|
Be careful... I heard that it might be harmful to your health...
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
I'd upvote this as "insightful" if I could.
|
|
|
|
|
"A little time, a little trouble, your better day"
Badfinger
|
|
|
|
|
Amazingly clever example of spear-phishing received this morning:
Quote: From: {Not my boss's name} <radom-gmail-address>
Subject: Richard
Hello Richard
Are you in the office this morning? Keep me posted if you're available. I need you to carry out a quick task for me. Kindly re-confirm your WhatsApp number here for briefing details.
Kind Regards,
{My boss's name}
Sent from my iPad.
Not even the slightest attempt to disguise that it wasn't sent by my boss.
I'm almost tempted to reply and give him the "action fraud" number to contact.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
An employee of mine got an email like this recently, except it seemed to have been send by me.
Of course he knew something was up because I call and send him messages all the time.
Plus I don't talk that formal
|
|
|
|
|
Aside from all the other clues, I live over 300 miles away from "the office". The chances of my boss randomly asking if I'm in the office today are slim to sweet-FA.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
But are you in the office today?
|
|
|
|
|
We're inundated constantly. Anyone in our org with social media/linkedin presence associated to the company.
They'll get bogus emails and SMS which are all akin to this but generally much better quality so far as obvious legitimacy goes. You can even tell they're deducing corporate structure and walking org charts with social manipulation trying to find folks to spear with juicy login creds.
I get why they would see us as juicy, but I think they overestimate our value as a target. I doubt they'd ever get near the bits that actually transfer money even if they managed to spear the best someone because nobody at all can just "do" that outside the context of a constrained checks/balances system.
As an internal party with 'secret knowledge' if I were going to flip to the dark side my first step would be getting a new job where acting in greed and recklessness would pay easier/better to be worth it.
|
|
|
|
|
To paraphrase:
- All that is necessary for the triumph of Evil is for good people to be careless.
- Eternal vigilance is the price of security.
- An oblivious man and his account are soon parted.
Freedom is the freedom to say that two plus two make four. If that is granted, all else follows.
-- 6079 Smith W.
|
|
|
|
|
I'm there for the last few months...
"If builders built buildings the way programmers wrote programs, then the first woodpecker that came along would destroy civilization." ― Gerald Weinberg
|
|
|
|
|
A company I was a body-rent consultant for (I know it's a mouthful but I don't want to be associated with them if I can avoid it) wired 5 million euros to a scammer falling to a similar trick.
The irony? My current company had the same trick described in detail in their mandatory security training I had to attend during my first week as employee
GCS/GE d--(d) s-/+ a C+++ U+++ P-- L+@ E-- W+++ N+ o+ K- w+++ O? M-- V? PS+ PE Y+ PGP t+ 5? X R+++ tv-- b+(+++) DI+++ D++ G e++ h--- r+++ y+++* Weapons extension: ma- k++ F+2 X
The shortest horror story: On Error Resume Next
|
|
|
|
|
Boss: Are you in the office this morning?
Me: I am standing right in front of you, at this present moment. Don't you recognize me? I am wearing a striped shirt.
|
|
|
|
|
Amarnath S wrote: I am wearing a striped shirt.
Are you also wearing a beret, a black eye-mask, and carrying a large sack with the word "SWAG" printed on it?
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Surprisingly, it may be deliberate: a lot of phishing stuff is designed so that only really quite dumb people will fall for it - thus weeding out the ones who will stop before their money / account info is available to the scammer.
This leaves them with a smaller pool, stocked with fish that are a better target - less wasted time on people who will spot the scam.
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
modified 10-Apr-24 10:22am.
|
|
|
|
|
It does remind me of The Simpsons somewhat:
Quote: Homer: Hello. My name is Mr. Burns. I believe you have a letter for me.
Postal worker: Okay, Mr. Burns. What's your first name?
Homer: ... I don't know.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
The ones I get are invoices demanding payment, as if I would ever pay for a corporate license for Norton something or other.
Charlie Gilley
“They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
Has never been more appropriate.
|
|
|
|
|
Years ago I got an invoice from a third party "yellow pages" company saying they were going to send my company to collections if we didn't pay. Yep, I worked for a collection agency at the time and called them and told them that they needed to provide the written, signed contract for inclusion in their directory. Never heard from them again.
|
|
|
|
|
You should mess with him and say you're outside on WhatsApp and waiting for him, and ask for his WhatsApp again.
Jeremy Falcon
|
|
|
|
|
|
I just watched Netflix's Memes to Mayhem documentary.
If I were more prolific and influential I feel like it could be a very good thing if one could corral a swath of that bunch into a new digital Civilian Conservation Corps focused on thwarting of cyberwarfare, cyberterrorism, and cybertheft.
We created a Space Force. Maybe that's needed too, but I feel like more pressing and immediate national security ROI lay in Cyber Forces. Maybe something like bounty programs, idk how you make it work.
|
|
|
|
|
jochance wrote: cyberwarfare, cyberterrorism, and cybertheft.
AFAIK, the USA has agencies (at least at the Federal level) to deal with the first two. These are external security issues, and are definitely in the remit of the Federal government.
The problem with cybertheft is that the crime is local, but the perpetrators are (mostly) in another state or out of the USA. The state (Federal) authorities have no jurisdiction for the investigation, and in most cases, the Federal government won't even bother requesting extradition for theft, even if an extradition treaty exists.
A serious revision of Federal (international) law would be required for this to work.
Freedom is the freedom to say that two plus two make four. If that is granted, all else follows.
-- 6079 Smith W.
|
|
|
|
|
I don't really care if we catch the predators. You don't have to catch them to thwart them heavily.
I just want an army of white hats who are guardians of the internet.
They can patrol around and/or work kanban-like queues of 'leads' to digitally wreck the traffic and actions of frauding, thieving, scamming miscreants, both foreign and domestic.
If I got to make it a federal agency they'd have divisions to provide heavily subsidized security training/implementation services to private industry and even code review/secure-code training.
Maybe even rotating agents on standby who would focus on "hot spots" when certain entities saw spikes in attacks. I'd guess some such folks already exist as part of something like an FBI cybercrimes division rn.
I think we're at a point where becoming much more proactive in posture and straight up 'hacking back' is not the worst of ideas.
There are some AI tools springing up. If one of those gets good enough, you could retain privacy and also have intelligent monitoring of what's going on. It's within the realm of bayesian filtering to spot much of the scam messages/mails... It's definitely within the realm of something LLM can probably nail.
Then it just becomes the same arms race we have with computer viruses/signatures. Once your scam is tokenized to the LLM, you can hang it up, gonna need a new one.
We should be openly cyber-attacking some of these scam shops out of India/Africa/Eastern Europe.
If we can justify drone missile striking terrorists with the collateral consequence of that, then it's more than fine to ddos, hack, and even destroy the machines of fraudsters which has near 0 collateral damage to it.
modified 10-Apr-24 12:14pm.
|
|
|
|
|
They're not even trying anymore.
|
|
|
|
|
I used to think the scammers were just not very bright. It was explained to me that many scams are deliberately crafted to be easy to see through.
The reason being is they take a shotgun approach to finding marks. They don't want people that are particularly astute - they want the idiots. That's the key. So they craft the scams so that only idiots will fall for it, that way they've pre-narrowed their pool to the easiest marks.
It's actually sort of clever.
Check out my IoT graphics library here:
https://honeythecodewitch.com/gfx
And my IoT UI/User Experience library here:
https://honeythecodewitch.com/uix
|
|
|
|
|
I wouldn't be surprised to hear that they employ bent pschologists to help devise these scams.
|
|
|
|