Hacker targets wrong guy, ends up being joke

Several people have fallen prey to scammers who hack into messaging app Line to get the victim's friends to buy Apple iTunes gift cards for them.

So when Mr Tan Bo Xue got a message from his friend to help her buy the gift cards on Tuesday, he smelled something fishy.

But instead of ignoring the scammer, Mr Tan, 25, an interior designer, trolled the scammer for three hours by responding to him in a number of hilarious ways.

The scammer eventually gave up after being made to look like a fool by Mr Tan.

Mr Tan also became the toast of netizens after his friend uploaded screenshots of his text conversation with the scammer online.

The post on Mr Tan's exploits on citizen journalism website Stomp has attracted as many as 168,000 views since Wednesday.

The original post on Facebook had a total of 2,076 shares and 1,648 likes.

Mr Tan told The New Paper yesterday: "I was just trying to make things interesting for my friend because I hadn't talked to her in a long time. It was also to make fun of the scammers as well - I wasn't trying to exact revenge on the scammers."

He said it all started when he received a text message from his friend, Ms Belle Cheong, via Line on Tuesday requesting his help to buy three iTunes gift cards worth $100 each.


Mr Tan said he has friends whose Line accounts had been hacked into by scammers so he "immediately knew it was a hacker".

His suspicion was confirmed when he called Ms Cheong.

"Belle is a friend I haven't talked to in eight years. So I contacted her to ask if her account had been hacked into, and she said yes," he said.

The scam works like this: The scammer poses as the victim's friend and asks the victim to help him buy iTunes gift cards.

The scammer promises to pay up after the victim sends over a picture of the redemption code on the gift card.

The scammer then uses the code to redeem the amount on the gift card at the iTunes store, leaving the victim out of pocket and stuck with gift cards that are worthless.

Knowing that the scammer was after the redemption codes on the gift cards, Mr Tan took images of iTunes gift cards from Google Images and printed them out to bait the scammer.

For the next three hours, he kept the scammer on edge by teasing him with photos of the card - but with the redemption code obscured in a variety of creative ways.

For example, when the scammer asked Mr Tan to show a "full photo" of the card, he sent a full-length photo of himself holding up the card. When asked for a photo of the "PIN code on the back", Mr Tan sent a photo of himself holding the card on his back.


After three hours, the scammer gave up and texted expletives at Mr Tan.

"I was having a lot of fun and laughing at my own jokes. I did this during work, and my colleagues got curious so I decided to share the fun with them," said Mr Tan, who posted screenshots of the conversation on his Facebook page.

Netizens hailed his stunt as "epic" and called him "troll king" and "master troll". Many also had a good laugh.Mr Tan's friend, Ms Cheong, said she was glad that he had managed to exact some revenge on her behalf.

Her aunt had almost fallen prey to the scam after receiving the scammer's text from her account, she said.

Ms Cheong, 23, a civil servant, told TNP: "Trolling doesn't hurt the scammer, the scammer will just go and scam someone else. I just hope that no one else gets scammed."

The police recently issued a warning about the rise of such cases, with 33 cases reported in September.

For Mr Tan, he is just happy that he did something to help raise awareness of such scams.

He said: "I didn't expect it to go viral. I did it for the sake of having fun and sharing the joy with my friends."

Police: Verify with friend first

The police advise the public to be extra careful in dealings over mobile messaging platforms such as Facebook, WhatsApp, Skype or Line.

1. Never accede to a request to make purchases or assist in a transaction before checking on its authenticity, especially if it sounds suspicious or unusual.

2. Alert the account holder by contacting him directly when you receive messages of such nature.

This will enable you to check if he had indeed sent the messages.

3. Alternatively, questions with answers known only to both parties such as the "name of the school attended together" or "details of mutual friends or family members" can be posed to verify and confirm the identity of the sender.

Users of mobile messaging platforms should also protect their personal information by doing the following:

1. Use strong individualised passwords of more than eight characters that contain numerical figures or capital letters, and change your passwords regularly.

2. Do not disclose your profile identification (ID) details publicly.

4. Install anti-virus software on your mobile devices.

This article was first published on Oct 31, 2014.
Get The New Paper for more stories.