Editor’s note: This is the Part I of a two-part blog post. The image above is from the 2024 theatrical release poster (Amazon MGM Studios).

Take your seats; the show is about to begin.

I had been aware of the film The Beekeeper since the trailer came out last year. I looked forward to its release, in no small part due to my chosen profession and this movie’s central premise: action hero avenges scam-victim.

Jason Statham films have always been a guilty pleasure of mine, and this one didn’t disappoint. Director David Ayer exhibits his typical meticulous attention to detail, accurately depicting the actual scam as well as the structure of the underlying criminal organization behind it (which I’ll break down more from a fraud-fighter’s perspective in my next post, Act II: The Criminal Organization.

There were a few clever plot twists that subverted the expected tropes which served to lift it up from a lot of recent action films. Even more to my liking was an underlying moral message more reminiscent of the action films I grew up with from the ’80s and ’90s!

It’s not every day we get to see our fraud-fighting passion on the big screen. And we rarely get the satisfaction of seeing the bad guys get what they deserve. So let’s take a closer look at an (increasingly) all-too-common story.

Act I: The Scam and Victim

The core premise of the film is that a maternal figure to Jason Statham’s character, Adam Clay, gets defrauded by a voice scam, causing her to take her own life. This tragedy triggers a focused rampage against the bad guys, as Clay/Statham fights his way through the various layers of the criminal organization behind the scam, tracing it all the way back to its source.

I won’t spoil the ending, but before seeing it, you probably already know Clay/Statham will get the ultimate payback.

So, let’s look at the scam in this film through the eyes of a fraud-fighter: How accurate is it and what’s been exaggerated for on-screen drama?

An older lady is using her laptop for some digital banking. A pop-up appears on her screen and warns that her hard drive is infected with a Trojan, and gives a number to call for support. – Entirely plausible. A common start of a tech-support scam.

The victim then calls the listed number. A call center rep answers, telling the victim they offer support on the antivirus software installed on her laptop in the factory. The representative says she’s using an older version of the software and needs to uninstall it and then reinstall a new version to fix the problem. – Also very realistic. Microsoft was impersonated in this manner for a long time before taking legal action.

The scammer recommends the victim talk to a local IT specialist to replace her hard drive but also mentions the risk of losing all her data. – Again, entirely plausible. Scammers use scripts with layers of social engineering cues to influence victim behavior and create a sense of urgency. For non-technical older victims, the fear of losing old pictures and other digital mementos can convince them to do the scammer’s bidding.

The scammer then offers to fix the victim’s computer himself, saying he needs to take control of the laptop remotely, directing her to a website with a presumably legitimate package to install that will give the scammer access to her device. – Again, quite possible. Remote Access Tools (RATs) such as this are often used to abuse legitimate software applications.

Once the scammer gains remote access, the screen goes a bit crazy as he scrolls through open applications before landing on the victim’s online banking page. The scammer sticks to a script, telling the victim everything happening is normal and not to touch her keyboard. – Entirely plausible. Victims are often told to get a drink or count the number of times their modem lights flash as scammers look at their accounts.

The scammer then tells the victim he attempted to credit back her subscription fees but accidentally sent her $50,000 instead of $500. The scammer says he’ll lose his job unless the victim can wire this sum back to him. He tells her not call her bank because it’ll take too long. – Plausible, as scammers often exploit the human need to help, although we don’t often see balance modification used in these types of tech-support scams.

The victim – fearing she might lose pictures and other digital mementos on her hard drive – is then socially engineered to return the supposed overpayment. To do so, she enters a payment authentication passcode, giving the attacker full control over her online banking. He then empties all her accounts. – Entirely plausible. Even if she were using strong authentication, the scammer could either ask for it or create a payment in the background the victim authorizes. This shows how difficult it can be for financial institutions to differentiate between unauthorized fraud (where the scammer enters the payment) and authorized fraud (where the victim does). Unless banks are using sophisticated client-side behavior-monitoring, there simply aren’t enough data points to distinguish between the two.

The scammer hangs up, leaving the victim with a blank screen. After a time, the victim’s online banking page reappears, showing all her money is gone. Her smartphone then lights up with a series of alerts from her bank. – Entirely plausible. Scammers use the blank screen function of some RATs to delay the arrival of SMS alerts from the victim’s bank warning of suspicious activity.

Overall, the scam portrayed in The Beekeeper is very realistic. Real-life bad actors pull off tech-support scams like these multiple times every hour all around the world. The writers and directors of this film didn’t leave out any steps and incorporated little nuances, sure to make fraud-fighters like me nod in appreciation.

The only slight fudge on the part of the filmmakers is the movie’s failure to specify whether this was an authorized or unauthorized fraud. Although the attackers use a RAT, it is not clear whether they make the payment themselves (via the fraudster at the keyboard off-screen) or whether they guide the victim to make the payment (they get her to return some money to their account, but in the background we see all funds are transferred).

This is significant because in a lot of countries (particularly EU ones) the victim would be refunded were this an unauthorized scam covered under local legislation. Even the legal argument (that the victim is grossly negligent in giving her password away) to avoid reimbursement would normally not be applied here, as she would be seen as vulnerable on account of her age. Unfortunately, this reimbursement regime does not yet apply in the USA (where the movie takes place) and refunds there are at the discretion of the bank.

Thankfully, more and more banks around the world are investing in state-of-the-art scam-detection via behavior to detect both types of fraud more successfully, alongside other monitoring. The use of a RAT circumvents traditional device-profiling, but behavior can spot the use of RAT tools, detecting anomalies in both the session behavior and user behavior. A fraudster might be younger, with better hand-eye-coordination, or the victim might show signs of acting under the direction of someone on the phone.

Last year, BioCatch produced a powerful short video around these tech-support scams, illustrating how we can detect them. We call it the Human Side of Fraud – Loneliness, and it, thankfully, has the happy ending we fraud fighters want to see more often..

One last piece of trivia: The actress who plays the scam victim in the film, Phylicia Rashad, agreed to play this role because her real-life mother fell victim to a tech-support scam, which her bank stopped successfully. In real life, scams are still under-reported (especially in parts of the world where there are no refunds and falling for a scam comes with some social stigma), with only 40% being flagged to banks or authorities. Organizations such as the Global Anti Scam Alliance are doing their bit to look at the end-to-end scam chain, and we are proud to be working with them.

Stay tuned for the second act of this review, which examines the criminal organization depicted in the film.

Recent Posts