HackerTrans
TopNewTrendsCommentsPastAskShowJobs

I Got Scammed(pluralistic.net)

56 points·by ColinWright·2 ปีที่แล้ว·12 comments
pluralistic.net
I Got Scammed

https://pluralistic.net/2024/02/05/cyber-dunning-kruger/#swiss-cheese-security

12 comments

Joking_Phantom·2 ปีที่แล้ว
Fraud sucks and is ever evolving. Everyone gets hit in increasingly elaborate scams, and companies with degrading services makes it easier.

Some things I'm surprised weren't in the article, given that the author describes extensive background in security:

1. Suspiciously well timed fraud attempts happen when you are vulnerable, because the attacker is tipped off. Travelling and visiting unfamiliar locations raises a lot of smoke, information wise. Relying on secrets doesn't work, because information is leaked in an uncountable number of ways. You should no longer be thinking "did my card number, phone number, PID, or other secret get stolen?" It should instead be "given that my info was stolen, did anything bad happen and who do I need to securely talk to?"

2. Always blow off incoming calls, you can always get a callback or fix later, and check email, text, or other comms to see if something important is going on. Saying anything is information. As little as a few seconds of your voice being recorded can be used to generate a usable AI voice clone, and at worse it only takes a few minutes. The act of answering a phone call is information, confirming that your phone number is active and belongs to you.

Ironically, the reliance on a local CU also seems to be a miss. IME, big evil banks are more reliable in this area. They get scammed way more often, and as a result are much more resistant to these attacks via pure attrition.
kwar13·2 ปีที่แล้ว
Never EVER respond to anyone calling you. If they claim to be from your bank, say you will call them back and dial the numbers on the back of your card.

Never respond to anyone calling you if you do not know them personally.
irongeek·2 ปีที่แล้ว
Yep, why would an expert, writing a book on fraud give a caller any information?
JoeAltmaier·2 ปีที่แล้ว
Why would a car mechanic ever get in an accident? Why would a doctor get sick?

Likely the expert was manipulated by the caller, lulled by the caller pushing all the right buttons, until they said or did something they shouldn't.

Like all the rest of us.
hrunt·2 ปีที่แล้ว
These make analogies make no sense. The author is a self-described expert in fraud and security. It's totally reasonable to ask why he didn't use base-standard advice like, "Don't accept incoming calls," and "Don't give an incoming caller information about your card." This is basic security stuff we tell our parents and grandparents.

The analogy is more like, "Why would a car mechanic put a part in his car that he didn't choose himself?" or "Why would a doctor take pills some rando on the street gave him?" Most people would look at that car mechanic or doctor and think, "How good a mechanic or doctor are you?"

Yes, the expert was "manipulated", but only in the sense that when his "CU" called him, he didn't heed the initial advice experts give everyone -- hang up and call the number of the CU directly.

That said, I'm not piling on him. His article provides a great lesson about how easy it is to ignore one's own advice and knowledge and what the consequences can be. In this case, he /knew/ the right thing to do, but he also knew so much about how the systems worked that he ignored the base knowledge because he thought he "knew" what was happening. In a way, he manipulated himself.
infotapeworm·2 ปีที่แล้ว
If you read the story, he was caught off guard. The fraudster dropped information on him while vulnerable, perhaps acting off a tip. They capitalize on lapses of reason and judgement.

I would call myself an expert in scams / cons with online activity, however I myself was recently scammed during the holiday season. Physically rather than digitally though with one of those fake gold cons employing a variety of different tactics. They caught me off guard in a variety of ways by being parked off a rural Country highway early in the morning (6 am). I pulled over to see if they needed any help and the guy instantly approached my car where I was even more flustered. Point is, scams all seem ridiculous after the fact, but these people are not fools when it comes to social engineering, applying pressure, and taking advantage of the holes in the swiss cheese.

Many variables would've had me on high alert in my situation, but even being the "expert" I am, I fell victim. It's always easy to look back after the fact, or even after you have a few seconds to breathe. They play on immediacy / urgency often, and intentionally try to paralyze you in a sense.
jemmyw·2 ปีที่แล้ว
I got one of those calls the other week and as I was in another city and trying to use my card to buy car insurance I nearly believed it was genuine. Then I said "what visa debit card?" when I meant which, and they hung up
oarla·2 ปีที่แล้ว
As a rule, I always call the bank's fraud department, even if they call me first(hang up and call the number on the back of the card). This has a much lower chance of me being scammed.
lapcat·2 ปีที่แล้ว
Dupe: https://news.ycombinator.com/item?id=39261875
gofreddygo·2 ปีที่แล้ว


  He hadn't asked for the last four digits. He'd asked for the last seven digits. At the time, I'd found that very frustrating, but now – "The first nine digits are the same for every card you issue, right?" I asked the VP.
WTF!
SebFender·2 ปีที่แล้ว
#1 rule - Never pickup a call, email or text from someone you don't know. Check later in a calm and collected environment and manage - Nothing significant will happen if you don't. Bank calls? Contact your bank using a known source - Very simple steps to take but very powerful.
ChrisArchitect·2 ปีที่แล้ว
[dupe] yep, Cory's weird permalink scheme messes this up every time.

Discussion here: https://news.ycombinator.com/item?id=39261875