Tech support and IRS scams have become as common as random emails proclaiming that you've won the lottery, or emails from prince in some foreign land who wants to share their wealth.
The IRS scams start with a voice mail threatening a lawsuit or arrest, and the tech support scams will sometimes appear at random online via pop-up ad. One potential victim in both situations used a bit of code to take matters in their own hands.
Project Mayhem (Mayhem) on YouTube doesn't like scammers. In the videos below, the individual behind the account demonstrates their ire with a bit of code.
The first video, posted on June 23, starts with a voice mail that allegedly comes from the IRS. In it, Project Mayhem was told that they're facing a lawsuit due to tax fraud, and law enforcement was going to be involved.
Project Mayhem returned the call and once an "agent" was on the line, they let the scam progress for a little while. Just after the two-minute mark, the security developer started looking for a bit of payback.
"Because they leave voicemails and demand people to call back or be arrested, what if they couldn't receive calls? Better yet, what if they go so many calls, we flooded the scammers preventing any more scams? And recorded everything?" the video asks.
With a bit of code, Project Mayhem wrote a script that will auto-dial the scammers at a rate of 28 calls per-second:
"Hello, it has been detected that you are a scammer. Because of this we are now flooding your phone line to prevent you from scamming additional people. This will not stop, until you stop."
A day later, the auto-dialer script was used again, but this time the message was altered slightly and the scammers in question were pretending to be tech support. Oddly enough, while they scrambled to block the auto-dialer, those answering the phone switched from tech support back to the IRS.
Trolling scammers is how some security professionals amuse themselves in their downtime. However, what Project Mayhem is doing could violate some laws here in the U.S., so it might be wise to avoid conducting a DoS against a call center.