed India’s Call Center Scam

Starting with a story would be best to help you understand the concept properly. We are going to tell you about a scam exposed by Jim Browning, a software engineer and resident of Northern Ireland. This is a renowned name in the tech industry as he has exposed 3000 call centers. You can also check out his channel to know more about his scams. He didn’t just start doing this right away, one of his relatives fell victim to a scam and since then Jim got the idea of ‘reverse engineering’, widely known as scambaiting. 

During one investigation, Jim gained access to the computer network of a scam call center operating out of Gurugram, on the outskirts of Delhi. 

The call center had digital CCTV cameras connected to the same network, which Jim was able to access remotely. For months, he watched the operation closely. He could see the agents on screen, listen to calls in progress, and build a complete picture of how the fraud worked. 

Once he was inside the network, he discovered something that even he did not expect. Jim took control of the call center. Over 70,000 recorded calls from America, Australia and the UK were obtained by BBC Panorama. In one of the calls, someone was trying to scam a blind woman who was also suffering from diabetes and only had a year to live, still the scammers went ahead and shamelessly fooled her. 

Within 12 hours of Jim releasing his video and the BBC airing the Panorama documentary, the call center was raided by Delhi Police. The man who ran the operation, Amit Chauhan, was arrested along with his accountant. There are many stories about this scam and we would really recommend you to watch the full documentary here about the Gurgaon Call Center. 

What Exactly Is Scambaiting?

As mentioned before, scambaiting basically means pretending to be a victim to a fraud which is happening or about to happen so that you can buy time from the fraudster. 

The term has been around since the 1990s, when it began as a grassroots response to the wave of advance fee scams. They were also known as 419 scams, flooding inboxes globally with lottery promises, business deals and irresistible rewards. 

Today scambaiting is a full content genre. The r/scambait community on Reddit has hundreds of thousands of members. YouTube channels dedicated to scambaiting have collectively racked up billions of views. And in more serious contexts, scambaiting has been used as a structured research methodology, funded by Interpol to map fraud networks and generate intelligence for law enforcement.

How Scambaiting Works? 

Scambaiting is not one thing. People follow many different approaches to get the scammers caught: 

Fake victim personas 

This is the foundation of most of the scambaiting that happens. You create a fictional identity, email address, and backstory to lure a scammer and keep them engaged long enough to waste their time or extract information. Researchers at a Swiss university funded by the Interpol Foundation for a Safer World built exactly these kinds of profiles to engage romance scammers across France, Switzerland, and Canada. By doing so, they collected 348 bank account numbers actively used in fraud.

Time wasting 

Deliberately stalling scammers so they spend hours on a fake victim instead of reaching real ones. Every minute a scammer spends on a scambaiter is a minute they are not spending on someone's grandmother.

Data collection 

Capturing phone numbers, IP addresses, bank details, and payment methods during interactions. When all this data is properly handed to authorities, it can block accounts and shut down operations.  

Reverse access 

Advanced scambaiters with technical skills have accessed scammers' own computers, intercepted live fraud calls, and captured webcam footage. In most countries, accessing someone's computer without authorization is illegal, even if that person is a criminal.

Public exposure 

Recording and publishing interactions on YouTube and social platforms to build public awareness and make scam operations visible.

The 3 Risks of Scambaiting Nobody Warns You About

Most scambaiting content on YouTube shows you the wins. Here is what it does not show: 

1. Your real identity can be exposed and used against you

Scammers have swatted scambaiters, filing fake emergency calls to send armed police to their homes. Several people who made the wrong operation angry have had their real names, home addresses, and family members' details leaked and circulated in scammer networks. Pierogi himself has warned beginners that some scammers are genuinely dangerous criminal organisations, and that interacting with them using your real phone number or physical device is a serious mistake. You should also never let a scammer remote into any device that has real data on it.

2. It can be illegal even when your target is a criminal

Accessing someone's computer system without authorisation is a criminal offence in most jurisdictions, even if that person is a known fraudster. The Swiss research team that conducted structured scambaiting for Interpol noted in their published findings that such activities, if conducted by law enforcement, would require specific judicial authorisation. Private citizens doing the same have almost no legal protection.

3. It rarely disrupts the operation itself

Scam networks are large, distributed, and built to absorb disruption. As the Global Anti-Scam Alliance has noted, one exposed agent or one wasted call is quickly replaced. The satisfaction is real. The structural impact on the fraud operation usually is not.

Does Scambaiting Actually Work?

The honest answer is…sometimes and in specific conditions.

When scambaiting is structured, coordinated, and conducted with law enforcement in the loop, it can produce genuinely valuable intelligence. The Interpol-funded Swiss study found that less than 5% of the fraud-related bank accounts and phone numbers their team collected matched records already held by police, meaning well-run scambaiting operations can surface information investigators simply do not have. The same study identified that a small number of digital banks were housing the majority of scam-related accounts, pointing to systemic gaps worth addressing at the institutional level.

But for individuals operating alone, without protocols, without technical safeguards, and without any channel to law enforcement, the measurable impact on actual fraud rates is close to zero. The most consistent contribution hobbyist scambaiting has made is awareness. Millions of people now recognise urgency pressure, gift card payment demands, and remote access requests as fraud red flags, because they watched someone handle those exact situations on screen.

Should You Try Scambaiting?

If you have no cybersecurity background, the honest answer is no. But if you are still curious or have already started, here is what you must never do:

• Never use your real phone number - Use a burner number or a VOIP service. Your real number gives scammers a direct route to your identity.

• Never use your actual device - Use a virtual machine or a completely isolated device with no personal accounts, saved passwords, or banking access on it.

• Never give them anything real - Not your name, not your location, not any detail that connects to your actual life.

• Never let them remote in - Even on a fake machine, allowing remote access can expose network details and IP addresses.

• Never engage alone if you suspect an organised operation - Report to the FTC (US), Action Fraud (UK), or your country's cybercrime reporting body instead.

And if something goes wrong, if you think your real identity has been exposed, treat it like a data breach. Act immediately. The next section covers exactly what to do.

If Scambaiting Has Already Gone Wrong for You

If you believe your real identity, phone number, or device has been compromised during a scambaiting attempt, here is how to move quickly:

Lock down your accounts immediately

Change passwords on your email, banking, and social accounts. Enable two-factor authentication on everything. Do not wait.

Secure your phone number

Contact your mobile carrier and ask for a SIM lock to prevent SIM swapping. If your number is already being used to harass or impersonate you, request a number change.

Document everything

Screenshot every interaction, message, and threat you have received. This is your evidence if you need to file a report.

Report formally

File a report with your national cybercrime authority, the FTC in the US, Action Fraud in the UK, or the Cyber Crime Cell in India. If you are receiving threats to your physical safety, contact local law enforcement directly.

Where Vault Steps In?

The reason scambaiting became a movement is not because people enjoy wasting time on the phone with fraudsters. It is because people stopped believing that simply being careful was enough. They had watched someone click a link that looked completely legitimate. They had seen a parent nearly wire money to a convincing fake. Being cautious felt passive when the scams kept getting more sophisticated.

That frustration is exactly what Vault was built for, but Vault acts before the scammer ever reaches you. The moment you land on a risky or suspicious website, Vault flags it in real time, in plain language, before you have entered a single detail or engaged with anything. When a phishing link appears in your browser, Vault catches it before your instincts even have a chance to.

You do not need to bait a scammer to stay one step ahead of them. Vault puts you there automatically, so the threat never finds you in the first place.

The Vault browser extension is currently available on Chrome, Brave, and Microsoft Edge. The Android and iOS apps are coming soon.

Stop Playing Their Game!  

The scambaiting videos are genuinely worth watching, not because you should try it, but because they are one of the most effective free education tools available for understanding how fraud actually operates. The scripts, the urgency, the fake authority, the gift card requests, seeing them played out in real time is the kind of awareness that sticks.

But awareness has limits when you are on a mobile screen at midnight, one tap away from a link that looks completely real. The gap between knowing what a scam looks like and catching one at the moment is exactly where most people get caught. Know the red flags. Skip the engagement. And use tools that work faster than any scammer can.

Frequently Asked Questions (FAQs)

What is scambaiting? How does it work?

Scambaiting means acting as a potential fraud victim to engage a scammer with the aim of wasting their time. This way they can gather all the information for exposing them publicly. It works by building a fake identity or persona and sustaining communication with a scammer long enough to frustrate their operation or collect information. At a professional level, this data gets passed to law enforcement. But if you are a youtuber or something, scambaiters use their platforms to spread the information to the public for awareness. 

Is the whole idea of scambaiting legal?

Having a conversation with a scammer is generally legal. But accessing their devices or computer systems without authorization is illegal in most countries, even if the target is a known criminal. In jurisdictions like Switzerland, even law enforcement conducting similar operations requires judicial authorisation. If you are a private individual using technical methods to access a scammer's systems, you are operating in legally dangerous territory regardless of their guilt.

Can scambaiting help you in stopping scams?

It totally depends on the ways you are adopting to spread awareness about the scam. One is a professional approach, where you engage with the fraudsters to understand their process. In individual hobbyist contexts, the direct impact on actual fraud operations is difficult to measure. The most reliable contribution scambaiting has made is public scam education, helping millions of people recognise how fraud tactics actually work.

What are the biggest dangers of scambaiting?

The three main risks are identity exposure leading to harassment or swatting, legal consequences from using unauthorised access methods, and device or data compromise if you interact with scammers on equipment connected to your real accounts. Say, having the same password across all platforms. Many scam networks are well-organised criminal operations not individuals and they have the capability to retaliate.

What should I do if I encounter a scammer instead of engaging them?

Do not respond. Report the number, link, or account to your national cybercrime authority,  the FTC in the US, Action Fraud in the UK, or the Cyber Crime Cell in India. If the scam arrived via a suspicious link or website, tools like Vault can identify and flag those threats automatically before you interact with them at all.

Can scambaiting put my family at risk?

Yes, in serious cases. Scambaiters who have had their real identities exposed have reported harassment extending to family members. This is one of the most important reasons why anyone engaging with scammers even casually should never do so using their real contact details or devices.