Lewis Hopkins calls himself “a scammer’s worst nightmare”. The 21-year-old from Birmingham has racked up nearly 20 million views on his YouTube channel where he exposes online scammers – hacking their computers and trolling them – in videos that are chaotic, funny, and, at times, extremely stressful.
Lewis is part of an online community of vigilantes known as scambaiters. Growing out of early 2000s internet forums, scambaiting is now huge on YouTube, with baiters gaining hundreds of millions of views between them. Last year, scambaiting even crossed into the mainstream, as BBC’s Panorama featured the UK’s biggest scamhead, Jim Browning, hacking the CCTV of a fraudulent call centre in India and exposing scammers at work.
Scambaiters like Jim and Lewis intercept both phone and email scams. Usually, these scams involve people who pretend to be from big companies, banks, or government institutions such as Amazon, Microsoft, or HMRC, to trick victims into giving them access to their computers, or worse, their online banking accounts. But like other forms of online vigilantism (see: paedophile hunters), scambaiting is also mired in controversy.
Jim and Lewis use legally dubious methods – known as grey-hat hacking – to frustrate and compromise scammers. This involves gaining unauthorised access to scammers’ computers, which has ethical implications. The wider scambaiting community has also faced accusations of racism – it’s hard to avoid the fact that baiters are predominantly white and the scammers they target and humiliate are almost entirely from developing countries.
VICE sat down with Lewis to talk about how he got into scambaiting, the ethics of online vigilantism, and what scams to watch out for in 2021.
VICE: How did you get into scambaiting?
Lewis Hopkins: It originally started by watching people like Jim Browning, when the whole scambaiting thing was virtually non-existent on YouTube. It’s the satisfaction from knowing that you are putting the scammers in a position where they are having their time wasted. I believe any minute is valuable time when you’re on the phone to these scammers. Any minute you can spend wasting their time is time where they could otherwise be stealing someone’s money.
Talk us through your process – how do you decide which scammers to target and what to do to them?
I phone them up, or they phone me and leave [automated] robocalls. I bait them for a while and decide whether I’m going to get them properly – as in gain access to their systems – and if I can it means I can do a lot more about that particular scam. I can find out about the company, where it’s located, who runs it, the big people involved.
A lot of the time I’ll intercept a scam midway through. So, if they’re on a call to a victim, I’ll take control of the scammer’s computer, hang up that call and call the victim myself to warn them about what’s happening.
I do that with multiple scams now: the Amazon scam, where hackers say a suspicious order has been placed on your Amazon account; the HMRC scam, where a robocall is placed to victims saying an arrest warrant is out for them; and the tech support scam, where the scammer gains remote access to the victim's PC and runs through a list of non-existent faults and will then say in order to fix these issues the victim must pay a fee, which is usually an extortionate amount.
How do you feel about the ethics of online vigilantism?
I think it’s definitely ethical, although there could be some legal issues surrounding things that people like me and Jim Browning do. But ethically I think it’s spot on. I can’t see a negative to what I’m doing, except for the scammers.
Some people have called scambaiting racist – what do you think?
I’ve always tried to stay away from stuff that’s extremely offensive. I’m not particularly politically correct if I’m honest, and I don’t intend to be either, but there are lines I wouldn’t cross. [The scammers’] race, ethnicity, I wouldn’t pick on that, although observations are that the vast majority [of the scammers targeted] are Indian. There’s nothing I can do about that – it’s just what I and every other scambaiter has observed. These types of scams [in my perception] are 99.9 percent done by Indians. I don’t like to mention that, because if I can find a scammer who’s come from anywhere else, I’ll do the same to them.
I target scammers – not Nigerians and not Indians – and I do not care in the slightest where they come from. I have countless Indians giving me comments on Twitter and YouTube every single day, telling me how they support it and the disgrace that scammers have given to their country. A lot of honest people from those countries feel just as strongly about it as I do.
Do you ever feel sorry for the scammers?
Nope, not in any way. You get some of them giving a story about why it’s hard for them and it can be hard, I know. But the fact is they are willing to steal from anyone – they do not stop at 90-year-olds, disabled people.
I actually gained access to a scammer’s PC who sold information to other scammers and one of the criteria was cancer patients. That made me sick and it’s one of the reasons I do not feel sorry for these people. It’s very hard to make me feel any remorse for what I do. I’ve come very close to watching old, vulnerable people losing their life savings.
What’s the maddest scam you have come across?
One of my family members nearly fell for a pet scam. It’s where you’re on the verge of buying a pet online and then [the scammers] turn around and say they are going to mail it to you. At that point it’s an obvious scam, but not all people have that same level of suspicion.
Have scammers been using the pandemic to target their victims?
They are definitely using it. I’ve seen an increase online when I’m searching for numbers to bait. The scammers pretend that you’ve got some sort of grant, which is believable. I can totally understand why people might fall for that. We’re in a lockdown, it’s free money, people will jump on it. People aren’t aware of the scams and they are definitely using it to their advantage.
What scams should people be wary of this year?
Based on what I’ve seen, anywhere [the scammers] connect to your computer [is worth watching out for]. It’s not only computers they can gain remote access to, it’s also mobile phones. People's whole lives can be stored on their phones and at any point the scammers can request a file transfer and take anything. They can also blank the screen sometimes – in one of my videos, while they were blanking my screen, they were trying to take £500.
How would a scammer go about blanking your screen?
Scammers convince victims to install remote access software such as Teamviewer by pretending to be working for big companies. They make the victim give them the access code and take control over the victim's device so they can – in the case of the tech support scam – show the victim a series of fake issues on their screen. In the case of the Amazon scam, they use the software to give the victim a fake refund form and also to see and manipulate the online banking page of the victim.
If you’re not very tech-savvy, you’re not sure what Teamviewer is – it just looks like anything else you download off the internet. How many people install programs without knowing properly what they are? It’s not just old people – there are definitely younger victims that scammers target, too.
Finally, what is the best way for people to avoid being scammed?
The best way to avoid it is to hang up. If you suspect anything, hang up. Don’t give anyone you don’t know remote access to your computer or your phone. If they’ve got no victims falling for it, there’s no business for them. And that’s why I’ve actually seen scams evolving. There will always be a way. But as long as they’ve got a way to scam, hopefully I’ll have a way to stop them.