1) Caller-ID spoofing. It straight out should not be possible to spoof government phone numbers, 911, etc. My Android has "Scam Likely" show up when a scammer calls (I believe this is part of the STIR/SHAKEN protocol), this should be expedited, expanded, and improved upon.
2) Someone should not be able to buy $3000 of Target gift cards without doing a lot of explaining. Personal experience: The grocery store I go to; the registers will straight out refuse to ring up above $500 of gift cards, you have to use the Customer Service desk where their agents grill you (and I do mean grill you, their default mode seems to be "You're being scammed", especially if you're on the phone with someone).
3) If I buy gift cards in New York, there's zero reason someone in Bangalore, India should immediately be able to redeem those gift cards. Perhaps Target could should spend some of their data collection techniques on this instead of trying to figure out if your daughter is pregnant so they can send you maternity coupons.
4) Is there a reason unused gift cards bought within a certain amount of time shouldn't be refundable?
> Someone should not be able to buy $3000 of Target gift cards without doing a lot of explaining
Apparently it was $1k at Target and another $2k at Safeway. This was just under the limit of $1030 per person per store at Target. Perhaps the limit should be lower, or employees should be instructed to be more wary.
I imagine Target doesn't want to be too strict here, both because they don't want to inconvenience customers making legitimate purchases, and because they don't want to give up the revenue derived from scammers defrauding people (not that they would ever admit to the latter).
The OP states they've spent "hours" on the phone with Target, which has already more than obliterated whatever slim profit they made on that $1000 gift card (commissions are around 5%).
On average, using up 10 hours of employee time in a big company paying people to act as support will cost the company 10 hours of pay, plus overhead. It's not frutiful to examine it as 0 0 0 0 0 $30000 0 0 0 0.
I'm familiar with a story of an ecommerce site that offered a discount on digitally delivered gift cards to encourage holiday gifting. But they didn't think to prevent people from buying more gift cards with those gift cards.
Nearly 20 years ago there was a large supermarket in the UK that had two 'points' offers on that intersected on bananas. Cue an enterprising few to buy all the bananas (with banana points), then quickly use all their points on other items.
My school ended up with a heap of free bananas from a parent :D
I have no personal experience but my waiter and restaurant owner friends seem to think that gift cards are also a good way to skim some money from your employer while traveling. Buy some bread and peanut butter at the store, get a gift card and a drink at a restaurant. Or if your per diem is big enough, go all out and get a meal and a gift card.
My company doesn’t require receipts for anything under $50. $25 meal and $25 gift card. Not that I would ever actually do that. Besides the ethical issues, it’s not worth risking my job over piddling amounts like that.
Policies like minimum amount before receipt don't make a whole lot of sense in a lot of cases, since they incentivize unethical people to run up the tab to the minimum as much as possible.
I've worked at both kinds of companies (receipt and reimbursement vs straight per diem based on location) and much preferred the one that handed me my per diem as cash in an envelope before the trip started. Less bookkeeping on the company's end, and if I decide to be frugal on the trip for whatever reason I've just rewarded myself with a small bonus. Seems like everyone's incentives are aligned in that case.
It is sadly too common for people to feel vindicated and/or thrilled anytime they manage to "win" like this, akin to the so-called beggar mentality, where any material gain to oneself regardless of actual need is considered a positive.
These kinds of people like to think of themselves as smart when in reality they are just selfish.
Any action that cannot sustainably be extended to everyone else in the world should be considered suspect as to whether it's actually good.
I caught a guy doing this, probably skimmed $400 a week for years. People do crazy stuff... One group of CEs I knew were renting apartments and AirBnbing themselves.
I don't see renting and AirBnB'ing as completely unethical. The difference in lodging costs theoretically form the cost of providing liquidity free from rent agreements.
It becomes really unethical when the drafter of these policies also benefit from it.
Many companies will deduct money from gift cards at regular intervals if they aren't used for some arbitrary period, so it can be worse than 0 interest even if the card is used by the recipient.
I think they are brilliant, it saves me the trouble of thinking what to get and you also avoid getting the same gift which the other person already has.
With a gift card the recipient can get what they want.
Steve Wozniak of Apple fame used to get sheets of $2 bills turned into pads with perforations so he could tear off the bills to use for transactions (or just spend a whole uncut sheet). Fun gag.
A bit off topic, but what’s her source for Eisenhower dollars? I discovered them by chance at a bank one day but haven’t been able to find them at another bank since, while $2 bills are in stock pretty regularly.
She is a money nerd and casual collector. Working as a teller in college, she was fascinated by unusual currency and bonds, etc. (As late as 1999 she would get old folks turning in WW2 era victory stamps/bond.)
Basically, when we go somewhere new, we look for bank branches or sometimes supermarkets that cater to old people and ask for weird coins. Depending on the bank, tellers sometimes end up carrying these in their drawers for weeks and are happy to unload them. Locally, they know her and sometimes save coins. You develop a sense for banks that are more productive for this -- a more modern bank have staff who don't know what nickels are! :)
Sometimes you get lucky. A few years ago, my wife and my son came back with about $200 of eisenhowers, including a few silver ones. They basically bought $1200 worth of coins for $200! Some kid/grandkid probably turned in grandmas stuff.
Yes. And the gifting party doesn't have to even bother pretending they care enough about said recipient to try and figure what that person would like / could like and don't know it yet.
I don't see how any of that is brilliant. Might as well write a check. Or just don't bother with a gift at all. It's what I do with most people I don't care enough about.
Clearly you are one of those people who takes gifting very seriously, some dont. Its brilliant because its the right product for people who want to give something but dont have time or dont feel comfortable asking probing questions about what the recipient likes.
Gift cards demonstrate a modicum of forethought/planning, albeit on the order of a Hallmark card. Cash says "this is what I found in my wallet on the drive here". Check falls somewhere in between, but with the added inconvenience of the recipient having to figure out how to deposit it.
Gift cards have the added benefit to the gifter that, upon being spent, the giftee has a chance to associate them with the purchased good or service. Cash and check, being added to an amorphous fungible pool, confer no such benefit for the gifter.
What I haven't figured out is where on these axes lies a printed-out QR code granting ownership of a Bitcoin wallet. Unfortunately Google tells me these actually exist: https://bitcoinpaperwallet.com/holiday-design/
Before cheap plastic gift cards existed, we used to just hand over cash and write in the card "get a nice book and let me know when you do" or something. So that's hopefully a little less tacky ;)
When I became old enough that more distant relatives didn't really know what to buy me, they'd send £5 and a request that I spend it on clothes, a book, a day out with friends or whatever.
Usually, they'd send a banknote in perfect condition, or a cheque if it was by post.
I'm now too old for these gifts, but my youngest sibling gets the same instructions, and a future-dated transfer to his bank account.
> I guess it depends on the culture, some dont like getting direct cash.
East Asian cultures tend to stick to the "red envelope of cash".
I'm curious how much businesses have had inroads into swaying cultures to believe that gifts and gift cards are more desirable than cash. Economists historically have talked about how gifts are frequently inefficient uses of money because there is value loss when it isn't the most desired item at the time.
My Mom wants gift cards for gift occasions. But she also sends out gift cards for birthdays or whatever. She doesn’t understand why my siblings and I think this is so funny. She sends us a $25 gift card for our birthday and we send her a $25 gift card from the same place for her birthday.
For reasons I don't entirely understand, a large number of people think that giving a gift card is "more polite" than checks or cash. Even though you are literally giving just a worse version of cash that can only be used in one store.
Not everything is for sale. Things can be freely given that you wouldn't, and in some cases are not allowed to, sell.
But even beyond that some gifts that could be bought are valuable to the recipient disproportionately to what it cost for the giver to purchase them, for a variety of reasons.
> But even beyond that some gifts that could be bought are valuable to the recipient disproportionately to what it cost for the giver to purchase them, for a variety of reasons.
My point is that those are the same reasons that recipients value gift cards more than the same cash amount (though to a lesser extent).
Many people buy others gifts, often with little care or thought, just for the sake of giving a gift,
not because they necessarily want to.
I personally hate receiving gift cards or commodity gifts. I would rather receive a thoughtful gift (even just a hand-written message) or no gift at all. I don’t want your item or your money, I want your time or your thoughts.
Not to mention that after receiving your gift, I become obligated to give you an equally thoughtless gift. They say it’s the thought that counts, but it seems like that’s exactly what is missing most of the time! I want to skip the business transaction and just get to the part where we appreciate each other.
That said, I’m still not going to look a gift horse in the mouth, but that is my honest preference.
I'm mostly the same. My family doesn't really do gifts any more, showing up in one place to cook and eat together is enough.
For my wife and myself, we usually just 'gift' something like a short holiday or a nice thing we'd been meaning to get. But it's kind of abstract when the money belongs to both of us anyway - the main gift is that the giver goes to more effort in planning it, or gives up some of their own preferences in deference to what the receiver would prefer.
Obligated gift giving is pretty annoying as you say. Much nicer to see something and think of it on the spur of the moment.
Honestly, just give everybody liquor chocolates and the occasional bottle of scotch, and you will be fondly remembered long after you are gone. It's not thoughtless. It's a strategy.
Early in our marriage my wife said that we shouldn’t exchange gifts. I thought she was crazy and would changer her mind, but over the past 25 years neither of us has ever purchased a gift for the other. It has actually turned out great. Now I don’t have to spend any time thinking about what she might want. She’s happy, I’m happy, capitalism is not so happy ;-)
The one interesting thing is that I don’t like buying gifts for other people anymore. If I’m not going to buy my wife a gift, why would I buy you a gift when you are no where near as important to me as she is?
> She’s happy, I’m happy, capitalism is not so happy ;-)
Financial security is a very important factors in marriages. As long as both parties are happy with forgoing gifts, it's a far better long-term gift to each other to be fiscally responsible to the future of the family unit.
That said, there's an onslaught of marketing to convince you to change your mind.
I'm a patient at a (physical) rehab place, and my case manager is expecting. With COVID-19, any gifts like baby clothes seem too germy, and the best I can think of is a gift card that she can sanitize. Better than paper cash, and we don't know her well enough to know what she needs.
To be fair about (3), I think they already do that. They mention in the article that the cards are redeemed by people in your country.
Unfortunately, the gift card is an item that is intended to be easy to give to other people, just like cash. This doesn't seem like an easy problem to solve.
I think (4) has the most chance of success. Even just adding a 4 hour "activation time" on cards worth more than $250 would make the scam just a little harder to pull off, and real consumers would rarely be inconvenienced. The guy in this story would have realized he was scammed and had ~4 hours after the call to try to fix the situation.
If you had to show id when redeeming gift cards over a certain amount, merchants could use this to track down "runners". Though I imagine that a lot of them are probably recruited in a similar way to the work from home scams.
The real problem is that merchants are not incentivized to fix the problem as they make money from it.
>Even just adding a 4 hour "activation time" on cards worth more than $250 would make the scam just a little harder to pull off
That's a good idea.
Implicit in this idea is that victims can call a customer help number and get gift card balances frozen and reversed. I don't know if this is possible to do right now.
If so, fraudsters might start up a new scam. Buy $1000 in Target gift cards, spend the money at Target, call up Target and claim that a scammer stole the funds, and then get $1000 back, netting $2000.
Target would have to build a new department just to adjudicate gift card claims. At which point it might decide that it's just not worth the hassle of issuing gift cards.
Scammers want cash, they don't want $1000 of Target merchandise that they have to figure out how to sell. Gift cards aren't quite cash, but they're easier to sell.
I used to work on a platform that ran on the POS and issued various gift cards via the receipt printer (think prepay mobiles) or actived physical gift cards like these. For products we could there was a cooling down time of a few hours between purchase and redemption. This also made it harder for the sales clerk to scam
Re: #1, nothing is ever going to fully fix that. SS7 and the PSTN are built on 30+ year old tech where the phone carriers all trust each other. SHAKEN/STIR isn't going to fix it either. The only thing that's going to fix caller ID spoofing and calls coming in via grey market VoIP SIP trunking providers is to burn the PSTN to the ground and start over.
Breaking interoperability with the world's installed base of circuit switched, 25+ year old PSTN equipment is not on the table for the big phone carriers.
I think the phone companies are complicit in #1. They sell a lot of phone minutes to companiess using foreign call centres that want to seamlessly spoof local calls so they choose not to change. There's no reason, for example, for call coming from a foreign country to - when received in my countries routing centres - get a local phone number in caller ID.
That should be illegal. Foreign calls, if they're really running against PSTN tech limitations (which I doubt as I thought offshore calls were all routed via internet) then they could easily create hardware to blank out offshore calls caller ID info (and preferably replace with just the international dialling code).
But then your bank would have to admit where their call centres are, and they pay more to phone companies than individual customers do.
Which comes to why there's no legislation (in UK) demanding action from local phone companies; presumably because they pay the politicians more than we do too.
I don't think the previous commenter is saying that banks don't want verification; they're saying that banks (among other large companies that outsource their customer service) benefit from caller ID spoofing to conceal the true geographic origin of the call. I think the underlying issue is that current telecom carriers permit spoofing to entire swaths of number blocks without much verification.
It's not possible to solve on a technical level, (lots of edge cases) but this is my recurring "make the provider hurt" comment.
Every call should be possible to report and the last organisation which can't justify the caller ID sent gets fined for each such call. Ideally this will end up with a scammer. If not possible, it will end up with a telco which will assign blame on their international partner until they get cut off. No properly run telco wants to get cut off from sending calls to a large country.
But the fines have to start due to correct regulation which applies to everyone.
The carriers somehow have zero trouble figuring out who to bill for the calls. There's no reason the same system can't be used to identify the real originator behind malicious calls and cut them off.
Why wouldn't STIR/SHAKEN fix it well enough? And isn't SHAKEN designed specifically to pass authentication over SS7?
It's fine if providers trust each other as long as they only do that after verifying that the other party is trustworthy, and quickly fix it if that turns out to be a wrong assumption.
>My Android has "Scam Likely" show up when a scammer calls (I believe this is part of the STIR/SHAKEN protocol)
I'll point out that (at least on my phone with T-Mobile), "Scam Likely" comes from T-Mobile's "Scam ID" service. STIR/SHAKEN produces a different message, "Caller Verified", when a caller is confirmed. Source: https://www.t-mobile.com/support/plans-features/scam-id-and-...
> 3) If I buy gift cards in New York, there's zero reason someone in Bangalore, India should immediately be able to redeem those gift cards. Perhaps Target could should spend some of their data collection techniques on this instead of trying to figure out if your daughter is pregnant so they can send you maternity coupons.
I don't see why data collection is necessary here, if gift cards are such a fraud vector, why not put a 24hr delay in activation on gift card purchases over a $100 to give scammees a chance to understand what happaned and prevent the scammers from profiting.
I was thinking about #3 as well, but I was thinking that the scammers don't actually use the gift cards right? Don't they just re-sell them in order to launder them? I was also wondering, if you realize you've been scammed right afterwards, is there a process for reporting the numbers to the issuer so they can freeze them and try to refund the victim? I feel like that should be required somehow.
According to the article, the laundering is done in the US:
> Once the scammers obtain gift card numbers from a victim, they transfer them to a group of US-based “runners,” who liquidate and launder the funds — either by buying resellable goods at the store or selling them via gift card resale sites. Some even have their own gift card resale apps.
One thought is that gift cards could have a one day delay before they can be spent. I'd imagine that 90% of gift cards are intended as presents anyway and thus would be unaffected, but the delay would still grant a cancellation window to scam cases like this.
Anecdotally I have a completely legitimate use case for that - apps like Fluz http://joinfluz.app.link/BETA and MileagePlusX kick back some dollars (or airline miles) for purchasing vendor gift cards through them.
Frequently as I am in the checkout line at Kohl's or Home Depot I'd buy a gift card for myself with the intent to wipe it out in the next few minutes at the checkout (Fluz, for one encourages that, and will send a notification whenever you're near a retailer that's in their network).
Gift cards are often used for money laundering and fraud, because they act as de facto currency but are not subject to the same regulations. I think the key is limiting the extent to which they can be used as currency, which is related to what you mention and what the article mentions.
I don't know that full Know Your Customer laws should be in force here with gift cards, but both Target and the bank that facilitates these transactions should be doing more to prevent these.
I can’t remember if it was here or Twitter, but there was a story on how gift cards were being used in an informal economy in US prisons. It was easy to transmit the required information and it didn’t violate internal prison rules about holding US currency.
>If I buy gift cards in New York, there's zero reason someone in Bangalore, India should immediately be able to redeem those gift cards.
According to the article, that is not what happens; instead, the gift cards are redeemed in the US:
'Once the scammers obtain gift card numbers from a victim, they transfer them to a group of US-based “runners,”'
The runners described above would probably have some kind of presence in most major US cities, and they could just pick a runner in the nearest major city to the victim without raising any location-based red flags. Note that neither Safeway, nor Target have retail stores in Bangalore (or anywhere else in India), only offices.
How do you feel like we could enforce #3? I suspect someone would use a VPN to fool any location/verification system, or is there something else going on here?
RE: Target data collection
Determining if someone is pregnant so they can find ways to get that person to shop at Target drives their bottom line. What incentive is there to invest as much in preventing scammers from succeeding? I don’t know what the solution is, but doing something (even an information campaign) is better than nothing at all.
I suspect this is an issue of retailers not caring enough to spend the money to fix the issues? Being scammed is a bad experience, but it's not the retailer's fault. Plus it generates a significant amount of revenue.
This seems like something the Consumer Finance Protection Bureau could collect data on and put some sane regulations in place? The gift card industry is poorly regulated in general.
> Perhaps Target could should spend some of their data collection techniques on this instead of trying to figure out if your daughter is pregnant so they can send you maternity coupons.
Why though? One makes them money and the other... also makes them money but by doing nothing about it
I've told both of my parents--in their 70s--that I will never, under any circumstances, ever call them for money and that any call they might ever receive claiming to be me asking for money or asking for it on my behalf is guaranteed to be a scam.
Yet it still happened that, during the exact week my family was on a Caribbean cruise that included a stop in Mexico[0], scammers targeted both of my parents' mobile phone numbers insisting that they were alternatively Mexican authorities demanding bail money for me or that they were my spouse sobbing over the phone that I'd been in a tragic boating accident and needed money for the hospital.
This was before international roaming was included with my mobile phone plan so when I got back to port a few days later I turned on my phone that morning to several voicemails from my parents, starting out panicky then realizing what was going on then positively jovial at how they'd played the scammers along for almost a full day.
They didn't send any money but both of them said it was incredibly difficult to keep what I'd told them in mind because "what if it really was you needing help?"
0 - We think the scammers got the information off of the Facebook pages of one of our related family members who posted publicly about "being envious of [my name tagged] going to Cozumel" next week and then trolling linked family members for people who appeared older.
I also warn my mother not to think she's clever and talk back to the scammers. "Don't tell them off" I tell her. Just hang up. Say nothing.
> then realizing what was going on then positively jovial at how they'd played the scammers along for almost a full day.
...because once they realize they're talking to an old lady, they may realize the "kidnapping" story may not work, but a call verifying something for a Stimulus check might (for example).
Hang up for another reason. That is less data they have to fake they are you. Say "yes" and any audio tech with a reel to real tape recorder can insert that yes into a different conversion where you are agreeing to whatever scam. (it is easier with modern technology of course) say enough and they can clone your voice inflections and record your voice saying anything they want.
I don't know if it has. However it is reasonable tactic. If you have a recording of them agreeing to something that is strong evidence in court. You need to figure out how to get payment, but if you have bank information from some other source (not hard) a charity to "help the poor" that spends 5% on the poor and the rest on CEO isn't hard to set up.
I had a conversation with a scammer claiming to be MSFT support, maybe 5-6 years back. It was clearly a cold call, not based on any PII, so I just toyed along for maybe a half hour until I started getting bored. We talked another 10 minutes or so about life in his city, lack of jobs, using fake tech support as a stepping stone, practicing english, siblings, etc. Seemed like the same familiar monotonous daily grind, just trying to find a path and provide. Maybe that was all an act too, but it felt authentic.
Yeah one guy has sound effects (such as driving for going to the store to buy the gift cards) and voice modification set up.
There was a video that he kept the scammer on the phone for 6+ hrs then at the end when he was giving them the apple cards was "confused" and redeemed $20000 dollars onto "her" "own" account to send them a computer all on a vm where they could watch her putting in the cards codes and go through the checkout but the control software "was broken" so they couldn't interfere.
edit: Youtuber/twitch streamer is mentioned below, Kitboga
Yea, some of those are hilarious to watch actually. I can't sit there for that long. But I would say on average I can easily waste 10 minutes of someone's time while still getting work done on my side.
I travel internationally a lot and my parents and grandparents get calls like this on occasion. I send them an annual email reminding them that I will never call asking for money. I also give them a password in the email and let them know that if someone claims to be calling on my behalf about an emergency they will know this word (I give it to my lawyer and girlfriend plus business contacts that might actually have occasion to call in an emergency). My relatives know that if the person doesn't know the word they should hang up immediately.
I established this system because it is possible I will be involved in an accident or something and I do want my relatives to be able to trust someone calling if I am unable to do so. Many scams start with news of an accident so this usually stops them before they get to the asking for money part. I also make it explicitly clear that an emergency call would never be a request for money. I have savings and insurance and there is no occasion where I would need money from relatives, ever.
How will you never ask them for money, I was stuck in Vietnam, had my cards and cash stolen. Visa will not send a replacement to Vietnam. There was no alternative except to get my sister to wire me some money.
Then you go into an Internet cafe or borrow somebody's phone and do a video call to establish it really is you asking.
The countdown timer to when this can be convincingly deepfaked is ticking, but while a pre-recorded video is within realm of possibility (if the scammer can get access to video of the person, which is already hard), being able to fake a live conversation is still a ways off.
Also, I'd tell you to leave a backup card in a separate place from the rest of your belongings, but you've probably learned that the hard way already!
I've been traveling extensively for 10 years, over 60 countries and counting. Still haven't ever been in a situation where I needed relatives to send money. I have multiple banks, cards, credits cards, accounts and lawyers who can handle these types of issues for me.
I've also built up a network over the years so I have friends in virtually every major city on the planet. You could literally spin a roulette wheel of cities and drop me into one anywhere on the planet with nothing in my pockets and I'd be fine. People are far more helpful than you realize and of course knowing people helps.
I was completely broke once in one of the most dangerous cities on the planet (San Pedro Sula, Honduras) due to poor planning and a city wide internet outage that took out all ATMs. I also didn't speak any Spanish at the time. This was before I had multiple banks too.
In the end it wasn't really an issue at all, bus driver let me ride for free to the next town and personally escorted me to a safe ATM. Once you've been through things like that a few times you realize most situations just aren't as big a problem as you might think.
What if you get kidnapped and don't have enough money? I highly doubt there is no world in which you would ever need money. When you make blanket statements such as "X cannot ever happen" you're asking to be wrong.
A better approach would be to establish a set of preshared keywords that convey information about what's going on.
That's why they gave their parent's a password that could be used in case they ever actually need money. I remember growing up, my mom told me a password that would be used if an adult I didn't know was trying to pick me up from school or was in some way trying to get me to come with them. I think it was only used once when my mom's coworker picked me up after school because my mom was stuck at work. Nowadays, you need multiple signatures, a letter from your congressman, and a notary to let anyone that isn't the parent pick up a kid from school but this was before all of that.
Parent here: in Massachusetts, you just file a form with the school authorizing specific people to pick up your kid. Those people have to come in to the office and present their driver's license or similar. That's all the bureaucracy.
No, you can't have someone bring a form with them and show ID. Too easy to abuse.
However, you can list as many people as you like and change it at any time by visiting the school. So we have four or five neighbors listed and my sisters who live in other states.
Kidnapping is a real, albeit unlikely threat in many of the places I end up in. That's why I have lawyers and insurance. There is no scenario in which I want my grandparents or parents involved in a kidnapping situation in any capacity.
The most basic solution. People age 70+ keep paper books of hand written names and phone numbers next to their home POTS phone. Have them write down the "password" next to your name in the book.
“oh, sorry mom, I got a new phone for the trip so it would work overseas. don’t worry about that! just send the money quickly so we can pay the hospital.”
> "They didn't send any money but both of them said it was incredibly difficult to keep what I'd told them in mind because "what if it really was you needing help?"
Perhaps a pre-established code phrase is a good way to address this. "If I ever need help, I will mention that [memorable vacation] we spent together. If that vacation isn't mentioned explicitly, it's not me."
Fine as long as your parents aren't beginning to go senile when such instructions will just be confusing and/or completely forgotten.
There might be better protocols - make sure all their cash is in the bank, set a per store per week limit of £200 on their cards, require your/siblings authorisation to make larger purchases?
But then there are things like their pensions, who they move their phone/internet account or other utilities to, so much opportunity for malicious people to commit fraud and deception; companies aren't motivated to help as it often reduces the companies income.
This is exactly what I have done when we leave the country. We leave a binder with emergency info including code words with expected responses to validate that our emergency contact at home is truly speaking with us.
Seemed kind of silly at the time but it truly is a low cost way to mitigate this issue.
A lot of times the victims give these type of information to the scammer. Not saying this is what happened to your parents, but my aunt got a call where a young man was crying and SHE was the one that asked for my name. From there it was quick for the scammer to say "yeah, I am here with so-and-so". Thankfully she got stopped outside the bank branch by a police officer who saw her panicking and was able to talk her out of it.
"trolling" works. It's a method of fishing, just like trawling. It's one of the lesser-used definitions these days but IIRC that is the root for the more well known antagonizing definition.
Probably regional dialect. I spent my teenage years "trolling" for just about every part of the female anatomy, but never heard anyone use the word "trawling" in the same way. That said, trolling is a much more popular fishing method where I'm from.
In fishing isn't it a question of volume? IIUC trolling is moving very slowly/wakeless with a small number of lines, and trawling is a big net that catches everything?
Before 'trolling' became popular, 'trawling' was common and correct use for this case. Same kina use as fishing trawlers. The dictionary has more detail.
But trolling is also a type of fishing - you drag a line and try to catch people/fish on your bait (the phone call from the supposed son). That seems the perfect metaphor for what they were doing? They weren't dragging a big industrial net trying to catch anything at random passively (trawling) because they were trying to get individual people by calling them up one by one trying to get them to bite.
> My dad is not a gullible man. He grew up low-income at the border of Brooklyn and Queens, where street smarts were a survival mechanism. A 30-year career teaching high school students trained him to sniff out bullshit from a mile away.
Your dad was not a gullible man.
My dad was a very aggressive and assertive person throughout his life, didn't trust anyone, lived through some very hard times like post-war Italy where apparently even the feral cats vanished for lack of food.
Then in retirement it's like everything experienced which conditioned him to be that way just faded away. His edge dulled substantially.
The last time I traveled with him we were approached by someone on the streets of Palermo who was obviously (to me) sizing us up. Within minutes of talking with this total stranger my dad had revealed where both his money and passport were kept on his person. I had to abruptly intervene and remove us from the situation by insisting we enter the restaurant we happened to be passing. When I explained to him what had just transpired, he was in complete disbelief at how easily he had been tricked. The whole thing surprised me because my dad was the one objecting to our exploring the south of Italy the entire trip because of the crime and poverty!
Even with him expecting we were going to have such problems he didn't catch it. A previous version of my father would have not only seen it coming, he likely would have escalated it with violence, he's a gruff old Italian sailor. This was like taking candy from a child.
It's incredible how much people change in old age.
In regards to this topic, the "gullible" line of thought misses the forest for the trees, because it still operates in the mode of "it was your personal responsibility [to not be scammed], and if you were, it is because you were gullible." This means the elderly are particularly vulnerable, as per your account, but it also means that there's less inclination to push for change and protection against scams like this from the general public in America. (I feel that in other cultures, such as Japan, the elderly tend to be regarded with respect for their wisdom rather than derision of their "regressing" minds).
My anecdotal story to the contrary of yours: I have a friend who graduated from a top 10 US college a few years ago and couldn't find a job. Right when they were desperately filing for applications and feeling very worried about their future (as recent college graduates are wont to do), this person received a call from 911 that fell exactly into this class:
>Impersonations of government employees accounted for ~60% of these cases.
The "911" was from the local police department of the city where they lived. The person was told that a warrant for their arrest has been issued - that 3 years before, there was a particular document to be filed with the IRS that had to declare all scholarship money awarded for a particular scholarship, and according to their documents, that document is three years overdue and has already incurred $700 in fines. The amount of time elapsed since the due date warranted x many jail days without immediate payment, and a mark on the criminal record... additionally, since this involves defrauding the government, their freshly minted university degree was about to be revoked.
My friend is an immigrant. They didn't know that university degrees couldn't be revoked, nor that no such thing as "government vouchers" bought from a grocery store existed (this was the trick - when the person arrives looking for the vouchers at Target or Office Depot, the agent on the phone says that some gift card can be an acceptable form of payment instead).
I took note of this scam both because of how elaborate it was, how believable it was (especially to someone less than familiar with the US government), how the person on the "911" call used psychological tactics to continue to make this vulnerable person more and more panicked about their future particularly at a time when they were already financially insecure. My friend was not gullible. But my friend did fear repercussions from the US government enough to completely fall for this scam.
This worked because you can actually buy government revenue vouchers or stamps to pay for official fees or transactions in many countries. I could definitely see this being believable to someone coming from a country where this is a thing.
I can't agree with this more. My parents and my in-laws have, within the last year or two, appeared to age a decade. Not in how they look, but how they behave; the things they struggle with, the things they obsess over, the logic they miss.
The scary thing in noticing this, is knowing that it will happen to me (us all) one day. I'm hoping that by noticing it I can stave it off for as long as possible, but maybe that kind of thinking means I'm already on the track...
This is so true. Back in the 90's my father was president of the local law society and the managing partner of a sizable law firm. He had a very sharp and enquiring mind.
He's now retired, in his late 70s and beginning to show signs of age related dementia.
Last year he fell for a phone scam from someone claiming to be his ISP, where he was persuaded to install remote desktop software onto his computer and login to internet banking. The scammers weaved a tale about fixing his computer and sending him an "authorisation code" which was actually the SMS code from his bank as they'd added themselves as a new payee. He simply read it out to them.
The scammers transferred just under $10,000 to their account.
Luckily, they'd set off enough red flags that he called me asking why his ISP wanted to know what bank he was with. Once we worked out what had happened we called the bank straight away and were able to get the transfer stopped by the bank just in time. It was a Saturday and he was literally saved by the weekend. Very lucky.
Turns out he was in the process of changing ISPs when the call arrived, so a garden variety phone scam was perfectly targetted.
With my 72 year old dad I mostly notice tech related things. He's a smart guy, worked in banking and finance his whole career (so used computers pretty heavily) and was really into PCs in the 90s. He was constantly setting up and tinkering with DOS, Windows 3.1, 95, etc. as well as learning to program.
These days he is limited to the basics on his PC: email in outlook, checkbook in Quicken, basic web browsing... and he often runs into trouble with them. I'm on TeamViewer about once a month helping with something. He also has an iPhone and iPad but can just barely do the basics on them, watching him try to use them is just painful. Some of that is due to crappy modern UX, especially on the iDevices, but his ability solve tech problems and deal with unexpected situations has dropped off a cliff the last few years. Age is coming for us all...
He live streams calling scammers that are running exactly these sorts of scams, tries to tie them up for as long as possible, wasting their time. It's super educational as well, showing how these scammers try various tactics to keep people afraid.
Although his practices are more... grey hat, he's managed to successfully shutdown whole companies. He provided content for a BBC documentary too: https://www.bbc.co.uk/programmes/m000fzx2
Even though he regularly sends information to authorities, it is very rare that they will do anything.
One thing that I enjoy about Browning's videos is that he often will be proactive in helping victims. Sometimes he will catch scammers in the middle of scamming others and either call the victim to educate them about what is happening, sabotage the scam by reversing what the scammers are doing on their computer, or just refunding the funds with the scammers' own systems.
He might not be as "fun" and whacky as some of the other baiters, but it his videos can be quite interesting. He will sometimes figure out the hierarchy and layout of their company and network, their physical locations, business fronts, etc so that he can methodically take down the company.
He puts forward far more effort than many other "scambaiters."
He has coding streams where he makes countless tools to take up more time / capture information from scammers. He has a fake bank site he uses to capture banking details of scammers when they try to wire money to themselves from the victim's bank account (he has a relationship with bank fraud teams and law enforcement.)
He's also a talented voice actor and social engineer who can keep scammers on the phone with who they think is his bank for hours. Absolutely worth a watch on YouTube or his Twitch streams if you have a moment.
My favorite was the cubic equation captcha on the fake bank website -- which Grandma Edna (his character) had no trouble solving in her head because back in the day they taught arithmetic properly!
As an example, one of his time wasters is a browser extension that redirects Google search to the 8th page, making it harder for the scammers to bring up websites thru search such as the chase demo banking site. It's very amusing to watch them struggle.
Yes, that guy and others on youtube are sadly the only line of defense we have. I'm surprised this is still happening in 2020. Plenty of Indian scam-centers were raided a few years ago.. And they're getting more and more professional at scamming, some of them have no telling indian accent (but they are sooo rude, it's unbelievable)
I am not a recipient for such scamming but I do receive phone calls on a daily basis, which I started screening of course. If I pick up and don't say anything they will hang up in 5 to 10 seconds. I think they're harvesting for potential victims.
I've been consuming his content non-stop for a few months now. While there are other scam baiters around, I feel like Kitboga's approach is the best one to achieve the most possible exposure of these practices. He has a huge Twitch and YouTube audience and I think he absolutely 100% deserves it.
Here's the same scam from his stream 3 days ago: https://www.twitch.tv/videos/668914814?t=5h4m20s Abandoned Toyota Corolla on the south border of Texas with blood, _exactly_ 22 pounds of cocaine, cash. Multiple bank accounts and addresses registered with your SSN, funds wired out of the US.
If you’re in a store and see someone acting odd with gift cards, it’s ok to say something and try to help out.
I recently encountered an elderly woman fiddling with some purchased gift cards (at CVS) while talking to someone on her cell phone. They threatened to disconnect her power immediately if she didn’t pay for a new meter immediately. Luckily I convinced her to not share the numbers and hang up on the scammer. It took her a while to even trust me. Poor woman had no idea who to trust. I had her call the local utility who was super patient explaining the situation and consoling her.
This article attempts to blame Target a couple of times for not doing enough. But this guy was also sitting in another store's parking lot, Safeway, reading off gift card codes to the "DEA."
No matter how smart you think your loved ones are, placing scrutiny on the stores the scammers have chosen (especially as a journalist) is going to do little except to add purchasing restrictions for everyone. A 17-year-old minimum wage cashier isn't going to save your dad, it's the last place to look to combat these "psychological tactics."
There's a reason these scammers choose gift cards as their preferred way to get your money: gift cards have become the easiest way to move large amounts of money while minimizing the chances of getting caught.
Every other business that deals with the transfer of money (banks, for example) is expected to put strong measures in place to make sure that the money is traceable and that they're not helping criminals. Why shouldn't large companies like Target be held to a similar standard?
Moreover, the incentives here are very worrying. Yes this guy got scammed out of $3k, but Target also got $3k in revenue. Without some sort of penalty/punishment, Target is incentivized to do the bare minimum to minimize their PR exposure (which they can do by saying "we take this very seriously and have adopted some new policies" but not really acting on it) but to otherwise allow this to keep happening. As the prevalence of these gift card scams has skyrocketed, so have gift card sales for these large companies.
There's also an interesting sub-class of this scam that targets employees of certain size companies. Due to anti-bribery laws/rules/regulations gifts of cash to other companies are usually forbidden (and every employee with an expenditures line should generally be very aware of that), but non-cash redeemable gift cards are often still seen as fair "gifts" for various types of incentives/thanks/congratulations efforts. So gift card scams are sometimes even more effective for corporate employees, because corporations already abuse gift cards as a grease currency, and some corporate employees are very used to buying strange amounts of gift cards and giving them out in strange ways.
From what I understand, a retail store doesn’t make any profit selling gift cards for other stores.
The Safeway in this story didn’t make any money off of that $2k purchase of Target cards and it could’ve saved/boosted its reputation if it had some better protective measures in place. It also means that maybe people who would’ve spent money at Safeway now can’t because they’ve lost several thousand dollars.
> From what I understand, a retail store doesn’t make any profit selling gift cards for other stores.
That seems dubious, considering they dedicate precious shelf and display space to selling them. Accounting can get crazy in the real world, but clearly they have a motive to move these things. The cards are on the shelf because the cards make money for the store, somehow.
I know that I have a lot of gift cards that go unused for months, or never used at all. Probably a lot of profit in interest on holding all the money and keeping anything not claimed after a few years.
It might be true that they make no money from the sale itself, but those displays are likely from a third party that is paying for the shelf space.
If you do a search for something like "gift card distribution", there seems to be a bunch of marketing firms that you can pay to get gift cards made and put in stores.
He keeps using terms like "intelligent", "cautious", "not gullible" to describe his dad but the man bought $3,000 of gift cards because he thought the DEA would accept them in exchange for not freezing his bank accounts.... the man's a moron. Sorry, but stupid is as stupid does. This is a very very stupid thing to believe.
My gut instinct is to agree with you... but I think we should be a little more sympathetic, since we have so many examples of seeming smart people falling for various scams.
I think it is foolish and wishful thinking to think we are immune to being scammed just because we can see through all these ruses when we read about them online.
Whenever something bad happens to other people, our immediate first reaction is to find out reasons why it would never happen to us. We wouldn't fall for it, I wouldn't put myself in that situation, I would see it a million miles away, I would have done this instead..... this is a defense mechanism because we don't want to feel vulnerable... we want to think that bad things are preventable, and we would always prevent the bad things.
This is simply not realistic, and gets in the way of empathy for people in bad situations. Just think back in your own life when things went wrong, and how looking back there are always things you could have done differently... but you didn't, because you are human and make mistakes and didn't have perfect knowledge of what was going on like you do in hindsight.
I would love to hear the specific script they use to convince people to buy gift cards. Everything leading up to that I can understand someone being suckered into - but how the hell do they convince people that a government agent wants them to buy gift cards?!
Didn't RTFA but I know someone who fell for a similar scam.
It involved multiple scammers calling them, claiming to be the IRS. They had personal details about the victim (gleaned from public records, no doubt). When the victim agreed to make a payment under threat of arrest, they were told the government doesn't take credit card payments over the phone, but a special agreement with Amazon allowed them to accept gift cards as they are guaranteed value and "as good as cash."
From a distance it sounds ridiculous, but it was a surprisingly complex con with multiple participants and enough plausible details to make them seem legitimate. Refusing to take your credit card number over the phone must also disarm victims, what scammer would do so?
You'd think so, but it is possible to scam intelligent people. Intelligent people are still subject to the same fears, emotions, and cognitive biases and flaws that other people are. If a scammer can successfully harness those human weaknesses, intelligence might not be enough to save someone.
Some of this has been targeted at recent-immigrant ethnic communities from places where government corruption is endemic. From the point of view of the person being scammed, it actually is plausible that some person working for the IRS is demanding payment via a sketchy method.
The way con men are successful is usually not by directly convincing people that their scam is legit -- but instead they convince the person that they are trustworthy. Once they're seen as trustworthy, human brains tend to overlook facts, even obvious ones. Confidence scams work on a similar abuse of trust that April Fools jokes do... except they're a lot less funny.
Sorry but I just don't buy it. I cannot see how it's possible to persuade a smart person to do something incredibly stupid and diametrically opposed to their own interests. I really do believe that only stupid people can be quite so.... uhhh, stupid.
What if I told you that I can invest your money for a consistent 10-20% return, and I can even make you 5%+ during the 2008 recession. I beat everyone else's returns. The only thing is that I can't tell you exactly how I do it. Of course, an investment scheme this good has to be secret, so we don't do external audits, but my brother audits everything for me.
It would take a stupid person to believe a scam like that, wouldn't it?
Sure, but everyone here is reacting with incredulity at the idea you could make any kind official payment with a stack of gift cards. It's like asking someone to pay their utility bill with Pokemon or MTG cards.
There are many examples of people who have been interviewed after being scammed who did know better, but did it anyway because they were successfully convinced their situation was a special exception. Gaslighting can really distort reality for some people.
While the majority of people who fall for this are elderly and aren’t as sharp as they used to be, they aren’t the only ones who are successfully tricked.
> they were successfully convinced their situation was a special exception. Gaslighting can really distort reality for some people
I mean, every rule does have exceptions. People are wired to think that way, because that's how it is. So manipulation can work by triggering that frame of mind.
Stores already do tons of stuff to try to thwart these.
I worked at a store years ago and we had all these things implemented:
- Limit on gift card purchase amounts per customer, per day.
- Stopped stocking Western Union cards because they were such a scam target.
- There was also a scam where scammers would call the store itself to pose as a "corporate employee" who was "trying to verify that the gift card redemption system was working" and would have the cashier activate a gift card, run it as cash, and read off the numbers. And apparently that worked well enough that every time we activated certain gift cards, a massive box popped up on the POS screen saying "IF THIS TRANSACTION IS HAPPENING OVER THE PHONE, HANG UP IMMEDIATELY AND CANCEL THE TRANSACTION."
At a certain point there's only so much that can be done by the store itself.
Excellent article – particularly for showing how powerful the limbic system is and how it can completely overwhelm the neocortex (logical, rational part of the brain) – a phenomenon referred to as amygdala hijack [1]. The article shows anyone could fall victim to such a scam – not just those who are stupid and/or greedy. I was also struck by how the article detailed – in addition to the monetary loss – the longer-term emotional consequences of being deceived by scammers.
> My dad had received robocalls in the past and ignored them. But this one was different: it was a real, authoritative person on the line who knew his full name and address.
Earlier, the article reported that scammers get this personal information from data brokers and it struck me that this is a reason why people should care about privacy and who they trust with their personal data. This data could end up being used against them – or their loved ones.
> Earlier, the article reported that scammers get this personal information from data brokers and it struck me that this is a reason why people should care about privacy and who they trust with their personal data. This data could end up being used against them – or their loved ones.
This is a key point worth mentioning in any "nothing to hide, nothing to fear" discussions about online tracking and the dangers of giving away private information to websites, big or small. Once the data is out there, it's available to any company with deep enough pockets to purchase it.
My 84 year old mother got a message from the State of New York saying she had unclaimed funds and should fill out a form to claim them. She quite reasonably assumed this was a scam and ignored it. A few months later she mentioned it, and my brother who was familiar with the actual process looked on the website, saw that she did have unclaimed funds, and he filled out the form. Turns out the initial message was completely legit. There was a brokerage account which had fallen through the cracks when her own mother had died, and she got a check for ~$20,000.
This ^^^ is a big part of the problem right here --- legitimate messages from government authorities are so totally non-credible that it makes the scammers' jobs super easy.
Same is true of banks and such. A few months ago, I got a mortgage, and I was totally blown away by how much profoundly suspicious shit that was actually legit happened. Like, I'd get calls from totally random new people from the mortgage company, no warning by anyone who I actually knew that this new person was calling, often from their personal cellphones---and it would turn out that the call was totally legit, and I actually was supposed to send more sensitive financial documents to this random new person. Totally bonkers.
And we probably can't discount the role of direct-mail marketing in this, either - my bill from my ISP will arrive in a plain envelope (before I opted into paperless statements), but every random piece of upsell spam I get from my ISP is plastered with giant red letters saying "IMPORTANT INFO ABOUT YOUR ACCOUNT - TIME SENSITIVE" and often with a fake business card for some executive inside.
Even brands themselves are getting in on the game of trying to abuse people's attention with deceptive messaging.
I feel like some kind of PGP authentication system would be very useful for private government to citizen communications. It would require some training on users parts however.
The problem is that governments, banks etc. don't and can't credibly commit to doing the right thing. E.g. banks in my previous company are furious because just when they'd finally managed to convince most people to never open a link from a text message, the government sent out a text message with a link to a COVID-19 information page.
It still shocks me the number of very large companies, even Microsoft, still have marketing and other official communications that look like clear scam messages
It is like they are trying to make things easy for scammers
Heh, I remember when Android first launched, I made a little calculator app for it so it was ready on launch day. Few months later, I got a completely plain text message from some random email address, saying something like "congrats, your app was one of the first 10,000 apps on the Play Store, to say thank you we would like to send you a Nexus One. Please fill out your details on this page <link to some random spreadsheet>". I immediately thought it was a scam, there was absolutely nothing identifying it as coming from Google, nothing that would give me any confidence whatsoever. But, I googled it, and yep, Google has announced they would be giving out phones to early developers - so I filled out the form and without ever receiving any further communication from them, a Nexus One arrived in post couple months later. It was incredibly bizarre, and in hindsight I wonder if they did it on purpose to limit the number of phones they needed to send out.
Thanks for this link!!! I just claimed $12 from a balance overpayment on a credit card, but my sister-in-law seems to have at least $250 in unclaimed cash awaiting her.
Definitely check out the unclaimed property website for your state. It's fun to see which of your friends and family have unclaimed money, although it's much more likely to be ~$20 than $20,000.
I see ads for this in the newspaper sometimes. I've checked them out when they're on a .gov domain and gotten some of my money from an old savings account I forgot about.
But some states use a plain-old .com, and the sites aren't well done, so they look sketchy, even when they're legit. Worse, they sometimes have URLs like comeclaimyourmissingmoneythatyouforgotaboutandwereholdingforyou.com
If you're curious about missing money, go to the web site of the Secretary of State in every state where you've lived or gone to school. There's usually a link.
This happened to my elderly neighbor last week. The scammers claimed to be from Apple, ran a fake script, did the whole jig and dance, and demanded immediate payment. She lost $8,000. These scammers are relentless and abusive. They're still harassing her even 1 week later.
I'm shocked that Target just simply allows people to purchase so much in gift cards all at once. I'm even more shocked that banks and transaction processors don't mark this as suspicious or fraudulent.
But this isn't just a function of irresponsible companies. The elderly are overwhelmed by technology, and it's too difficult to know what's real and what isn't. After the scam, my neighbor had a near panic attack when she received an innocuous Google security checkup email. How was she supposed to know it was authentic or not?
About the purchase of large amounts of gift cards; it’s not as uncommon as you’d think. I worked at a grocery store customer service office and it wasn’t uncommon to have people buy thousands of dollars in gift cards as giveaways or prizes for events. No questions asked, really. The store was very eager to pocket that money.
There should certainly be more checks and balances around that. Perhaps a personal limit, and requiring a registered business to be the purchaser above that. Or perhaps a redemption system.
But the incentive is not there for the stores. It’s of course better to sell gift cards than the equal amount of merchandise for them
Ask HN: How do you protect your parents from tech scammers?
simple... they call me first.
if there is one thing i have _never_ done to my parents, or _anyone_ for that matter, is make fun of them if they call me and ask me for my professional opinion in tech matters. this has extended to situations when they think the situation is shoddy like they are being taken in a scam. i think _this_ is the single reason why my parents have never fell victim to scams. i feel that _most_ parents, or elderly people for that matter, fall victim cause they feel pressure from both ends... the first being the scammers themselves, the second being scared to ask _anyone_ if the situation is legit for fear of being made fun of.
_noone_ should feel scared of being ridicule when asking any question regarding their safety or well-being.
I had a text from her when I woke up the other day, she'd bought a new phone and now the company was asking weird questions.
I figure for sure it's a scam and I phoned her immediately. But I gradually realised it's actually not what I thought. I normally buy phones by just... buying a phone, like a cheeseburger or a T-shirt, cash or card. But she's got a new phone on contract, so that's a credit deal and the questions they're asking, though prying, are credit agency ID confirm questions. Where you've lived, photo of a passport, stuff like that. The firm seems legit, they're not new to the business, they have a relationship to a Credit Reference Agency that I've worked with before, so it's probably fine.
She seems reassured that I'd actually thought through why this might be OK, and so long as her new iPhone shows up in the next few days all is good, otherwise I guess I need to walk her through anti-fraud processes in case somebody got all that as precursor to taking out credit in her name.
With my mother I got a call from her one day because her PC was literally screaming. She'd clicked a link or visited a web site or something and now it was constantly loudly demanding she phone the scammers and give them money to "unlock" it. She'd had the peace of mind to instead walk into another room and call me. I talked her through switching it off, bringing it up in safe mode and forgetting the (hijacked) default page on the browser. Relatively simple scam, but I expect it's effective on too many people.
Non-scam related story, but my mother called me once panicked, saying the computer is on fire and she's worried it will burn. It took me some time to understand what she meant by the computer is on fire. I had Linux installed on her PC, I think Xubuntu, and it's running xscreensaver by default. xscreensaver logo looks like a computer on fire. My mother thought that she has to react quickly otherwise the PC will burn.
I feel bad for the victims. It's almost always the elderly and they're relentlessly pursued over the phone. You basically have to remove their phones, or remove their capability to ruin their finances. I imagine that day is coming quite soon for my in-laws.
And sometimes it's not at all the same older person who you think gets scammed.
I know some elderly folks who I thought were in pretty good shape mentally and such got pulled into one of those scams. It was the grandchild calling for money from jail type thing.
I never would have thought they would have fallen for a scam like that, they did.
You can never talk too early to older folks about this stuff. Lay down some hard and fast rules such as "Never give out info / anything to someone who calls you first, call them at a number you look up on your bank statement, or call someone directly. Call me / alternate person if someone asks your for information or money, etc."
Scammers have excuses of course but some of those rules will work.
I agree. My friend got scammed with a variation of the gift card scam. The main difference in his case, fear was not exploited, but rather the search of an amazing deal ( $100 for a new ipad or something like that ).
I probed a little bit since I was curious how he perceived it and he effectively said the idea of getting a deal took the best of him.
For sure. I was mostly referring to online "deals" with my comment, but it definitely applies to phone solicitation, too.
I personally ignore almost any phone call from unknown numbers these days because so many are scammy or robocalls. I figure that if anyone really needs me, they'll leave a message.
I keep on getting robocalls from a Chinese scam for more than 1 to 2 years now. I don't understand Chinese but asked a friend to translate and it's obviously a scam aimed at older chinese expats. They always leave the same message. Im surprised it still works after all this time.
I avoid all solicitation in general. If I want something I research it and buy it. I never make a purchcase based on an incoming offer of any sort even if I want the item or service and it’s a good deal.
It avoids 90% of scams before I even enter the funnel.
I once went to a car show where Samsung was showing their Android Auto connectivity. They had a raffle for a 49" 32:9 monitor, I put in my name. A few weeks later an email came saying I had won. Of course I thought it was a scam, on second reading I remember giving my details for the raffle, and I genuinely had won the nonitor..
I was at some festival where they had a raffle like this, thinking it was harmless, I put in my name and number. A week later I get a call that I have won a vacation but I need to come and attend their seminar.
It was some sort of buy timeshares which work across multiple properties around the world. Total cost was $10-15K but you can make low monthly payments. After the loan is paid off, you can stay for free during your vacations.
I did some rough calculations and thought it was worth it. But when I asked for better pictures or addresses of their properties, they could not provide it. They were getting frustrated and kept saying why you care what your room looks like, who stays in their room on a vacation, etc. After their refusal to give any such info, I left but there were other people who were signing up.
Later, I learned that these are indeed scams, and I got lucky that I didn't sign up with them. Their properties might be run down, and the company might fold after a few years and you will lose access access to "their" vacation properties.
To their credit, they did give me a a gift certificate for low end hotels chain.
Jeez, the timeshare industry is infamous for overpromising and not having the best properties or security for your 'investment' but not even having glossy brochures and maps to show customers giving out buying signals is really low effort for $15k
If the only way to sell those goods is with aggressive, high-pressure sales pitches & environments it's a good sign nobody actually wants that product and that entire industry should be regulated away.
It's almost always the elderly and they're relentlessly pursued over the phone.
I think that's a stereotype, rather than a rule. I've seen articles in the newspaper occasionally where the victim is a person in their 30's or 40's.
I suspect that we don't hear a lot about that because there isn't a lobbying or information group like the AARP for 30-somethings. Also, losing $250 to a scammer is less tragic for a younger victim with a full-time job than it is for a 70-year-old on SNAP, so they don't talk about it as much.
When I worked in a large office with very ordinary, I saw people of all ages falling for scams. They just didn't know they were scams until it was all over, and then they just stopped talking about it.
This is an experience my parents experience on a regular basis. Unfortunately, my father, who used to be very tech savvy - worked for Control Data for all of his career - is suffering from mild dementia and my mother doesn't know up from down on the computer. My father still loves to sit at his computer putzing around but too often gets sucked into some kind of infomercial / scam. As an additional example, we were recently charged over $1800 of overage fees when my dad kept backing up his entire harddrive to a cloud service not really knowing what he was doing.
It has gotten to the point where they really need me to assist them with all most everything related to managing their computers. Unfortunately I am 1000 miles away so we struggle on the phone to get things sorted out.
What recommendations do people have for being able to remotely manage windows machines. I am on windows 10 and they are still using w7. I'd like to be able to remote into their machine with admin rights so I can manage software, finances, etc.
TeamViewer. It's basically VNC, but with a middleman proxy so you don't need to do any hole punching, it has a single file executable "quick support" download, and random one-time passwords.
Somewhat ironically, it's also what scammers tend to use.
Windows Remote Assistance has been a built in feature since XP.
For security reasons the account you access in Remote Assistance is the account requesting help, and UAC prompts on the remote machine (anything on the "secure desktop") are not remoted, and have to be agreed to by the person you are assisting. However, if you have setup an Admin account on that machine, you can still use any RunAs tools of your choice/familiarity (runas.exe, Shift Right Click Run as User, PowerShell Start-Process -Credential) to escalate to your Admin account (so long as they don't need you to input your password on the "secure desktop").
VNC. Put a server on their computer and through a VPN you can safely do and show them what you meant.
Or switch them to Linux. For browsing/mail it's perfect. And if they want to have Windows games then make a separate partition where they play there and cut access to internet for that Windows installation.
> Or switch them to Linux. For browsing/mail it's perfect.
My dad switched to Xubuntu a few years ago and has been singing praise of it ever since. It's a pretty straight forward desktop environment that isn't prone to frequent radical changes like some other DEs. I think it's an ideal DE for somebody with basic browsing/mail requirements.
Seconding this. Literally 99% of what many old people need to do with a computer can be accomplished with xubuntu/xfce desktop environment (which is now a traditionally comfortable GUI similar to windows 98/2000), and inside a browser like Firefox. Install ublock origin and a few other common sense plugins.
Thanks. This makes a lot of sense. Hopefully they will go for it. Next time I'm down in the Bay Area I will definitely try converting them and it sounds like it might be the best solution for me to be able to remotely assist with their computing needs. With the aging demographic in this country, I'd imagine there is some real opportunity for someone to create more tools to help those of us looking for solutions to help our parents navigate their safe computing / IT needs remotely.
I switched my Dad to a Chromebook, been several years now with limited issues, though he still does seem to end up with some very strange ChromeApps that end up screwing up his default search and other settings
Maybe I should transition to him to Linux and FF at this point...
I noticed the last time I tried to buy a PSN gift card at CVS (which I do because I don't trust Sony to store my credit card information), the terminal actually flashed a warning about gift card scams.
It's sad that this has become so common as to actually need these kind of warnings. I understand if you're paying a ransomware threat and know that the guy on the other end of the line is a scumbag, but, I can't imagine how someone gets fooled into thinking the FBI/IRS/other three-letter agency would accept iTunes gift cards as tender, much less demand it.
Tbf when you are sending a Western Union transfer, the form that you fill out has a very specific warning, in bold, saying that WU is commonly used for scams and to never ever send any money to someone you don't know. I imagine the effectiveness of these warnings is near zero.
Anecdotally the WU customer service agents (usually at third party check cashing/money service places that) are much, much less suspicious of questioning people on money transfers when the ethnic appearance of the person matches the destination. Since sending money to family members and friends is one of the most common uses of WU. For instance a person who looks south asian sending money to Pakistan. Or a person who looks Filipino sending money to some small town in Palawan.
I think a solution to this is for all the giftcards to add a delay of one week in order to cash in the points. This way the scammed would be able to get some money back once they realize it was a scam.
Or even 24 hours. It seems like a lot of people get off the phone and immediately realize they've been scammed.
...I'm curious about how many people however, are totally fooled by the scammer--everything is very realistic up to a point--but then get to the part about paying the IRS in...iTunes gift cards. "Like, what?...[click]". 90 percent? 10 percent? Maybe no one.
This seems like as good a place as any to discuss. What steps have you taken to protect your parents from these and other scams? I'm looking for both technological and non-technological ideas and any info on what has or hasn't worked.
I've told my parents and in-laws (mid 70s) two things (they're cognitively with-it as far as mid-70s people go, I don't know what advice would work for people who are losing their mental faculties). The things I told them are:
1) Gift card = scam. Always, 100% of the time. No government agency and no legitimate company will ask for payment via gift cards, ever. My in-laws nearly got scammed by "Apple support" calling to say their router had been hacked and was being used for illegal activity and that they needed to pay using iTunes gift cards to have "Apple support" "clean out their router".
2) Nothing is immediately urgent. Unless someone is dying in front of you, the problem can be solved later. Banks, government bureaucracies, lawsuits, etc all work via snail mail and lawyers and paperwork, not by calling you up and telling you you're going to jail and are going to lose all your money unless you do something immediately.
3) Never, ever, ever tell anyone anything if they contacted you. If it's the bank calling, or the government, or insurance, or the power company, or anyone else, say "Thanks, I'll call you back". Hang up the phone, wait an hour then find the phone number yourself (look on your bank card or whatever) and initiate contact with the company.
Same goes for emails. DON'T click links in emails. Delete the email. Wait an hour or two then research the phone number to call and initiate contact.
I will never even have a phone conversation with someone that called me (other than friends, of course)
To point 2, there are scam calls in Asia that would show up as your child's phone number, with someone saying they're from the hospital, the child has been in an accident, they're going to operate but they need payment first. I guess even in the "bad parts" of the world doctors would never delay treatment due to money, but maybe some parents don't consider this in their panic.
I wonder if having a duress as well as normal password (like in https://www.youtube.com/watch?v=fx77j1vl4d8) is useful, but obviously if the caller is pretending the person is incapacitated, that goes out the window.
You are very lucky to live in a country where you can't even imagine that's an option. In countries like India, Pakistan, Bangladesh, ... doctors won't see you if you can't pay. In some places you even have to provide donor blood to be able to get an operation! Leading to nightmares like this:
Once she was able to see the system behind the calls, that screened out 90+%. There are still banks that call her every week to try and convince her to refinance her mortgage on terrible terms. The best antidotes to this are financial security (even if what you're telling me is true, I don't need to do it to make ends meet), financial literacy, and hard-and-fast rules.
1. Never give any information over the phone. Particularly financial or identifying information.
2. If you feel sold or pressured, tell the person that you need to go to the bathroom, and that you'll call them back. Then, call me and we'll talk through it together.
I got a couple phone calls from my mom over the next couple weeks, but they built her confidence to the point where she can spot the scams out very clearly now.
I can't imagine how difficult this would be, if my parents had short-term memory loss or worse. This industry is really soul-crushing, and the FCC needs to stomp it out.
1. Between TMobile's "Name ID" app, and Google's call scammer screening, I very, very rarely get any scam calls through anymore. That's a huge change from recent experience for me.
2. I absolutely love Android's "screen calls" feature, where it does speech-to-text over the phone. 9 times out of 10 it just discourages scammers from going further.
3. Most importantly I think is just to train (and practice!) people that if they don't recognize a caller, just hang up. Don't talk, don't apologize, nothing, just hang up. People are socially conditioned to think that's rude, etc., but it today's age, that is by far the safest thing to do.
I've installed AT&T call protect on my families phones, and I run the family accounts for the cell phones and streaming services. I setup all tech for the family to make sure adblocking, virus scanning, updates are done in a timely manner. iPhone+iPad has done wonders for my mom's tech skills and I don't have to worry about viruses anymore, it just works for her. My mom knows that I am always available for her to contact me anytime someone wants more than $200 from her. The family will forward me any emails that they think are suspicious for me review.
Target was too lazy to check all the gift cards to see if they were redeemed when he called them. 4 out of 6 weren't. That's outrageous. Target should be on the hook for any unredeemed cards from the time he called to report the scam.
BTW: I recommend Maria Konnikova's book "The Confidence Game"
Unreal. What is the thought process through which one thinks it is perfectly fine and reasonable to buy 6 figures in gift cards from a department store.
Retail stores make tons of money on gift cards - specifically, when people don't use the balance or lose them. See https://www.cnbc.com/2020/01/10/3-billion-of-gift-cards-go-u.... It's like the stores are essentially minting their own money at this point. They have zero incentive to put "checks and balances" in place, unless they start losing money on it from some king of federal penalties tied to cases like the one in the article.
Whether you're dealing with actual law enforcement or someone pretending, the procedure is the same: Say nothing, tell your lawyer and wait patiently to be arrested. Assuming it's real, it's the action of a court, and court proceedings are routine, slow, procedural, and consist of paperwork. And somebody has to show up physically with a warrant. For chrissakes, make them work a little for it. If they can cow you without even getting up from their chair, you're making it too easy. This just happens to deflect scammers too.
What kinds of people are running these scams? Are they just normal Indians that think they are playing "Robin Hood" with the rich Americans? I would like to see "a day in the life of an Indian scammer"... are these scammers poor and/or desperate? Are they desensitized psychopaths? Are they mainly teenagers who think it is a game? Are they adults who are fully aware of how criminal their acts are?
They are most likely young adults who while probably know they are doing something wrong don’t know the significant impact on the people they end up causing.
Yes, very likely poor, desperate and also under duress by their “managers” to meet their quotas. It doesn’t absolve them of their sins though. The system might even be gamified for these callers and they lose sense of their own morality at some point if they have any.
This scam has been going for so long yet the authorities don’t seem to be doing enough either in US or here in India. I wish someone powerful enough takes this scam head-on and uproot the whole system. It really preys upon one of the most vulnerable members of our society and we should collectively do something about it.
After an aunt of mine got scammed just like this, but to a lower tune of money, I got so sick of this happening to vulnerable people. I went ahead and made an app and put it on her phone.
The other apps and services out there operate on a blacklist model. They block calls they know to be bad. My app turns that around and operates on a whitelist model.
That being said, I had to help my aunt out some in getting it working, but now I am confident that she won't be scammed again.
Despite all the normal warnings we give our elders, in the heat of the moment, the scammers know how to take advantage of them. The best thing is to not allow them to ring their phone.
If anyone cares, my app is in the app stores, and available 100% free for basic usage.
I know on iOS you can just block any calls from contacts that are not in your list. It's pretty easy. My phone just won't ring. They'll be sent to voice mail instead. In my voice mail greeting, it says that I won't listen to the voice mail, and if they're trying to get in touch with me, hang up and text me.
Yeah, that is great that iOS did that! They released that last summer I think.
There are times that you do want anyone to call you, or you don't even want unknown callers to leave a voicemail.
My friend's mother would freak out with every little thing always, including the voicemails from robotic voices saying their SSN will be invalid unless they call back at some weird number.
So my friend got the app on her mother's phone and set it to the strictest mode, and her mom hasn't freaked out anymore. This only works because she uses her phone for talking with family members and a few doctor offices.
Dad got taken for $300 from the fake "Microsoft Support" people. And then had to pay a local firm to fix & remove all the stuff they changed when he allowed them remote access.
He was a smart man. But as he got older he would lose patience with websites and just click on anything .. ANYTHING to get the popups to go away. Which had the inevitable result.
This is despite me telling him not to do that. And if his computer started acting up, just mail it to me and I'd reload it for him. But he didn't want to "be a bother" and his pride meant he would refuse to admit to himself that he had been taken.
Talk to your parents, be patient and explain it's not a bother, that everyone eventually gets affected by the scammers. And that you're more than willing to help them.
I feel like it would help a lot to require cashiers or gift cards give warnings, something like, "gift cards should be bought for people you know and not as payment." Sort of like the "Don't drink and drive" at liquor stores.
There are no legitimate businesses that take gift card payments. Even trading/buying gift cards locally is risky because one could take a picture of the gift card and use the code before the buyer.
I feel like it would help a lot to require cashiers or gift cards give warnings, something like, "gift cards should be bought for people you know and not as payment."
Apple does this at its stores. I bought a gift card there just before the pandemic, and the clerk read me disclaimer text about scammers and gift cards, and then I had to sign the statement on his iPhone before I could pay.
Psychology aside, I find it really difficult to understand how someone rationalizes to themselves the idea that some government official calling them wants gift cards to pay their fine, or restitution, or any other legitimate payment. I mean, I wish I could pay my taxes in gift cards---you can often buy them at a discount!
Maybe they convince themselves that the supposed law enforcement officer is actually asking for a bribe?
For many immigrants, it seems quite probable that they came from countries where bribery is totally normal every day behavior, so it is plausible that it might not be much of a stretch for them.
https://egbg.home.xs4all.nl/counterscript.html has a decent resource on how to handle these kinds of calls (if you choose to engage at all). One should really have a printout ready to use at all times.
When I read about these scams, I always wonder how do the scammers justify this to themselves? I can’t believe there are that many true sociopaths completely lacking in empathy. And I believe no one is the bad guy in their own narrative. Do they convince themselves that they’re not really harming “rich people who don’t need all that money” or that their own situations are so extreme that they “need” to steal for their own survival. Or they just don’t think of stealing as an act with any moral weight.
Or possibly I just have too sanguine view of humanity.
I've heard an interesting take from an assistant to a lawyer who helped someone defrauded of money.
Nobody ever wakes up in the morning and says, "What I am going to do today is evil, and I'm okay with that."
When I thought through each of the examples of society-wide atrocities,
examining them through the new lens I had gained in that deposition room,
immediately I saw it: In every single case where people cooperated with evil, they used eloquent lies to assure
themselves that what they were doing was actually good.
I once got hold of the dutch book 'vuile jatten, schone handen' from A. De Rooi. I always wondered about the degree of reality of the book, but it might show part of what's going on.
In the book, a boy -the author- suffers severe neglect and betrayal, and grows up a criminal. Thief, mostly. His motives are complex.
He tends to see others as prey, there is the passion for the chase, he is fascinated by the criminal side of life. He seems quite smart and inventive, thinks his crimes through, but does not care too much about morals. Prison is a risk of the job. Otoh, close friends and partners are respected and can trust him.
It was a strange, interesting mix. I nevertheless hope I never meet the author.
> I always wonder how do the scammers justify this to themselves
Scammers rarely work alone.
For most, it's just a job. One that pays decently well. In most cases the companies(yes, companies) involved maintain the appearances of a normal call center, with sales targets and everything.
One such scam company was even providing Japanese language training, so they could target a market that's less disputed.
Indeed, and commission sales is a heck of a drug. If you need money, and a company is paying you to sell people a product... you may find yourself selling products you don't really believe in in a call center, where you know the person buying isn't really getting a good deal. Only a tiny step further to actively trying to take their money for a nice bump in your commission check.
Add that your scam call center employee might have family to feed, and suddenly scamming the rich senior's retirement fund seems like a minor transgression...
After spending over five years moving through Latin America and Africa, I have a slightly different view of the "developed world" than most who live in it.
I personally think what the scammers are doing is no more morally corrupt than Nike paying workers fifty cents an hour to make a pair of shoes for $2 than they sell for $400, or health insurance companies denying coverage to people literally dying in the name of profits.
All of the above (and scammers) are extremely morally corrupt and "wrong", the only difference is some of them have been normalized.
Some think that everyone in the target country they're calling is rich and/or insured and/or will get reimbursed by their government anyway, so it's more like shoplifting (from an insurance company or the government) than stealing from a person.
I could see myself falling for something like this up to the point I was asked to buy gift cards. I feel like that would set off all the BS detectors in my head.
I rarely answer my phone if it's a number I don't know (if it's important it will come in the mail or they will leave a message) and always call back a number I lookup online to handle things like CC Fraud calls.
I'm not trying to pretend the manipulation isn't effective or say this person should have seen through the scam but I just cant see myself buying gift cards and reading them out over the phone to a "government agent" no matter how much info they had on me.
I would love to listen to a successful scam phone call (not one where the person being scammed is trolling them but a real case of getting scammed) to better understand this.
I know it is difficult for older/elderly/less tech savvy people but we have to keep trying to educate whoever we can.
First, if someone asks you to make ANY payment through Gift cards, assume it is a scam and move on. Hang up. Even if tehy are claiming that you son/daughter just had an accident or was arrested.
If you do get someone to tell you that your family member is arrested/in an accident and needs immediately help, tell them to txt you the address of where they are and you will take care of the rest. Hang up then.
The Govt. never calls and asks for money on phone. They do call sometimes but will always send paper mail when it comes to money matters.
If you are not sure, hang up and call back yourself after checking the legit number online through the main website. Never call a number that is from your voicemail etc.
Just like the post office asks if your package contains anything hazardous, and the liquor store asks to see ID, you shouldn’t be able to buy a gift card without being asked, “Did someone you’ve never met tell you to do this?”
My question is how was he even able to do spend that much in one day? did he spread it out over several accounts or something? Or did he pay cash he had under his mattresses?
I have all my accounts locked down to a reasonable daily spending limit (far lower than $3,000) , if I have a large expense then I have to call my credit union or credit card company to to a temporarily increase on that spending limit.
Also why do people still answer unknown numbers. I NEVER answer a number that is not in my phone already. If I don't know you, you can leave a message and I might call you back maybe (unlikely)
I'm a big fan of kitboga, he's got a twitch and youtube channel. The scammers constantly ask for gift cards. It's amazing to listen to, especially when you think about the vulnerable segments of our population who fall for these scams.
There's websites where you can buy "used" gift cards and I wonder how many of these are cards from scammers that are now turning them over for cash.
Its not that people are dumb, they usually target the elderly. Senility is a real thing that can happen to anyone no matter how smart they were when they were young.
If you're in the mood to watch something pretty sad, check this out: https://www.youtube.com/watch?v=i1Bu034pGdc - This group goes around scam busting, in this instance they end up at the house of an old lady who has been scammed, it's pretty crazy.
I got a voice mail from the IRS literally days after I got a letter from them. It was hard not to panic, and google the number.. Then
I get chinese phone scam voicemails all the time. Its clever because I can't understand them, but if I was a Chinese speaker, it would seem like it was for me.
I like to think I'm savy, but these tales serve as a cautionary guide..
Seems like the FTC or some other government agency could save a lot of people a lot of heartache with a PSA targeted at elderly people. Commercials during daytime TV basically saying no one will ever legitimately call you and ask you to buy gift cards as a method of payment.
I don’t think you get to say that anymore. It is hard to judge the people we know correctly, but of the many steps, thinking the government would want payment immediately in gift cards must be the biggest gullible jump.
Isn't that just as ridiculous of a notion? A DEA agent shaking down an identify theft victim for Target gift cards, calling from a government phone? It's a hell of a yarn, no matter how you read it.
No? You're saying that someone shouldn't have believed that one kind of scam was happening, because only the other kind of scam is real. That's a much more subtle distinction than just "payment in gift cards is a scam". It also doesn't seem like a thing that can really be supported with definitive evidence or authoritative decree.
The font on the sign warning about gift card scams seems pretty small. Given that most of the targets of these sort of scams are people who likely need reading glasses, these signs and the font should be bigger.
I know some stores also put the warnings on the credit card machine you got to accept too. I know CVS does this, not sure others but people probably just tap away. I think they do that even if paying with cash, not sure...
I don't understand how someone could believe a federal agent wanted to be paid in target gift cards. Why would any official, for any reason, request gift cards as payment?
Someone called me this morning impersonating the financial investigations unit of the 'Bank of Canada'. Literally. I hung up immediately and called back, it was a spoofed number.
We need better controls over calling, source numbers etc..
Don't call back. Sometimes it's not a spoofed number – and if it's the scammers' actual number, you're calling back the scammers. Look up the number online (preferably after a 1–2 hour wait, because sometimes they can keep your phone connected after you hang up, so new calls just go straight to them).
Happened to me twice in the past couple of weeks (minus the "being scammed" part). Once claiming to be from the CRA (Canadian's IRS), and once obvious fake impersonating the IRS on a text app. In both case, the initial message was a text-to-speech intro which claim to be followed up to an "agent"... I guess to filter out the large amount of people hanging the call.
Shout-out to scambaiters like Kitboga, ScammerRevolts, Jim Browning and Lewis's Tech. you can find their videos on YouTube. jim browning recently closed down one of the scam call centers with the help of Karl Rock (popular vloger in India) and ofc Indian police. they also arrested the owner.
Leveraging these sorts of "I or someone in proximity to me did something dumb" stories into clicks/likes/virtue points just rubs me the wrong way. If I want to hear about how your grandma got phone scammed by Nigerian princes or how your coworker fell off a ladder because he neglected to follow safety proceure I want to hear it from someone with relevant professional experience and qualifications on the matter, not some internet rando who's looking to pimp out others misfortune for clicks. IMO that just adds insult to injury.
And since I know this is an unwelcome opinion here would anyone care to tell me why I'm so wrong or why they disagree?
1) Caller-ID spoofing. It straight out should not be possible to spoof government phone numbers, 911, etc. My Android has "Scam Likely" show up when a scammer calls (I believe this is part of the STIR/SHAKEN protocol), this should be expedited, expanded, and improved upon.
2) Someone should not be able to buy $3000 of Target gift cards without doing a lot of explaining. Personal experience: The grocery store I go to; the registers will straight out refuse to ring up above $500 of gift cards, you have to use the Customer Service desk where their agents grill you (and I do mean grill you, their default mode seems to be "You're being scammed", especially if you're on the phone with someone).
3) If I buy gift cards in New York, there's zero reason someone in Bangalore, India should immediately be able to redeem those gift cards. Perhaps Target could should spend some of their data collection techniques on this instead of trying to figure out if your daughter is pregnant so they can send you maternity coupons.
4) Is there a reason unused gift cards bought within a certain amount of time shouldn't be refundable?