Comment by psygn89
9 hours ago
I remember my JROTC instructor also running into that and how she said afterwards they have a secret phrase between them two as a way of verifying it's truly them.
9 hours ago
I remember my JROTC instructor also running into that and how she said afterwards they have a secret phrase between them two as a way of verifying it's truly them.
It's very, very hard for untrained people to be strict about verifying any secret phrase. The attacker can make all kinds of excuses, while creating urgency, and many people quickly abandon verifying the phrase. A scene in One Battle After Another comes to mind.
Scammers can also trick the victim into reversing the roles and telling password to scammer. Even banks ocassionaly get this wrong. I have had my bank call me and ask me to read numbers from number card. If a trained bank employee following a script designed by (hopefully) an expert cant get it right, the chance of elderly relative spotting mistakes in protocol is close to 0.
The bank is trying to authenticate you, while you're trying to authenticate the bank. The bank calls and tries to authenticate themselves to the callee by saying "is your birthday such and such?", they're risking sharing PII with an unauthorized third-party. The solutions are a non-trivial amount of effort that no one really wants to put up with, unfortunately.
I used to have a residential mortgage with two other people and my name was stuffed into some ancillary field as a co-holder and they refused to give me any information or transact over the phone. I eventually figured out I needed to tell them to look in some extended info field, and the whole endeavor was annoying but ultimately I was appreciative of the strictness (that the entire mortgage data model—at the time (25 years ago), I don't know what it's like today—seems to assume that it will only ever be two people of opposite gender who are married will be on a mortgage was much more disappointing. The other two people were assumed to be married and the woman was seemingly by default listed as the non-primary).
1 reply →
At some point, the scam evolves to a live video of a gagged loved one being tortured. "Stop wasting my time or they lose another finger."
People aren't prepared for this shit.
I know lots of old people who have instant access to quite significant sums of money and many of them just don't need it. I don't need it. I'd be happy to opt-in to, say, a three day wait period on new payment recipients, but my bank doesn't offer that.
1 reply →
Oh, man. That does seem likely. What a world. I wonder if eventually there won’t be a human in the loop, just a model trained to make money with a strategy like that, automatedly selecting victims and a person to be impersonated for each. Pre-render a few videos, place multiple calls in parallel. Basically a turnkey Docker container that takes a bitcoin address as a parameter and fills it with stolen money.
3 replies →
"Are you prepared to bring them down to a total of 11 fingers?!?"