|
We're inundated constantly. Anyone in our org with social media/linkedin presence associated to the company.
They'll get bogus emails and SMS which are all akin to this but generally much better quality so far as obvious legitimacy goes. You can even tell they're deducing corporate structure and walking org charts with social manipulation trying to find folks to spear with juicy login creds.
I get why they would see us as juicy, but I think they overestimate our value as a target. I doubt they'd ever get near the bits that actually transfer money even if they managed to spear the best someone because nobody at all can just "do" that outside the context of a constrained checks/balances system.
As an internal party with 'secret knowledge' if I were going to flip to the dark side my first step would be getting a new job where acting in greed and recklessness would pay easier/better to be worth it.
|
|
|
|
|
To paraphrase:
- All that is necessary for the triumph of Evil is for good people to be careless.
- Eternal vigilance is the price of security.
- An oblivious man and his account are soon parted.
Freedom is the freedom to say that two plus two make four. If that is granted, all else follows.
-- 6079 Smith W.
|
|
|
|
|
I'm there for the last few months...
"If builders built buildings the way programmers wrote programs, then the first woodpecker that came along would destroy civilization." β Gerald Weinberg
|
|
|
|
|
A company I was a body-rent consultant for (I know it's a mouthful but I don't want to be associated with them if I can avoid it) wired 5 million euros to a scammer falling to a similar trick.
The irony? My current company had the same trick described in detail in their mandatory security training I had to attend during my first week as employee
GCS/GE d--(d) s-/+ a C+++ U+++ P-- L+@ E-- W+++ N+ o+ K- w+++ O? M-- V? PS+ PE Y+ PGP t+ 5? X R+++ tv-- b+(+++) DI+++ D++ G e++ h--- r+++ y+++* Weapons extension: ma- k++ F+2 X
The shortest horror story: On Error Resume Next
|
|
|
|
|
Boss: Are you in the office this morning?
Me: I am standing right in front of you, at this present moment. Don't you recognize me? I am wearing a striped shirt.
|
|
|
|
|
Amarnath S wrote: I am wearing a striped shirt.
Are you also wearing a beret, a black eye-mask, and carrying a large sack with the word "SWAG" printed on it?
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Surprisingly, it may be deliberate: a lot of phishing stuff is designed so that only really quite dumb people will fall for it - thus weeding out the ones who will stop before their money / account info is available to the scammer.
This leaves them with a smaller pool, stocked with fish that are a better target - less wasted time on people who will spot the scam.
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
modified 10-Apr-24 10:22am.
|
|
|
|
|
It does remind me of The Simpsons somewhat:
Quote: Homer: Hello. My name is Mr. Burns. I believe you have a letter for me.
Postal worker: Okay, Mr. Burns. What's your first name?
Homer: ... I don't know.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
The ones I get are invoices demanding payment, as if I would ever pay for a corporate license for Norton something or other.
Charlie Gilley
βThey who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.β BF, 1759
Has never been more appropriate.
|
|
|
|
|
Years ago I got an invoice from a third party "yellow pages" company saying they were going to send my company to collections if we didn't pay. Yep, I worked for a collection agency at the time and called them and told them that they needed to provide the written, signed contract for inclusion in their directory. Never heard from them again.
|
|
|
|
|
You should mess with him and say you're outside on WhatsApp and waiting for him, and ask for his WhatsApp again.
Jeremy Falcon
|
|
|
|
|
|
I just watched Netflix's Memes to Mayhem documentary.
If I were more prolific and influential I feel like it could be a very good thing if one could corral a swath of that bunch into a new digital Civilian Conservation Corps focused on thwarting of cyberwarfare, cyberterrorism, and cybertheft.
We created a Space Force. Maybe that's needed too, but I feel like more pressing and immediate national security ROI lay in Cyber Forces. Maybe something like bounty programs, idk how you make it work.
|
|
|
|
|
jochance wrote: cyberwarfare, cyberterrorism, and cybertheft.
AFAIK, the USA has agencies (at least at the Federal level) to deal with the first two. These are external security issues, and are definitely in the remit of the Federal government.
The problem with cybertheft is that the crime is local, but the perpetrators are (mostly) in another state or out of the USA. The state (Federal) authorities have no jurisdiction for the investigation, and in most cases, the Federal government won't even bother requesting extradition for theft, even if an extradition treaty exists.
A serious revision of Federal (international) law would be required for this to work.
Freedom is the freedom to say that two plus two make four. If that is granted, all else follows.
-- 6079 Smith W.
|
|
|
|
|
I don't really care if we catch the predators. You don't have to catch them to thwart them heavily.
I just want an army of white hats who are guardians of the internet.
They can patrol around and/or work kanban-like queues of 'leads' to digitally wreck the traffic and actions of frauding, thieving, scamming miscreants, both foreign and domestic.
If I got to make it a federal agency they'd have divisions to provide heavily subsidized security training/implementation services to private industry and even code review/secure-code training.
Maybe even rotating agents on standby who would focus on "hot spots" when certain entities saw spikes in attacks. I'd guess some such folks already exist as part of something like an FBI cybercrimes division rn.
I think we're at a point where becoming much more proactive in posture and straight up 'hacking back' is not the worst of ideas.
There are some AI tools springing up. If one of those gets good enough, you could retain privacy and also have intelligent monitoring of what's going on. It's within the realm of bayesian filtering to spot much of the scam messages/mails... It's definitely within the realm of something LLM can probably nail.
Then it just becomes the same arms race we have with computer viruses/signatures. Once your scam is tokenized to the LLM, you can hang it up, gonna need a new one.
We should be openly cyber-attacking some of these scam shops out of India/Africa/Eastern Europe.
If we can justify drone missile striking terrorists with the collateral consequence of that, then it's more than fine to ddos, hack, and even destroy the machines of fraudsters which has near 0 collateral damage to it.
modified 10-Apr-24 12:14pm.
|
|
|
|
|
They're not even trying anymore.
|
|
|
|
|
I used to think the scammers were just not very bright. It was explained to me that many scams are deliberately crafted to be easy to see through.
The reason being is they take a shotgun approach to finding marks. They don't want people that are particularly astute - they want the idiots. That's the key. So they craft the scams so that only idiots will fall for it, that way they've pre-narrowed their pool to the easiest marks.
It's actually sort of clever.
Check out my IoT graphics library here:
https://honeythecodewitch.com/gfx
And my IoT UI/User Experience library here:
https://honeythecodewitch.com/uix
|
|
|
|
|
I wouldn't be surprised to hear that they employ bent pschologists to help devise these scams.
|
|
|
|
|
Every couple of months my company sends out a phishing email to a good chunk of the employees. If you click the link/download the file then you have to go through security training. If you have enough failures then you get a "black mark" on your record. After a few weeks go by, they send a follow-up email explaining how you can tell it's a phishing email (with a generic "good job - you spotting the phishing attempt" or "you failed" message).
Bond
Keep all things as simple as possible, but no simpler. -said someone, somewhere
|
|
|
|
|
The thing with these is that they are an attempt to have marks self-select. If a person is gullible enough to fall for an obviously stupid message, then that person is likely a good target to be fleeced.
Actually, just what honey said.
|
|
|
|
|
I recently had an unexpected phone call, heavy Indian accent on the other end, explaining that they are handling a PPI claim that I had allegedly made back in 2016 (and it's taken this long to get around to it??). Gave me a customer ID and a claim reference number, asked me to confirm the home address that she read out, (which I did because I now live over 100 miles away). So far so unconvincing...
Here's the odd part. Then she asked me to read out the caller phone number as it appeared on my screen. π€ I did so, but naturally it turned out to be a small website company in the West Midlands, unlikely to be anything to do with 8 year old PPI claims.
No idea why she was so insistent that I tell her what number she was allegedly calling from. Has anyone else experienced this?
|
|
|
|
|
The "obviousness" is a feature, not a bug. Anyone that is paying attention enough to notice the scam is likely to be harder to con in the next step. They're phishing for someone oblivious, who is less likely to question when they are next asked to go buy a bunch of Apple gift cards with the company credit card and email all the codes.
Fool me once, shame on you.
Fool me twice, prepare to die.
--Klingon proverb
|
|
|
|
|
Whenever I receive a live robo-call I have always wanted to answer... "You have contacted the Special Intelligence Network. This agent #00329017, please provide me with your agent authorization code..."
Steve Naidamast
Sr. Software Engineer
Black Falcon Software, Inc.
blackfalconsoftware@outlook.com
|
|
|
|
|
"Meteopolitan Police, Special Branch. This call is being traced for security purposes. How can we help you today?"
usually terminates the call quite quickly, I find.
|
|
|
|
|
Wordle 1,026 4/6
β¬π©β¬β¬β¬
β¬π©β¬β¬π¨
β¬π©π©π©π©
π©π©π©π©π©
|
|
|
|