Scammers got me good late last year. I usually don't pick up a call from a number I don't know. And I didn't the first time. But they called right back and I have young kids so I wanted to make sure someone didn't need me. They posed as my bank saying there was a fraudulent charge on my account. I was driving to get my kids from daycare so I couldn't check my account myself to see what the charge was.
So how they got me was they knew the exact process that the bank uses when you actually have a fraudulent charge, or close enough to where I didn't question it. And I also didn't question it because I had an actual fraudulent charge fairly recently before that. So I thought it just happened again. Went through the process of giving them access to my account and they transferred as much as they could out. I didn't even realize it until a few days later when I couldn't log into my account and the new debit card hadn't show up. Even took the actual bank several minutes of talking with me to figure out it was a scam. Definitely embarrassing and a pain in the ass to deal with the fallout.
So, so, so many scams. Often people fall for them out of fear and uncertainty. This, despite how widely and frequently common and new scans are publicized.
Best course of action: if it's real, you'll be able to validate it yourself through legitimate sources. Meaning, hang up or delete immediately, even if it's a family member claiming to have lost their phone or have a gun to their head. As for anyone over paying you - that never happens in real life, never! 😂
A few times I've had my alleged bank call or SMS to say that they're about to transfer thousands of dollars from my account, unless I tell them otherwise. I've even been aggressively lectured by phone, allegedly a fraud and security team, demanding that I take them seriously, that the situation is urgent, and they're about to approve the transfer. I laugh, and tell them to go for it. 😁
It's awful that people are having their lives ruined with this new form of robbery.
At least old fashioned robbery had a chance of being prosecuted.
Exactly. As a rule of thumb, never follow a link provided by the person alerting you to fraudulent activity. I got it text message from my bank that a large amount of money had recently been transferred out of my account and I needed to contact them before they would allow any other transactions to happen. Fortunately in this case I had just Paid $800 for a room in New York for four nights so I knew what they were referring to. And was rather glad they put a hold on my account until I lifted it. But if I hadn't just made that purchase, I would have logged into my Bank account and used the number provided after my login.
Agree that people should never follow links, not in an email, not in an SMS. This is sound generic advice to avoid scams that you'd hope everyone would follow.
Banks and credit card providers do often send an SMS if they suspect fraud activity, and tell the customer to call them. Again, you'd hope that most people would look up the legitimate number to call. Other messages might require a yes or no response. Nothing else. In the example you used, my bank would have sent an SMS for me to confirm with yeah or ney in response. They would block a transaction if I responded with a no.
Plus, always check your account when some an odd communication has occurred, just for peace of mind.
"Banks and credit card providers do often send an SMS if they suspect fraud activity, and tell the customer to call them. Again, you'd hope that most people would look up the legitimate number to call"
the best thing for banks to do when they send those alerts is to explicitly NOT provide a link in the text...just a message that says...contact your bank immediately for details. That way, a bank could tell customers. "No message coming from us will include an imbedded link. If you see a link in a message that appears to come from us, it is NOT from us"
Exactly, and in Australia at least, they don't include a link to a number if it's legitimate.
Good point about making it a requirement to add a disclaimer about links. This would help a lot of people.
Our financial institutions and other entries regularly send emails reminding people of this very thing, and the many ways in which they will NOT interact with customers.
Scams are more prolific than these security reminders. People still haven't adjusted their risk thinking to the world they live in.
Often an uptick in messaging is prompted by a major data breach in some other organization. Lots of companies pop their heads up to remind customers to be careful out there.
If this helps anyone AARP has a US scam tracking map and people will write in anonymously about their scam so you know what to look for. I use the Robo Killer app for my phone (I’m not a paid shill, just a happy two year customer who’s sick of this shite). As for emails, I sometimes get phishing ones for banks I don’t even have an account with so easy enough to block.
Thank you for sharing this. It’s much harder to guard against a threat you don’t know exists- and I can see that this might actually work on me as I’ve accidentally signed up for subscriptions I had to later cancel. The scammers are getting better, and apparently AI is supposed to make them even more effective.
On a personal level this is another thing I have to watch out for- I’m much more concerned about vulnerable people who can’t so easily recover from a financial hit.
I fell for a scam selling chairs that don't exist. The price was ridiculous so I should have known, but what I didn't know was that the chairs had been created by AI drawing prompts (because I don't hang use any of those services I wasn't already familiar the images). It was set up to look like you were buying from QVC which was effective because while I'd never ordered anything from them I HAD heard of them. I figured I'd get a toy chair or something. Then I did a search on the chairs and felt like an idiot. And called the bank. But if you'd seen these cat chairs you'd want them to be real too. Just Google midjourney cat chairs and you'll see how ridiculous I am.
Great post, Noah. I JUST got scammed out of a few bucks by someone with a too-good-to-be-true-but-I-somehow-believed-it Facebook market place piece of furniture. It was a brazen thing and I reported it to Meta but of course the profile that posted it (that I thought looked cagey but I really wanted that damn couch for that low amount of $$ by golly) is now into the ether. I had to satisfy myself by looking into the ring camera at the house in the fairly decent neighborhood where I was sent to view it after giving them a "deposit to hold it because a lot of people are interested but I'll hold it for you lol," and saying "I hope you needed my $50 for pet food, or diapers, or formula, you assholes."
Right? Like ther s gotta be structural changes we can make to alleviate this sort of thing... I mean the ultimate kill switch for scammers is to move away from money entirely, but that's not gonna happen soon.
I think the email scam is becoming the more challenging. We've come to challenge the phone number we don't recognize. It''s much more difficult when it comes to challenging. And I received an email recently that said my internet was being cut off even if I didn't six months in advance. My wife frantically calls and says okay we'll get the money, and I yell from across the room, "Oh no we won't. Cancel the internet." My wife panicking and finally be able to prevent her from giving her bank acct. She runs in to tell the young man staying with us I had just cancelled the internet. Finally getting her to call spectrum and calming down only when they tell her they never charge a six month payment in the middle of a contract (or any time).
But like Mr. Berlatsky, I have been scammed. What we need is peer-to-peer computers and eliminate the opportunity for emails such as these. (And also eliminate the need for internet companies and internet bills.) It's not imposiible. Most major universities and I imagine most large businesses (including microsoft that I once contracted to work with, use peer to peer connections.
Scammers got me good late last year. I usually don't pick up a call from a number I don't know. And I didn't the first time. But they called right back and I have young kids so I wanted to make sure someone didn't need me. They posed as my bank saying there was a fraudulent charge on my account. I was driving to get my kids from daycare so I couldn't check my account myself to see what the charge was.
So how they got me was they knew the exact process that the bank uses when you actually have a fraudulent charge, or close enough to where I didn't question it. And I also didn't question it because I had an actual fraudulent charge fairly recently before that. So I thought it just happened again. Went through the process of giving them access to my account and they transferred as much as they could out. I didn't even realize it until a few days later when I couldn't log into my account and the new debit card hadn't show up. Even took the actual bank several minutes of talking with me to figure out it was a scam. Definitely embarrassing and a pain in the ass to deal with the fallout.
So, so, so many scams. Often people fall for them out of fear and uncertainty. This, despite how widely and frequently common and new scans are publicized.
Best course of action: if it's real, you'll be able to validate it yourself through legitimate sources. Meaning, hang up or delete immediately, even if it's a family member claiming to have lost their phone or have a gun to their head. As for anyone over paying you - that never happens in real life, never! 😂
A few times I've had my alleged bank call or SMS to say that they're about to transfer thousands of dollars from my account, unless I tell them otherwise. I've even been aggressively lectured by phone, allegedly a fraud and security team, demanding that I take them seriously, that the situation is urgent, and they're about to approve the transfer. I laugh, and tell them to go for it. 😁
It's awful that people are having their lives ruined with this new form of robbery.
At least old fashioned robbery had a chance of being prosecuted.
Exactly. As a rule of thumb, never follow a link provided by the person alerting you to fraudulent activity. I got it text message from my bank that a large amount of money had recently been transferred out of my account and I needed to contact them before they would allow any other transactions to happen. Fortunately in this case I had just Paid $800 for a room in New York for four nights so I knew what they were referring to. And was rather glad they put a hold on my account until I lifted it. But if I hadn't just made that purchase, I would have logged into my Bank account and used the number provided after my login.
Agree that people should never follow links, not in an email, not in an SMS. This is sound generic advice to avoid scams that you'd hope everyone would follow.
Banks and credit card providers do often send an SMS if they suspect fraud activity, and tell the customer to call them. Again, you'd hope that most people would look up the legitimate number to call. Other messages might require a yes or no response. Nothing else. In the example you used, my bank would have sent an SMS for me to confirm with yeah or ney in response. They would block a transaction if I responded with a no.
Plus, always check your account when some an odd communication has occurred, just for peace of mind.
It's a minefield out there, unfortunately.
"Banks and credit card providers do often send an SMS if they suspect fraud activity, and tell the customer to call them. Again, you'd hope that most people would look up the legitimate number to call"
the best thing for banks to do when they send those alerts is to explicitly NOT provide a link in the text...just a message that says...contact your bank immediately for details. That way, a bank could tell customers. "No message coming from us will include an imbedded link. If you see a link in a message that appears to come from us, it is NOT from us"
Perhaps make it an industry standard.
If there's a link
It's a scam
period
Exactly, and in Australia at least, they don't include a link to a number if it's legitimate.
Good point about making it a requirement to add a disclaimer about links. This would help a lot of people.
Our financial institutions and other entries regularly send emails reminding people of this very thing, and the many ways in which they will NOT interact with customers.
Scams are more prolific than these security reminders. People still haven't adjusted their risk thinking to the world they live in.
interesting! So it's already a thing...wonder what the hold up is doing it here?
It's not mandated, but they do it.
Often an uptick in messaging is prompted by a major data breach in some other organization. Lots of companies pop their heads up to remind customers to be careful out there.
If this helps anyone AARP has a US scam tracking map and people will write in anonymously about their scam so you know what to look for. I use the Robo Killer app for my phone (I’m not a paid shill, just a happy two year customer who’s sick of this shite). As for emails, I sometimes get phishing ones for banks I don’t even have an account with so easy enough to block.
thanks!
Thank you for sharing this. It’s much harder to guard against a threat you don’t know exists- and I can see that this might actually work on me as I’ve accidentally signed up for subscriptions I had to later cancel. The scammers are getting better, and apparently AI is supposed to make them even more effective.
On a personal level this is another thing I have to watch out for- I’m much more concerned about vulnerable people who can’t so easily recover from a financial hit.
I fell for a scam selling chairs that don't exist. The price was ridiculous so I should have known, but what I didn't know was that the chairs had been created by AI drawing prompts (because I don't hang use any of those services I wasn't already familiar the images). It was set up to look like you were buying from QVC which was effective because while I'd never ordered anything from them I HAD heard of them. I figured I'd get a toy chair or something. Then I did a search on the chairs and felt like an idiot. And called the bank. But if you'd seen these cat chairs you'd want them to be real too. Just Google midjourney cat chairs and you'll see how ridiculous I am.
Great post, Noah. I JUST got scammed out of a few bucks by someone with a too-good-to-be-true-but-I-somehow-believed-it Facebook market place piece of furniture. It was a brazen thing and I reported it to Meta but of course the profile that posted it (that I thought looked cagey but I really wanted that damn couch for that low amount of $$ by golly) is now into the ether. I had to satisfy myself by looking into the ring camera at the house in the fairly decent neighborhood where I was sent to view it after giving them a "deposit to hold it because a lot of people are interested but I'll hold it for you lol," and saying "I hope you needed my $50 for pet food, or diapers, or formula, you assholes."
sigh....
I have to wonder if truly nothing can be done about this, or if simply nothing IS being done about it.
Right? Like ther s gotta be structural changes we can make to alleviate this sort of thing... I mean the ultimate kill switch for scammers is to move away from money entirely, but that's not gonna happen soon.
Cory Doctorow had a post last month about how he got scammed; it sounds like the good scammers are hard to spot: https://pluralistic.net/2024/02/05/cyber-dunning-kruger/#swiss-cheese-security
I think the email scam is becoming the more challenging. We've come to challenge the phone number we don't recognize. It''s much more difficult when it comes to challenging. And I received an email recently that said my internet was being cut off even if I didn't six months in advance. My wife frantically calls and says okay we'll get the money, and I yell from across the room, "Oh no we won't. Cancel the internet." My wife panicking and finally be able to prevent her from giving her bank acct. She runs in to tell the young man staying with us I had just cancelled the internet. Finally getting her to call spectrum and calming down only when they tell her they never charge a six month payment in the middle of a contract (or any time).
But like Mr. Berlatsky, I have been scammed. What we need is peer-to-peer computers and eliminate the opportunity for emails such as these. (And also eliminate the need for internet companies and internet bills.) It's not imposiible. Most major universities and I imagine most large businesses (including microsoft that I once contracted to work with, use peer to peer connections.