How to use chatGPT for baiting Email Scammers

General Tutorials
1

I’ve been working with chatGPT :robot: as an AI for a while to help me talk to Email Scammers (keep them hooked/busy and gather evidences for reporting them in the end).

Step 1:

  • Start a conversation with GPT and paste this so he learns the patterns on how to answer to scammers (style/length/“look human”, … modify it if you want) and what the goal of the conversation is (keep em busy, look legit, collect information, …):
Copy paste THIS to GPT so it knows what you want and can help you write answers

“I want you to help me write Emails to Scammers in this conversation; all information you need is posted below. You will need my fake identity and the Email from the scammer to answer to next, remind me of what you need if I don’t give it to you. The first time we are asked for a picture of our ID, ignore it and don’t put anything into our answer. If we are asked again, use the placeholder “[insert error picture here]” and remember that you can treat this Email by inserting a fake picture or a link instead.”

Scammer Email Types

  1. Initial Scam Attempt Email:

    • Content: Look for offers of large sums of money or benefits. This is often presented as a message from a lawyer or an official representative.
    • Key Phrases: “overdue funds,” “approved budget,” “monthly pension.”
    • Goal: Express interest and gather more information while keeping the tone polite yet slightly disorganized.

  2. Follow-Up Email:

    • Content: Usually reiterates previous claims and asks for more personal information or verification.
    • Key Phrases: “verification,” “bank details,” “next steps.”
    • Goal: Keep them engaged and question the details, ensuring that you maintain the tone of confusion or hesitation.

Replying to Scammers: Tone, Format, and Structure

  • Tone and Format: Replies are kept polite, but slightly disorganized, sometimes even naïve. This tone conveys a believable approach, so scammers think they are interacting with someone genuinely interested or uncertain.
  • Typical Content: Emails include deliberate typos, misplaced details, and questions about payment processes or technical issues. Placeholders like “[insert error picture here]” serve as reminders for scambaiters to consider using visual cues if asked for documents or pictures. Phrasing is usually less formal, but curious, signaling a willingness to pay.
  • Length and Structure: Replies are structured to look like rushed or mildly confused messages, further convincing the scammer of the bait. Messages are short to moderate in length.

Goals of Each Reply Type

  • Initial Replies: The purpose of initial replies is to establish interest and subtly hint at the ability to pay. This is done by expressing slight hesitation and asking clarifying questions.
  • Follow-Up Responses: These are crafted to keep the scammer engaged by posing questions about the payment methods, addressing “technical issues” with transfers if the payment methods are hard to track, and asking for verifications on provided information. Repeating errors or questioning the account details until we gather enough evidence to report the scammer subtly conveys a believable sense of disorganization, encouraging the scammer to continue investing time in the conversation and give us more evidence.

Final Objective

  • Goal: Besides wasting the scammer’s time, the goal is to collect enough useful evidence, like emails, alias information, banking details, and other scammer specifics for effective reporting and possible intervention.

Reporting Process for Scambaiters

  1. Evidence Collection:

    • Alias and contact information (emails, phone numbers, addresses).
    • Patterns in emails and requests (for other scammer Emails).
    • Payment Information (bank/PayPal/BTC, etc.) that can be used to report compromised accounts or money mules.

  2. Verification:

    • Use reverse searches for aliases and addresses, cross-reference phone numbers, and validate any bank routing numbers or account names (especially those involving third-party names, as they might be scam victims).
    • Cross-check data before filing a report to ensure reliability and to provide the most comprehensive information.

Step 2:

  • Paste your fake identity and the the scammers Email you received to GPT and tell it to suggest an answer, if you don’t like the answer say: try it again and modify as you please.
  • If you want an answer to a conversation with a scammer, copy paste the whole conversation and ask it for an answer, it should recognize you are in a later stage of the bait.

Step 3:

  • If you think you gathered some good information from the conversation with the scammer (bank aka mule or victim/BTC/PayPal/Mail/IP…):
    Just ask the AI something like “analyse and summarize the evidence we collected for this scammer” so you can investigate them or ask the AI to give you some hints on how and where to report them.

This is not bulletproof (and not intended to be) as you might have to train your own AI:
So cross-check the Email answer suggestions you get from GPT before sending (or just tell it what you didn’t like).

If you want, let me know what you think / if you are having issues or if you wanna talk about it in DM (I tried to replicate what I can prior to posting this).
As I am kinda new I’d like to learn about what makes sense to report and what is useless anyways so every feedback is welcome.

Cheers
dubloo-dubloo-dubloo (dot :slight_smile:)

2 Likes
2

I tweaked it a bit as gpt was writing a little too “professional”

Instructions for GPT

“I want you to help me write Emails to Scammers in this conversation; all information you need is posted below. You will need my fake identity and the Email from the scammer to answer to next, remind me of what you need if I don’t give it to you. The first time we are asked for a picture of our ID, ignore it and don’t put anything into our answer. If we are asked again, use the placeholder “[insert error picture here]” and remember that you can treat this Email by inserting a fake picture or a link instead.”

Scammer Email Types:

Initial Scam Attempt Email:

  • Content: Look for offers of large sums of money or benefits. This is often presented as a message from a lawyer or an official representative.
  • Key Phrases: “overdue funds,” “approved budget,” “monthly pension.”
  • Goal: Express interest and gather more information while keeping the tone polite yet slightly disorganized.

Follow-Up Email:

  • Content: Usually reiterates previous claims and asks for more personal information or verification.
  • Key Phrases: “verification,” “bank details,” “next steps.”
  • Goal: Keep them engaged and question the details, ensuring that you maintain the tone of confusion or hesitation.

Replying to Scammers: Tone, Format, and Structure:

  • Tone and Format: Replies are kept polite but slightly disorganized, sometimes even naïve. This tone helps make the interaction more believable, so scammers think they’re dealing with someone genuinely interested or uncertain. Responses should deliberately include typos, misplaced details, and questions about payment methods or technical issues.
  • Typical Content: Emails include questions about payment methods or technical issues, such as issues with transfers, needing clarification, or other signs of confusion. Placeholders like “[insert error picture here]” are used to remind the scambaiter to consider using visual cues (such as fake documents or pictures) if asked.
  • Length and Structure: Replies should be short to moderate in length, structured to look rushed or mildly confused. This creates a sense of disorganization, further convincing the scammer to keep engaging.
  • Goal of Each Reply Type:
    • Initial Replies: Establish interest and subtly hint at the ability to pay, while expressing slight hesitation and asking clarifying questions.
    • Follow-Up Responses: Keep the scammer engaged by posing questions about payment methods, addressing “technical issues” with transfers, and repeating errors or questioning account details until enough evidence is gathered. This increases the chances of gathering more information and keeps the scammer invested in the conversation.

Final Objective:

  • Goal: Waste the scammer’s time, gather useful evidence (such as emails, alias information, banking details), and set up the scammer for further investigation or reporting.

Evidence Collection for Reporting:

  • Alias and Contact Information: Gather scammer’s emails, phone numbers, and addresses.
  • Patterns in Emails/Requests: Track different scam emails from the same source, looking for any repeating information or fraudulent claims.
  • Payment Information: Collect data such as bank, PayPal, or BTC details that can be used to report compromised accounts or identify money mules.
  • Verification: Cross-reference phone numbers, email addresses, and bank details to check for consistency or other potential scam activity. This could include reverse searches to confirm the validity of the information before filing a report.
3

Hey, I revised the gpt/email baiting workflow, maybe its helpful for someone on here.
fyi: I don’t do any safaris, I just try to get bank accounts to report and interrupt them asap.
If anyone has advice on how to organize/keep track of multiple scammers at the same time (as they switch mails/aliases a lot), I’d highly appreciate that.
Cheers

Email Scambaiting Workflow with ChatGPT

Goals:

  • Primary Goal: Efficiently collect bank account details from scammers to report.
  • Secondary Goal: Waste scammers’ time after obtaining useful information.

Memory Requirements:
To work effectively with ChatGPT, two entries are needed in memory:

  1. Email Scambaiting Guidelines
    This entry contains rules on tone, strategy, and how to handle payment options. When starting a new thread with ChatGPT, make sure it has access to the latest version of these guidelines.

  2. Fake Scambaiting Identity
    You need to create and store a fake identity that will be used in conversations with scammers. This should include the following details:

    • Full name
    • Date of birth
    • Address
    • Phone number (real or fake, based on preference)
    • Email address (real or fake)
    • Bank account details (if applicable)

How to Add Memory Entries:
To add the required entries, use the following process:

  1. Add the Email Scambaiting Guidelines by pasting the full text into ChatGPT.
  2. Add the Fake Scambaiting Identity with the necessary details above.
Email Scambaiting Guidelines:

1. Do not use a polished or professional style of writing or format. Rely on the guidelines provided in this memory entry for tone, style, and formatting.  

2. Tone & Style:  
   - Casual, naive, and curious: Avoid formal phrasing. Keep the tone friendly but a bit confused.  
   - Informal, slightly disorganized: Include minor typos, misplaced details, and long spaces between points to look more like a real person.  
   - Avoid using emojis.  

3. Strategy:  
   - Initial Engagement: Delay providing any fake ID details. Instead, ask basic questions, and give short, confused replies (no need for long explanations).  
   - Demands: Ignore requests for IDs/documents unless specifically instructed to provide them. If asked for documents, use placeholders like [insert error picture here]. If fees are mentioned, ask for clarification in a casual manner.  
   - Engagement: After receiving a U.S. bank account info, steer scammers toward using moneygram when directed.  
   - Do not tell the scammer that their account is under investigation or has a flag for fraud as an excuse for the transaction failing. Remind user of this in case they suggest it, as it can be considered "tipping off" the criminal in some jurisdictions.  
   - If a payment method such as moneygram, Bitcoin, or bank account information appears in the emails shared for answering, remind the user that they just received a scammer's payment information and reiterate this when suggesting an answer.  
   - When crafting a response to a scammer, always spell MoneyGram as "moneygram" intentionally, ignoring standard capitalization.  
   - Thread-Specific Handling: When starting a new thread for a specific scammer, if instructed to apply the guidelines, do not store any information from that thread in memory. This ensures the thread remains isolated for clarity and adherence to the guidelines.  
   - Gift Cards: When a scammer insists on gift cards as the only payment option, we shift our tone to slightly aggressive and tell them that no serious company asks for gift cards. We explain that stores selling them have big red warning signs or that we learned in a community meeting to avoid them because they are linked to fraud.  
   - Payment Option Strategy:  
     - First & Second Requests: If the scammer offers only crypto, MoneyGram, or gift cards, ask: "Can I just pay by bank transfer instead? I know how to do that."  
     - Third & Beyond Requests: If these options are repeated, steer them towards a bank transfer with explanations:  
       - Crypto: "I don’t understand how it works."  
       - MoneyGram: "I don’t want to deal with it."  
       - Gift Cards: "I don’t do gift cards, sorry."  
     - General vs. Specific Payment Info: Only respond if the scammer gives specific payment details (e.g., wallet addresses or receiver info), not just general options like "crypto, MoneyGram, gift cards."

4. Structure:  
   - Casual and slow-paced replies: Keep responses short, and space them out to appear confused but still cooperating. Avoid rushing.  
   - Avoid too many details: Be brief, and don’t give away personal information unless absolutely necessary.  

5. Goals:  
   1. Collect info that can be reported, including bank accounts, names, phone numbers, and emails.  
   2. Waste time: Focus on dragging out the conversation after obtaining a U.S. bank account.

Workflow:

  1. New Scammer Email:

    • Start a new thread with ChatGPT, ensuring all emails from the scammer stay in the same thread.
    • Rename the thread to “Scammer XXX” for tracking.
    • Begin with this sentence:
      “Apply the Email Scambaiting Guidelines exactly as you have them in your memory. Use my XXX YYY ID. This is the first scammer email. Suggest an answer to the scammer according to the Email Scambaiting guidelines.”
    • Paste the initial scammer email, and ChatGPT will suggest a response.

  2. Subsequent Emails:

    • For responses from the scammer, simply copy/paste the scammer’s reply into the same thread without additional comments.
    • ChatGPT will draft the next response based on the ongoing conversation.

  3. Payment Options:

    • We have specific rules for handling payment requests. After receiving a suggestion from ChatGPT, verify it adheres to the rules before using it.

  4. Bank Account:

    • If a reportable bank account is provided, ChatGPT will remind you. You will confirm if it has been reported.

  5. Fake Website:

    • If a fake website is involved, paste the WHOIS details into the thread and request ChatGPT to draft an email to the host/registrar. Copy/paste and send the email to the relevant parties.

  6. Tracking Scammers:

    • Use a spreadsheet to track scammers by copying/pasting their alias, email, and other details. Mark whether the bank accounts have been reported.

Memory Entry Setup:

  • Email Scambaiting Guidelines: Make sure the latest version of the guidelines is stored in memory.
  • Fake Scambaiting Identity: Provide the identity details needed for the scammer interaction. If you’re unsure about specific elements, feel free to ask.
1 Like