LLM-Based Scambaiting System

• Scambaiting systems are cybersecurity frameworks that actively engage scammers using conversational honeypots, automated language models, and HITL controls.
• They employ context-rich prompts and adaptive conversation steering to extract sensitive information, achieving metrics like a 31.74% IDR and a 48.7% takeoff rate.
• Integrating human oversight with LLM automation enhances operational effectiveness, balances risk, and supports actionable threat intelligence sharing with law enforcement.

A scambaiting system is an automated or semi-automated cybersecurity framework designed to actively engage online fraudsters—across email, messaging, SMS, support scams, and other attack vectors—for the purpose of wasting attacker resources, luring disclosure of operational details (such as mule accounts), collecting threat intelligence, and protecting real users. These systems employ a combination of LLMing, automated process orchestration, human-in-the-loop (HITL) controls, and adaptive strategies to transform traditional passive detection and blocking approaches into proactive, adversarial countermeasures. Modern scambaiting systems are operationalized through conversational honeypots and real-time engagement modules, often powered by LLMs, and are evaluated using metrics such as information disclosure rates, human acceptance rates, and engagement longevity. Their effective deployment raises technical, ethical, and operational challenges relevant to law enforcement, fraud prevention, and platforms tasked with large-scale scam mitigation (Siadati et al., 10 Sep 2025).

1. Architectural Foundations and Operational Workflow

A contemporary scambaiting system incorporates several interdependent layers to support scalable and robust operations, as demonstrated in the five-month real-world deployment described in (Siadati et al., 10 Sep 2025). The principal components are:

• Conversations Interface: Presents threaded dialogues between scammers and defender agents (impersonated victims), allowing real-time monitoring.
• Prompt Generation and LLM Orchestration: Crafts context-rich, persona-guided prompts for the LLM, dictating the system’s conversational demeanor and baiting strategy (e.g., inquisitive, confused, gullible).
• Message Routing and Gateway: Manages the bidirectional flow of messages via an email gateway, ensuring seamless correspondence while respecting operational security constraints.
• Centralized Messages Database: Archives all exchanges (both inbound and outbound), supporting subsequent analysis and traceability.
• Email Fetcher/Sender Services: Handles the asynchronous delivery and retrieval of messages, with rate-limiting and retry mechanisms for reliable operation.

A distinguishing feature of advanced systems is the inclusion of a human-in-the-loop (HITL) module, which queues LLM-generated message drafts for operator review and optional editing. This hybrid approach simultaneously leverages automation efficiency and human adaptability—balancing risk management, message quality, and operational safety.

The workflow is commonly initiated by seeding engagements: the system sends carefully engineered “opening” messages to known scammer-controlled addresses (using conversational honeypots), then adaptively steers resulting dialogues toward the extraction of high-value disclosures (e.g., bank accounts, crypto wallets).

2. Conversational Honeypots and Engagement Strategies

The scambaiting paradigm’s core innovation lies in its proactive stance. Rather than passively flagging or blocking malicious content, systems like the one in (Siadati et al., 10 Sep 2025) deploy conversational honeypots—decoy messages and synthetic personas—explicitly targeting scammers’ operational infrastructure.

The engagement sequence comprises:

• Opening Message Calibration: The initial outreach, or takeoff phase, is critical for successful engagement. Data from (Siadati et al., 10 Sep 2025) show that shorter, contextually appropriate initial messages (mean ≈225.9 characters) substantially outperform verbose or complex alternatives (mean ≈551.3 characters) in eliciting scammer responses. The takeoff success rate is empirically measured at 48.7%, highlighting that nearly half of seeding attempts result in a two-way dialogue.
• Adaptive Conversation Steering: Subsequent system-generated responses, imbued with human persona features via LLM prompting, evolve based on scammer replies. The objective is to sustain engagement and guide the scammer toward revealing sensitive financial or operational information.
• Disclosure Extraction: The process culminates when the scammer, believing the victim to be genuine, provides actionable intelligence such as account numbers—quantified via the Information Disclosure Rate (IDR).

This approach is further optimized by adjusting message timing, content, and, where permissible, day-of-week targeting, to maximize scammer responsiveness.

3. Evaluation Metrics: Effectiveness, Quality, and Efficiency

Operational success in scambaiting systems is measured through several quantitative and qualitative metrics:

Metric Name	Definition	Reported Value
Information Disclosure Rate (IDR)	$$IDR = (\lvert\text{Successful Engagements}\rvert / \lvert\text{Total Engagements}\rvert)\times100$$	~31.74% (matured)
Human Acceptance Rate (HAR)	$$HAR = (\lvert\text{Unedited Messages}\rvert / \lvert\text{Messages Reviewed}\rvert)\times100$$	~69.02% (HITL)
Engagement Takeoff Rate	$$(\lvert\text{Matured Engagements}\rvert / \lvert\text{Seeded Engagements}\rvert)\times100$$	48.7%

• IDR reflects the proportion of engagements in which the scammer provides explicit, sensitive information (e.g., a mule account or crypto wallet).
• HAR illustrates the operational suitability of LLM outputs, denoting the alignment between automated responses and human operator standards.
• Takeoff Rate exposes the challenge in initiating conversations; failed takeoff often results from improper message structure or timing.

Additional analyses in (Siadati et al., 10 Sep 2025) use message freshness (n-gram novelty), edit distance (Levenshtein metric between LLM output and operator edits), and disclosure speed (mean number of message turns to first disclosure).

4. Human-in-the-Loop Controls and Safety

While LLM-based automation is effective in scaling engagements and maintaining operational continuity, human oversight is required to mitigate risks such as:

• Quality Control: Operators review and approve automated responses, ensuring that the messaging remains plausible, non-escalatory, and within legal/ethical boundaries.
• Adaptability: HITL enables rapid response to new scammer tactics or unforeseen conversational directions.
• Risk Management: By omitting or editing unsound LLM outputs (e.g., proposing inappropriate information or deviating from the desired strategy), operators preempt operational errors.

In the evaluated system, the HITL configuration achieved a higher IDR (~34.01%) compared to the fully automated (LLM-only, ~30.91%), with a HAR near 70%, reflecting strong but not perfect LLM output alignment.

5. Extracting Actionable Intelligence and Infrastructure Disruption

The principal value of scambaiting systems is their ability to generate actionable threat intelligence. By converting scammer engagement into concrete disclosures—such as bank account details, wallet addresses, or payment instructions—these systems contribute directly to infrastructure disruption.

• Operationalization of Findings: Collected intelligence is shared with financial institutions and law enforcement to support takedown and interdiction of mule accounts.
• Ecosystem Impact: By targeting the operational backbone of scams, rather than just surface-level detection, scambaiting systems degrade the viability of scam campaigns.
• Public Trust: Demonstrating the proactive dismantling of scam infrastructure aids in sustaining public confidence in digital platforms and defenses.

6. Challenges, Ethical Considerations, and Future Directions

Deployment and operation of LLM-based scambaiting systems raise several open issues:

• Engagement Takeoff Optimization: The system’s effectiveness is bottlenecked by the initial response rate; refining initial prompts and further personalization are critical research axes.
• Scammer Adaptation: Continued success may drive scammers to adapt conversation patterns or improve their own automation, resulting in a perpetual adversarial cycle.
• Ethical and Legal Compliance: As discussed in (Siadati et al., 10 Sep 2025), adherence to legal constraints (e.g., avoiding entrapment, targeting only known scam addresses) and ethical frameworks (privacy, transparency) is essential.
• Automation-Human Balance: The optimal integration of HITL review versus LLM scalability remains an area requiring ongoing calibration.
• Operational Safety: Systems must be rigorously evaluated for inadvertent faults—such as misclassification, accidental leakage of sensitive data, or excessive operational aggressiveness.

Explicit LaTeX formulations provided include:

• Information Disclosure Rate (IDR): $$IDR = (|Successful Engagements| / |Total Engagements|) \times 100$$
• Human Acceptance Rate (HAR): $$HAR = (|Unedited Messages| / |Messages Reviewed|) \times 100$$
• Information Disclosure Speed (IDS): $$IDS_{turns} = (1/D)\Sigma (\text{Turns until disclosure})_i$$

These metrics enforce rigorous, reproducible benchmarking and drive iterative system improvement.

7. Synthesis and Outlook

The real-world evaluation of a large-scale, LLM-powered scambaiting platform (Siadati et al., 10 Sep 2025) establishes scambaiting as a technically viable and operationally promising strategy for active cyber defense. The empirical evidence of substantial actionable intelligence collection (IDR ≈32%), operational scalability (over 2,600 scammer engagements), and high-quality LLM output (HAR ≈70%) confirms that the approach can meaningfully disrupt scammer infrastructure—particularly when integrated with human review.

The challenges of engagement takeoff, ethical guardrails, and LLM behavioral drift point toward a need for further research into adaptive prompt engineering, automated quality filters, and evolving adversarial modeling. As the threat ecosystem evolves, frameworks that combine conversational honeypots, advanced LLMs, and HITL oversight will increasingly define the frontline of large-scale scam mitigation and threat intelligence.