Related. I listed something for sale on Craigslist recently and got a bunch of messages right away that asked obvious questions that were in the listing. One suggested that his wife pick it up, and can I take Zelle? Went silent when I said cash only.
But the most interesting scammer said: "for my safety, can I send you a 6-digit number, and you confirm it, so I know the listing is not fake?" I say yes, unsure what the scam was going to be, but sure it was a scam. Moments later I got an SMS from Google Voice asking me to verify my phone number. Mofo tried to steal my number, presumably to use it to scam other people. I was pissed and impressed.
They were not trying to steal your number. They were using your number to back a new google voice account, so that they could get another free number from google. It’s a common scam, used on facebook marketplace sellers as well, and actually works best if the victim has never used google voice before.
That's a fair clarification, I figured they were trying to move my number to Google voice, but now that you mention it I think that would require more paperwork.
Around here all banks that used SMS for 2FA did that. You'd get sms detailing the transaction - whether it's log in, transfer or anything. In case it is a transfer, the text included the amount and destination account.
Everyone mostly went to "authentication apps" now but those still show what are you confirming.
Yes, this is called WYSIWYS (what you see is what you sign) and I suffer whenever I receive a confirmation code saying absolutely nothing. However, when _you_ write the code to some trusted web app, there is that context, at least. But reading the code to some random person on the phone? No way!
Do you really need a message like that? If you didn’t try to sign in But you get a notification, it’s pretty freaking clear what’s going on. Alternatively if you just signed up a new account you should probably expect a message like that
A common attack is to impersonate a trusted institution and ask for confirmation via an SMS code. The attacker is going through the lost your password recovery flow for 2FA, but pretends it's just for confirmation of identity. If they're smart they can even perform the attack twice and change the 2FA number for your account. If the code was accompanied by an explanation of the intent it would mitigate the attack, that's why.
I got a similar scam via instagram DMs recently. They claimed to need me to confirm a code so that they could log in, but actually just triggered my own password reset. Message sent from an actual friend's account (which they had presumably successfully scammed) too.
Certainly made me think about how password reset emails are worded!
I see a lot of these too. They take over regular people's accounts, e.g. people from school I still follow, probably brute forcing passwords, then they post all this content how they are self made off crypto but the person in the videos doing the prostelyzation is in no way shape or form the same person who previously held the account.
Clearly they do this to get a decent follower count initially for their spam bots, but my word is anyone who follows John Doe actually going to believe a scam video that is clearly not John Doe coming from John Doe's account claiming to be him? There has to be more effective angles.
I would hope that Instagram has some counter-measures to prevent brute-forcing, at least restricting the number of failed login attempts.
It might be instead that your friends re-used a password that was leaked/stolen from somewhere else; anyone with a non-trivial number of online accounts using the same email will be listed in multiple leaks on aggregators like https://haveibeenpwned.com/.
Part of it is they're just looking for the lowest hanging suckers that won't notice, easier victims mean less wasted effort on someone who might bite initially but won't convert into real cash. Also I'm betting it's to legitimize their existing spam accounts with follows from (formerly) authentic users.
A few years ago one of my friends pulled a prank on another friend and made a fake craigslist listing for some truck with his info. I don't think his phone has recovered from the spam to this date. There must be a thousand crawlers combing every single craigslist ad there is looking for information to add to these databases.
I've got both those scams. The Zelle person sent me a fake email claiming to be from my bank and that to verify I needed to send them money so they could send me money, right...
Hmm. Makes me wonder about the security of two factor authentication schemes. For scams like these it's pretty obvious that someone is trying to access your account, but I do wonder if there are more secure ways to verify your identity when changing account settings.
It will depend on the authentication strategy. For WebAuthn it isn't a problem, short of sending you their physical authenticator (e.g. their Yubikey, or their iPhone) they can't help you sign in as them even if they wanted to, so this makes it very hard to fool ordinary users into helping crooks.
my wife had the same thing happen. when she said no, the sender cussed her out a bunch. after TFA I can see why he may have been desperate and venting.
For a while I grew quite fond of wasting phone scammers time. I’d pick up, talk suuuuuuper slowly— like Emo Phillips speed at one syllable every one or two seconds— interrupt with irrelevant questions or anecdotes, and overall just see how long I could keep them on the phone without giving them any information. The best strategy I found was telling them that, yes indeed I did remember owing the IRS or whoever money and I could pay them however and insisting that first they needed to take down my new email address… I’d just start spelling random words incredibly slowly, say I messed up and start over, ask if they needed my checking account number to keep them engaged and then start spelling my email address again. They prey on intellectually disabled folks so pantomiming a stereotypical version of that wastes a ton of time while keeping their interest. Got boring after a while but I got pretty good at it.
I've had a lot of fun doing this with the "did you have an accident that wasn't your fault?" spam callers.
I always try to come up with a plausible accident that slowly descends into something, well, not so plausible.
My recent favourite has been admitting that I'd had an accident because my dog was driving my car at the time (he was begging me to, and I didn't want him growling all the way home, and he'd been such a good boy the whole trip so he deserved it).
Another is where I talk about an accident and a neck injury I'd received, until finally explaining that I'd been decapitated in the accident, and that it was causing problems with work, and how excited I was to finally get some compensation.
I didn't know I wanted this service until now. $2/mo? Hell yeah.
The sticking point, for me, is that I have to merge the call every time. Ugh. I want it to prompt me whether I want to blackhole a call like the Pixel Google Assistant, but instead of politely screening just torment the asshole.
For a service like that, I could imagine paying substantially more, possibly even for a premium service where the call would get transferred to a human tormentor.
Easy to build on Twilio. Then port your tainted number in, give a new number to the in-group. But the Twilio "clean call" plugins don't work. So, play the funny loop and offer a bypass for known-numbers.
I wonder if these countries have some technical difference in their billing systems— like you could merge them into the call from a toll number and reverse charge them or something.
another automated scam trolling service called lenny - https://www.reddit.com/r/itslenny/
Listening to some of these makes me laugh so hard my eyes start to water. The script eventually loops and some scammers don't catch on despite being implausibly being interrupted by a flock of ducks.
I did that once while I was driving for an hour. They had already interrupted my podcast with the call and I didn't have anything better to do, so I engaged.
They eventually caught me when I didn't give the same fake SSN twice.
I went through a phase where I was getting 4 or 5 phone calls per day, mostly companies doing strange surveys. I used to amuse myself by using a d20 and googling for top 20 manufacturers in different fields. What car do I drive? Pick from a list of phone manufacturers and so on. Spent the whole time sounding interested, friendly, and only occasionally pointing out I need to find my dice. The calls started drying up pretty quickly.
You might enjoy Kitboga's videos![0] His channel is basically him messing with scammers and going on tangents. I really enjoyed his collab with CallMeKevin.[1] There was also one video where he ended up calling a second scammer for "tech support", pitted them against each other, and made them get into a literal rap battle with each other.[2]
Not OP but once a spammer called me when some long stuff had just started building and I was just sitting there watching the logs, fixing some random stuff on the fly, rebuilding and so on. I stayed with them on the phone for something like 40 minutes, after a while they started getting more "violent" until they abruptly hung up when it was crystal clear I was pranking them.
About half an hour. Earlier I had seen a video on YouTube of someone just driving through a city I was considering moving to— just car sounds. So I told the guy to stay on the line while I was I was driving to Walmart to buy gift certificates because it was only a 3 or 4 minute drive and kept being like "oh damnit... I took another wrong turn" every now and then. Eventually he heard me typing and hung up.
Wow, how interesting. I started getting these a few months ago, right after starting a new job in a somewhat high-profile area. I have been getting 1-2 per month but found them quite unusual because none of them ever progressed to an actual scam - just a few messages back and forth about the fabricated "wrong number" situation and then each thread would stop, seemingly earnestly.
Since there was no obvious scam, I've been wondering what the motivation for these was, and actually started worrying about whether someone might be trying to compromise my phone via some yet-undisclosed SMS exploit - why else would there be a systematic effort to get me to spend time exchanging a few pointless messages around the "wrong number" pretext that otherwise went nowhere?
I tried calling the senders by phone and found they were all Google Voice numbers, which eliminated the possibility that some actual rich guy had innocuously ended up with a number similar to mine.
I asked a few friends and no one else was experiencing the same thing. Glad to hear it's not just me.
If there's back and forth interaction I wonder if it is to aid improving their "legitimacy footprint" from metadata or something to avoid spam blockers.
This is a good guess and if true, pretty damn smart.
Essentially reverse engineering the spam model by brute force.
If they are doing this at scale they can experiment with # of conversations, length, and other variables to see what is needed to bypass spam blockers with high probability.
I've gotten a few in the last couple months, with a US cellular number that I've had for over 20 years. At least two are "I missed you at the gym today!" via text and another was from a Vermont area code via WhatsApp to a "Dr. Jack":
> Hi Dr. Jack! My cat is very slow and does not eat cat food. Can you make an appointment for me?
> Sorry, you have the wrong number
> Sorry, I just checked, I entered a wrong number, please don't mind. hope I did not disturb you.
> Best of luck with your cat!
> thank you for understanding. You are a kind person. where do you come from.
And then I just moved on with my day, because as nice as that sounded I wasn't looking for a conversation.
The contact profile image is of a young, attractive Asian woman, I think at a restaurant. No reverse image results on Tineye or Google.
[Edit: I’ve had this number for over 20 years (not “nearly 20”) and now I feel old.]
I also get messages on WhatsApp with similar profile pictures, although I’ve never replied or tried reverse image search. Some of the recent messages:
“Mike, this is my new number. Let's play golf tomorrow and talk about working together?” (My name isn’t Mike.)
“Hello, how's Kevin doing?” (My name isn’t Kevin and I doubt they're talking about anyone I know whose name is Kevin.)
The thing that always seems so weird to me is, if I’m on some list, why are there so few messages? Is this some group that keeps their list of numbers to themselves and is very disciplined with how often it sends out scam attempts?
My spam horror show started after responding to a text similar to these. It was poised as a woman trying to connect with her daughter. I responded, and since then have had a deluge of spam and crap messages.
A bit over a year ago, I received over SMS a photo of a young woman using her mouth to lift up her shirt and reveal her bra. Her face above the very bottom of her nose is not visible.
This was followed by the text "hi, is this Grèg frm Sañta Barbara?.? It is Jennifer."
Clearly some sort of scam is afoot, but I don't know what it is. And virtually no effort has been made to be at all convincing, given the diacritics.
There's a lot of lonely people out there who probably would welcome a friendly conversation with a random stranger. I bet that's the target audience for this scam.
The pictures are always super blurry, clearly fabricated or heavily doctored. Often I've gotten the same portrait for several scam texts from different numbers.
Finding the right place to focus the camera is essential, to both focus on the plane you are looking for as to have it focused on a spot that will produce the desired brightness in the overall picture (how that works I don't know, just advice from an ex that went to photography school for some time)
idk, I've tried baiting these -- respond with "no problem, your appointment is booked!" They will thank you and proceed with the "so what are your hobbies" part.
I got one today, addressing me by a wrong name and berating me for bullying some (female) name. Last line was something like "This is Jin."
It may have been a totally wrong number or the start of a scam. I decided not to engage and haven't heard back. Considering how mad they came across in the initial message, I can only assume silence means it was a scam.
I went back and reviewed my conversation. I hadn't looked at the photo super close before, and was surprised when I could actually get a somewhat high-res version of the profile photo.
I had a photo of an Asian lady holding a Starbucks cup at a restaurant. Maybe an office, actually? The photo was reversed, as the lettering on the cup was backwards.
What would the motivation be for anyone to reply to a text from an unknown person? I have also been getting these for months, in it was 100% obvious from the get-go that it must be a scam. I have never felt the slightest urge to reply.
I've gotten two messages in the past month of the form "Hi, is this <my real name>?" from unknown numbers. There's a chance they're real acquaintances, but the likelihood of them just being spam finding my name & number in some online database is too high that I haven't responded. If they were real acquaintances, I guess they would tell me who they are, right? Dunno, feels weird.
Considering how almost every form of social trust has been abused to either spam or scam me, I am old enough to remember that but have also had that politeness completely scrubbed from me.
I wish we still lived in a time when being scammed or spammed wasn't so prevalent, but we don't and I'm not doing anything that might tip off either of those groups that my number is ripe for the picking.
Generally, you are correct. However I had an interesting experience in the 90's where someone's number was somehow linked to mine. So their friends kept calling, for the first few times I politely said that X wasn't here, they had the wrong number. However I had a call blocker on my line, and after two or three phone calls I'd just add the number to the call blocker.
I also had an answering machine, and eventually, I got a long diatribe from the irate person whose number had been linked to mine who was very upset about the situation. They explained the phone company had accidently linked the numbers somehow. They were very upset because their friends couldn't reach them and because I had been call blocking them.
So, I listened to the message, thought a moment and then added them to my call block list.
Somehow when I was in high school, my ex girlfriend's cellphone number became linked to my cellphone number so that if someone called me while I was already in a call, the new call would be redirected to her. It caused some awkward situations. I have no idea how it happened. I had once set her number as a speed-dial on my phone and also set it as a Verizon "friends & family" number so I could call her for free, so I assume somehow there was a glitch with one of these features. She was a mutual friend with a lot of my friends so people just assumed they had called her by accident, but years later I finally realized something was up when a new friend who didn't know my ex got redirected to her. I googled a lot and found out there was some phone star code you could dial to set or unset a number to be used as a backup number, I finally understood that was the association that must have been set, and I was able to clear the association. I wondered a lot if I had accidentally used the star code in the past to set up the association but I can't imagine having done it by accident, and I didn't know about the feature before.
Calling a business though? A colleague had a problem where their number was 1 digit off from some delivery number (maybe pizza?) and got calls all the time.
Someone else erroneously has their number (different area code) in the google info for another business, same problem and took a while to fix.
Hah, there’s a Seinfeld episode about this, where Kramer is one digit off from a movie showtimes hotline, and he fully plays the role and starts answering everyone’s questions about which movies are showing!
It's good to have a few numbers memorized. What happens if your phone dies, and you need to call someone? If you don't know any phone numbers, you have an problem.
I dial a few of my contacts by number, just to set them in memory.
I meet new people fairly often, and if I just ignored these messages, the chance I'm actually being rude to someone I know in real life is fairly high. Now that I know the pattern I will probably be more circumspect about it.
I admit if I got a variant of the “Andy, will my custom mahogany furniture arrive next week?” text mentioned in the article, part of me would be very tempted to reply with, “Absolutely. On its way!”
a good portion of these will show a photo of some hot young woman fairly early in the conversation, and trust the horniness of random dudes to outweigh their suspicion.
I thought it was just me also. At first my assumption was "OK, I'm being redirected a bunch of texts from other numbers", as nobody else I asked had similar problems (and I wasn't really being scammed at all). Some of the scammers even sent pictures to make them seem more legitimate. On iOS, the green bubbles and just continual flow of similar texts eventually made it suspicions that I don't even reply wrong number anymore. I just delete and block.
This always reminds me of some dudes in France who decided to counter attack the scammers. They basically steer the conversation off-script to something more tempting to the scammers, and then make them do stupid things. Like "I am sorry there is nothing I can do for you, but while you're here, we're looking for some partnership to develop a new NGO in Benin". And then it turns out the NGO is called the "Sauerkraut brotherhood", and in order to get the funds, you need to join the brotherhood, and send videos of you and your family singing an anthem praising sauerkraut while being dressed up in "traditional clothes". These threads could go for months.
I did this with some 419 scammers, and led them on a merry chase. I documented it in a private web forum, which entertained my friends for weeks.
I had created this persona which was just too good to be true: A bank manager who was getting ready to run off with his mistress, and trying to secure a future for themselves with a quick payout. This fake persona was a total maniac.
At the end, the scammers were super pissed. Sending angry emails, fighting amongst themselves. Eventually convinced them to admit to being scammers. I look back fondly on the experience.
Some years ago I was selling an expensive aquarium on Craigslist, a scammer ‘paid’ me with a fake PayPal payment before asking to come pick it up.
So I convinced him that I was the manager of a Red Lobster restaurant and it was an old lobster tank that we were selling. I told him to show up during business hours and tell the manager he’s there to pick up the lobster tank.
The next day I got some ‘on my way’ texts and then soon after a bunch of swearing at me.
With paypal, finding out what is a 'real payment' is actually pretty hard - they do these odd 'echeque' payments which are reversible for a number of days. they also do 'buying a product' payments which can be reversed through a buyer-usually-wins process, and 'friends and family' payments which are mostly-but-not-entirely irreversible.
They all come with differently styled legit emails, which blend right in to the fake spam emails also claiming to be from paypal.
Yeah, I bet he’s thinking of the other way around where the scammer gets you to give them money but doesn’t deliver the product. In this version you deliver the product and the scammer hasn’t paid. I don’t think scamming people out of aquariums is especially lucrative but I’m not a professional.
Thanks. So I guess they send the money with the "goods and services" type instead of "friends and family" ? I wonder if that's (very) visible in the 'you received a payment' email. I never looked before.
>I did this with some 419 scammers, and led them on a merry chase. I documented it in a private web forum, which entertained my friends for weeks.
It's a bit dated now, but 419eater[0] is a public forum that did the same. If you enjoyed your own, I expect you'll like this too.
I did the same a few times myself, but got bored after a while. I never did get anyone to send a photo of themselves with underwear on their head (as others on 419eater did), but it was amusing for a while.
419eater is still going (albeit a little slower since the forums switched), no need for past tense. I still get that sort of scam by the boatload to my email.
I have no connection to that site. Indeed, I was aware of it before my merry chase I led the scammers on, which was 2008 when I did it. It was certainly an inspiration.
My private forum is long dead, and to be completely honest, I think the 419eaters did a much better job. That is subjective, but for sure they invested a lot more time in it.
I would post my exploits publicly, lightly anonymized, but I was in my 20's when I did it. I look back at it, and feel like the sort of long-con thinking and sheer sneakiness and meanness of how I reversed the con back at them is just not a good look. I wouldn't do it again now.
Maybe some folks understand what I mean by that? I don't want to be a shady dude, even in pursuit of some weird form of justice.
Terrified to consider what happens when these scammers get hold of large language models here in a year or so. Rather than fading into the background as this article posits, I expect people to have models finetuned on convincing them to make purchases/send money. Probably trained by being pitted against other models which have been trained on the mark's social media feeds. Train the scambot to perfectly push your buttons by having it practice against your own style of thought as embodied by your social corpus.
"Train the scambot to perfectly push your buttons by having it practice against your own style of thought as embodied by your social corpus."
Fortunately, that's not really what these language models can do. They can easily be trained to mimic you. They can be trained to mimic what normal people reply to you with. But there's no way to train the transformer-based high-probability-next-word AIs to be superhumanly good at fooling you into doing something, on the grounds of lack of training data, and probable inability to represent such a complex topic in their internal representation. And the humans doing this stuff are experiencing enough success that they probably have no desire to go chasing the super hard targets, with the wherewithal and motivation to chase them down and sue them (or... you know... worse, legal systems aren't a bound on everyone) even potentially across international lines.
You'll know when AI does get to that point, because suddenly the internet will be an amazingly interesting place with all sorts of amazingly good arguments you can't hardly resist. I imagine few of us experience that sort of internet. (If you do, uh, watch out.)
You don’t need to automate the whole process, just use language models to establish rapport for a few weeks and have humans pick up the gullible ones at the bottom of the funnel.
For sure. Or even for a few days to start. It's basically the same playbook as Waymo: get computers to do more and more of the boring parts, having human operators take over when necessary, and using the additional data generated to improve the system.
> But there's no way to train the transformer-based high-probability-next-word AIs to be superhumanly good at fooling you into doing something, on the grounds of lack of training data
The conversations of all those human scammers would be prefect training data for this. You even know exactly what conversations led to payouts. Assuming you can get all your data in one place, of course.
My context is someone who isn't already falling for the scams. It is true that you can train a model to follow through to those who fall for the scams the scammers already know, which is a fair point. My point is that you're not going to get a superhuman AI out of our current transformer technology that can talk you into believing you're a superintelligent camel from Arcturus IV and if you don't immediately turn over your credit card number, the Star Alligator of the Galactic Core is going to eat your homeworld.
GPT-3 may even gamely try to do exactly that with the correct prompt! But it'll fail. The result won't be cognitively dangerous to anyone with a grip on reality, it'll be risible.
>You'll know when AI does get to that point, because suddenly the internet will be an amazingly interesting place with all sorts of amazingly good arguments you can't hardly resist. I imagine few of us experience that sort of internet. (If you do, uh, watch out.)
I've long assumed they do the exact opposite - try to filter out people who likely see through the game so they don't waste their time mining a hill with no gold.
And they do this by intentionally making basic mistakes or other easy to spot errors so the clever people will just see themselves out and by the time their funnel gets to an actual human scammer, they have a highly probable sucker.
Exactly! Even Microsoft had a paper on this ‘Why do Nigerian Scammers Say They are from Nigeria?’ [1].
'By sending an email that repels all but the most gullible the scammer gets the most promising marks to self-select, and tilts the true to false positive ratio in his favor.’
A theory which would be more convincing except that [i] saying they're from Nigeria also filters out all the gullible people with spam filters, and yet despite spam filters now preventing the majority of gullible people from responding, the scripts haven't changed [ii] the more straightforward explanation is that they say they're from Nigeria because their ultimate objective is getting you to send money to Nigeria...
Ultimately if you're in the business of spamming people on the other side of the world in the hope that 0.001% of them will ultimately send a money transfer worth a month's wages in local currency, your time probably isn't so valuable you can't afford to deal with everyone that replies
I just looked through a variety of some of the most recent spam messages I’ve received, with Fastmail’s SpamAssassin setup, with a user Bayes filter (I’ve easily had enough spam to achieve that), Vade checking, and various block lists (some pertaining to sender, some other properties).
It’s a surprisingly even mixture of content, sender-related metadata, other message-related metadata, and unattributable (e.g. SH_HBL_EMAILS, ME_VADESCAM). Most of the time, any two of those four would be enough to reach the spam threshold of 5. Regularly, any one of at least three of them.
I should note that what I’m calling “sender-related metadata” is not penalising unknowns: it’s only penalising known-bads. Thus, it’s not really about sender reputation as a whole, but rather established bad sender reputation. The only form of penalising of unknowns that I’m aware of with Fastmail is when the sender is on a domain name registered in the last I think 72 hours.
When it comes to the more tailored things (oh, you somehow managed to spend two hours looking at my site, particularly liking my Rust FizzBuzz article, and wonder if I wouldn’t mind sharing a link to your Python guide, and you keep pestering me?), it’s only content, with everything else neutral. (In the specific example I cited there, the first message got BAYES_00, the second got BAYES_50, and the third BAYES_99 + BAYES_999 perhaps due to me manually marking the previous ones as spam but probably also from introducing the term “guest post” which I imagine my Bayes filter regards dimly.)
(I like the fact that I can inspect Fastmail’s spam filtering to quite some degree, and you can talk to their support about it as well and get more detail when desired. The big ones like Gmail are just completely opaque, with people poking and prodding at the edges to try to understand its caprice. Disclosure: I worked for Fastmail for a few years.)
That's fine, the point is to assign a cost and a liability paper trail to people who send, say, 100,000 emails.
It doesn't affect the average user and it presents very nominal hoops for the high volume user to step through while erecting substantial barriers to criminals.
The various companies that spam me to offer their services and correctly remove me from their mailing list still had no right to put me in their mailing list from the beginning.
Per the article the scammers pay a minimum of $8,000/person, plus cost to feed, imprison, etc. Pretty sure that a model that only requires electricity and GPUs to run will work out being less expensive than this especially when you consider that GPT-N (YaLM-1T?) will be able to run as many scams as you have GPUs to run inference on concurrently, increasing your possible take, and won't have to sleep.
I think we can probably rule out OpenAI and equivalent cloud services allowing people to use their APIs to run phone scams. It's even worse PR than bots saying racist things.
And if they need to train their own model, you can get a lot of slaves and poor wannabes for the price of one competent NLP engineer, and the slaves and poor wannabes are less likely to decide they're the brains of the outfit and cut you out of the loop.
I am morbidly curious what the locations, salaries and working conditions are like. Because obviously they have to recruit people who have some basic level of English language literacy, so that commands a bit of a wage premium (even in India or Bangladesh) over truly unskilled labor.
The article goes into this a little. Obviously there are different groups doing this with different setups, but in some documented examples it's basically slavery
Yeah. I suspect we're only months, or a few years at most, from automation that's as good or better than these human slaves. Then they can A/B test their way to increasing effectiveness.
An interesting twist will be to pull the voices of your friends off social media videos and impersonate them to you.
In this case, the victim deposited the money into a fake crypto platform that told him his investments were performing well, presumably to entice him to deposit even more. Of course, once he tried to withdraw the money, he found he was unable to.
That sounds just like the "binary option" business which used to be run out of Israel. The Times of Israel blew that apart with "The Wolves of Tel Aviv" investigation series.[1]
The binary option companies would hire new immigrants to Israel and put them in a call center to cold call and sell binary options sold by fake brokerages. The companies wanted people who spoke a foreign language so they could sell in that language. Scamming people outside Israel was legal in Israel at the time.
When, after years of scams, the State of Israel finally made that illegal, some of the binary options scammers moved into crypto. (Others moved to Bulgaria, where binary options were legal until a crackdown in 2021.) But the pattern is the same. Cold-contact, make friends, get people to invest in a fake brokerage, provide fake statements showing a win, refuse withdrawals.
Quite real, though. Until it became so embarrassing to Israel that the law was changed in 2017.[1] The Times of Israel: "The crooks are still out there. Some binary options firms have closed down. Others have relocated overseas, including to Cyprus and Ukraine. Some of the prime movers and shakers have already adjusted their focus to other fraudulent fields — in the fields of diamond sales, cryptocurrencies, initial coin offerings and predatory business loans. Top scammers are still enjoying the vast overseas bank accounts, the yachts, luxury cars, exotic holidays and other profits of their ill-gotten gains." [2] That's a good article, and talks about the lobbyists, the political connections, and the refusal of the Israeli police to act.
The investigative reporter who broke the story, Simona Weinglass, frequently reports on how the Israeli financial scam industry has grown and changed. "Another 2 leading Israeli blockchain pioneers named as suspects in vast crypto scam"[3] A former Celsius CFO was one of them. Celsius, of course, denied there was a problem. That story was back in in March, three months before the Celsius collapse.
Somewhere, behind this new wrong-number/fake broker thing, there is probably an organized criminal enterprise.
Now in the interest in fairness, I want to emphasize that every culture has some shitbird crap like this going on and unlike everyone else, you could convert to judaism and thus become a non slave which was hella progressive compared to everyone else at the time.
I don't see anything about white plantations holders setting their black slaves free when they adopted Christianity for instance.
Slavery in the Hebrew Bible was limited; for example they were freed in 7 years or less. It was more like indentured servitude. The American slave trade was not justified by the Hebrew Bible. Of course, when Christians culturally appropriated it, they changed it.
Op said his mind was blown by the idea that they'd be ok with scamming people from outside the country but not other Israelis which I then drew a comparison to slavery which had a similar restriction. that was the joke.
I don't know that "Scamming people outside Israel was legal in Israel at the time" is how I would describe something banned domestically in March 2016 and completely in October 2017. It's not wrong but it comes across as misleading. That's disposing of a toxic industry but having to do it twice to make it stick.
the binary options guys were obvious scams to everyone but their victims, but if someone cold calls you to sell investments and you give them money you'd probably fall for a bunch of different scams.
That is true of most scams. They're tuned for one group of people over another. Everybody has weaknesses.
Having been on the internet a long time, I have seen a lot of people on forums, this one included, do the how-dumb-are-they routine about scams. I suspect a notable fraction of those people have gotten taken in the meantime. Look at how much of the cryptocurrency space, for example, plays on people's wanting to be seen as smart, superior, and technically savvy. That motivation drives a lot of learning and technical exploration, but it also makes people vulnerable.
Some of it is timing and bluster. I have a friend who is a smart guy, owns 4 restaurants, who got scammed by a fake utility company scam fishing for gift cards. They catch you at a vulnerable moment and are good at pressing buttons.
Even with old people, people don’t realize how many sales and scam calls they get. My mom literally get 30-40 calls a day. Odds are, eventually you’re going to crack.
thats because you aren't interested in what I said, you're interested in trying to read my mind for intent, which has caused you to apparently assume the worst about me in every possible sense. Who needs to engage with that? not me.
Most crypto scams involve hyping some token, a form of market manipulation, or other classic financial scams. That's a bulk business based on PR.
Running a long con uses a different mindset. It involves conning individuals one at a time. That takes a lot of effort per customer and experience in one on one selling. That's not the usual crypto scammer's MO. This is more like classic long con people pivoting to a new product line.
The thing to look for here is who's behind the fake brokerages. It takes work to crank up a fake brokerage. In the binary option scams, it turned out that one company, SpotOption [1] was providing most of the software and expertise. They offered scam brokerages as a service. That's what needs to be tracked down.
I got one of these, almost convincing enough except she said she lived in SF. I asked where in SF and she said Alcatraz. I almost wanted to keep the conversation going just to hear more about her life on the island
I had a similar one. They called me spoofing the local PD phone number and pretending to be the local cops with a very poor fake US accent. I was able to stump them when I asked if the Giants won last night. They went silent and hung up.
I use Apple's Messages. If someone spams me, I report them. They're blocked and have to go through the extra work of setting up a new account to try again.
Compare this with, say, Google. Gmail lets spammers / scammers have limitless accounts and they don't do shit when an account is reported for spam. You can block and report Gmail spammers all day long and you'll get nowhere.
WhatsApp apparently still uses phone numbers, and they're owned by a company that wants engagement at ANY price. Are any of us really so dumb that we think they're going to do the right thing?
It would be good if phone companies weren't quite so complicit in hiding companies behind anonymous phone numbers, and relaying numbers for which they don't have verified origin info.
Supposedly today is the day that even the small carriers that were previously exempt from not having to comply with STIR/SHAKEN will now have to.
But its meaninglessness is demonstrated by the fact that I have received two spam calls (complete with "accurate" caller ID) since starting to read these comments.
I don't want one company to be the arbiter of all communications everywhere. Phone numbers work fine.
For me too and if there is an application that allows to block numbers, spam is not a problem.
Now I use the Google builtin caller app antispam function. Most of the spam numbers have already been marked as such by somebody else. Even if that didn't exist I could just block the number after the fact and no more calls or SMSs.
I'd rather program that myself than relying the functionality to Google, I hope Pine or some other programmable phone gets to a usable state some day. But as of now, it's good enough.
Edit: I'm in Spain, not sure if that works the same in the USA.
Phone numbers have the same problem as email, though: because "everyone" is responsible, no one is responsible. The deluge of spam texts and calls to my public phone number is genuinely unpleasant and frustrating to deal with as, like, a person living in the world.
I practically don't use email anymore for those reasons, and a phone number hangs around only because right now I can't not have one for legal-type reasons.
email, at least, you can fully implement your own antispam solution in whatever way you want
at one extreme, you can just point the mx records for your domain at office365 or gsuite or similar and let them handle it
at the other extreme, you can point the mx records at your own mailserver you admin yourself and do absolutely anything you want with the incoming smtp mail flow for antispam measures, sorting, filtering, categorization, risk analysis.
the ordinary person even if they work for a telecom cannot implement their own phone number at one of the most fundamental levels of the pstn, because they don't run their own ss7 switch.
if you control your own DID and interface with it from a sip trunk to a trusted provider, running your own voip system, you can do a lot with custom routing/antispam measures on incoming call flow, but nowhere near to the extent that you can with email.
There's still a little bit of control near the client end with things like call screening and phone apps that checks numbers against a database. You can't reject the initial connection (like DNS blocklists) but it's still something
The way to solve this is by educating the people in your network about better security practices, not by giving away control over your communications just because of "convenience".
"Just get everyone to be perfect, including random companies who require a phone number for validation, and if a single failure ever happens you're going to be spammed forever in a way that is directly interruptive and intrusive instead of one in a list of messages in a queue."
I don't know how to say this any more nicely than this: this is a permanently losing solution with no redeeming qualities to such a degree that it makes me wonder at how in-good-faith the suggestion actually is with regards to solving the stated problem.
The point is not to "be perfect", the point is to raise the standard of acceptable practices, to make it harder to abuse it.
Just as an example: phone numbers should not be used for validation of anything as they are public. So companies who are requiring phones for any kind of authentication should be shamed into changing their practices, much like we learned to not trust companies that stored passwords in plain text, or use "recovery questions".
The abuse is that without sufficient guardrails a ten-digit number can be used to bother me at all hours of the day or night unless I want to be less accessible to people who I may need to hear from, not that it's used as an authentication source (which, yeah, not great, but also not the end of the world).
Out-of-band authentication aside, a company is going to retain my phone number to be able to contact me. So are my parents. Somebody is also going to inevitably leak it because security is difficult. Breaking the capabilities of bad actors, then, is a requirement. You have entirely ignored this in favor of blame-the-user rhetoric and I can't come up with a great reason why you'd blame every user for a systemic failure other than that the system cannot be repaired.
> Somebody is also going to inevitably leak it because security is difficult.
Phone numbers were and will always be assumed to be public. (Yellow pages are still a thing)
> unless I want to be less accessible to people who I may need to hear from.
You don't need to be less accessible to anyone. Your phone can and should be able to filter things for you.
And is not just a matter of setting up number filtering, I am talking about implementing changes in the application layer. One could imagine, e.g, a phone app that only rings if the caller provides a secret code provided by you, effectively making you reachable by phone number (public) + caller-specific code (private). You could also make that if you have the code on your addressbook, it sends it via DTMF after the call being completed.
> other than that the system cannot be repaired.
It can be repaired, it is just that the cost of these changes might be too high if mandated for all network operators.
But even if the system couldn't be repaired, the solution is not to encourage adoption of a proprietary solution. Apple already controls way too much stuff, we shouldn't give them yet another monopoly for them to exploit.
Phone numbers work fine but we're missing solid cryptographic verification systems on top of them.
Why are registered businesses not verifiable? Or at least banks and government departments? Why can't phones hold an ID in their cloud profiles so switching numbers let's your friends auto-uodate to you?
We could be doing so much better (with the goal of making it practical to whitelist only operate).
For what it's worth my solution which may not work for others is to set the default ring/text tone to "None" and then add custom ring/text tones in my address book on my little throw away flip phone. It works great for me personally. I never get distracted by bots and just mass delete their messages without even looking at them when I get around to it. This method probably will not work for people glued to their phones.
An android solution is to only ring/notify the phone for people in your contacts. It's easier than giving individuals a ring tone as unknowns get the silent treatment by default. Basically just whitelist instead of blacklist.
I'm considering doing that to my personal email. Default deny, whitelist known contacts, auto delete the junk mail folder. If I didn't have friends and family using them, I'd just outlook.com and gmail.com outright. It's frustrating how much spam they send.
I'd give anything to get rid of my phone, but almost everyone you do business with (DMV, electric/gas/water company, etc) expects you to have one. Same thing with USPS and their paper spam. At this point they're little more than government-mandated spam delivery channels. Private companies are handling the spam situation infinitely better.
I don't think I agree with that. I rarely get scams via USPS, never get explicit or potentially damaging content, the senders are all in my legal jurisdiction, and the spam arrives once per day in a manageable format. Almost all of the content is from businesses in my local area, businesses that I have previously shopped at, or political ads.
Electronically from private companies I frequently get a larger volume of spam, malware, scams, explicit content, and most of them originate outside of my legal jurisdiction to evade the law. And it's a steady stream all day, on multiple mediums.
I'd take 10x the amount of spam in my mailbox if I could get rid of all of the rest of the garbage I'm bombarded with. I obviously would rather not have any of it, but the hoops you have to jump through to send snail-mail inherently filters out most of the worst garbage.
> I'd take 10x the amount of spam in my mailbox if I could get rid of all of the rest of the garbage I'm bombarded with
I for one would not. Digital spam is easy to deal with. There are automated filters, easy ways to block them, and the few that slip through are simple to deal with. Mailbox spam is physically painful to deal with and it's a massive waste of paper.
Email is the least of my problems. If you know of any good filters for SMS, phone calls, LinkedIn, Snapchat, Instagram, etc, I'd be very interested. I have to mute all of them because it is a constant stream of garbage from all of them.
You are legally required to be reachable by mail by the US government. Unless you're planning on being an undocumented citizen living on US land off the grid, you will need a mail box.
It is without a doubt a shameful waste, but how is it physically painful? Did you get a paper cut
Personally I find it emotionally painful and depressing to deal with. It sucks to be physically confronted with the reality that my personal contact information is being passed around like a bitch in prison.
Exclude that as a sunk cost: the paper is coming to your mailbox either way. The only difference is, does the carbon get sequestered in the dump, or does it prevent another artificially-fast-growing pine from being processed into paper? Which of those options is less damaging? I don’t have the data, but I feel like it’s probably pretty close.
Long term, the paper will decompose while sitting in the landfill and then release the carbon back into the atmosphere. Even temporary sequestration is beneficial, but I don’t know whether it is still a net positive once you factor in the resources spent growing the wood, mailing the paper, and transporting it to a landfill.
Many US landfills capture methane, since they can then profitably sell/burn it. I haven't seen anything about them capturing all the CO2 emitted, which would be much trickier.
I have the idea (maybe wrongly) that people don't often use the USPS for scams because committing fraud by mail is a federal crime, and the postal service actually has inspectors with police powers who don't fool around once they get on the scent.
>I have the idea (maybe wrongly) that people don't often use the USPS for scams because committing fraud by mail is a federal crime, and the postal service actually has inspectors with police powers who don't fool around once they get on the scent.
Apparently, mail fraud[0] (via USPS) and wire fraud[1] (electronic communications) are both Federal felonies punishable by a fine and up to 20 years imprisonment.
Perhaps the difference would be FBI investigating instead of the postal inspectors?
It’s illegal to scam people electronically too. People often scam internationally to evade capture. Email is just considerably cheaper to send internationally and easier to spoof the source.
How many letters do you have to send before you find someone stupid enough to believe that they have to pay the IRS via gift card and that the IRS return address is in Russia? If anyone has tried, they went bankrupt on postage.
Sure, I could move to the woods and live off wild berries for the rest of my days. But if you want to be part of modern society, your bank will mail you your credit card, and your water company will text you a code to login and pay. Realistically, what choice do you have?
Every community decides for itself what technologies to adapt. The nearest to me have a single phone booth in the front yard of one member's house. Anyone wants to use the phone, they go there to make a call, and most only use it if they need to make an appointment at a hospital for serious illnesses.
Others not quite as close are a fair degree more liberal in what they adopt, while I imagine there's probably a few that are more strict.
My experience is based on visits to an Amish town in Ohio when I was growing up in the 2000s. I distinctly remember being surprised to see they used phones and rode in cars. But that was a long time ago and only one town of many. I didn't mean to generalize all Amish communities.
They are correct. The USPS has a universal service obligation. If you send a letter or parcel to any address in the US, the post office must deliver it.
I respectfully disagree. The postal service is held to a standard of service by a USO - Universal Service Obligation. [0]
This means it is an org mandated to accept your request for service at a reasonable price regardless of your location of residence. There is an important distinction between that, and being mandated to receive mail service. That is not a stipulation of being alive in USA.
I can understand the concept of Amish communities not having telephones or mailboxes, but that lifestyle seems inconsistent with the behavior of arguing for the merits of that lifestyle on Hacker News.
Apple Messages could have become an open standard to replace SMS, but they deliberately chose not to in the interest of locking in existing users, and locking out anyone too poor to own an iPhone. I'm not exaggerating, this is public knowledge.
Google voice has a poor shaken stir implementation that only blocks the most egregious spam calls and sms and does not let users choose to be more strict. It also does not support blocking phone numbers by pattern/prefix.
Apple Messages breaks if you temporarily use a different phone number on your cell. All chats in old threads were broken off into different threads. It was a disaster. You would think that since Apple knows this is still the same user that this would not happen?
saying stop using phone numbers and then going directly into
"hey, use this one proprietary vendor's closed source walled garden messaging app"
is NOT a solution.
people should be looking at things like Signal or custom implementations of Matrix/Element/Synapse or similar if they want real control of their two way chat communications.
So don't be like Google Pay? (Which originally used proper accounts but was switched to be based on phone numbers, specifically because the new google pay was developed targeting India, where phone number based login is considered normal thanks to apps like WhatsApp.)
I’m a new WhatsApp user. My exchange students and Au Pair use it as their primary communication. I have been fighting tooth and nail to avoid giving it access to my contacts. You can’t do much without that, even though it’s totally adjacent to purpose of the service.
I have received the exact scam on whatsapp. What the hell??
They claimed to be a banker (following the exact format from the exmaples in the blog) and I genuinely thought that they were a real person but even after I told them that they are texting the wrong number they kept forcing the conversation so I blocked them. A couple of months later they texted from another number but a different name but they continued the conversation from where we last left off.
Crazy reading the article now. I would have been devastated if I fell for it. I am usually very good at spotting scams.
I basically just send them all a big copy-pasta full of banned Chinese terms like 6/4, Free Tibet, Tiananmen Square, Winnie the Pooh, etc; they often leave me alone after that or act confused
I love trolling these scammers by being the right number they never expected. One time I had one looking for a price list on precious materials. I sent them prices for Adamantium, Tiberium, and Xen crystal. The confusion was fantastic.
I had one of these exchanges recently which I had some fun with, because it was so weird, and they made a point to use a photo of a beautiful woman:
Lady: Doctor Lucy? My puppy is very slow and does not eat dog food, can you make an appointment for me?
Me: Unfortunately I do not treat puppies. Only adult dogs, adolescent foxes, and elderly coyotes.
Lady: Sorry, I added the wrong person, I just checked the number and I saved the wrong number for Dr. Lucy.
I left it at that. I wonder if I should try and bait the scammer. I do love messing with scammers. After the last message I was thinking maybe it was legitimately a wrong number.
I've been a bit unemployed and bored so I've responded to a few of these to see what the angle is. There are also a bunch on telegram. Strangely, most do not push hard at all and drop off. They may mention crypto in passing but thats it. One time a scammer said hey can you help me an make an account for this crpyto scam website. When i said i did they said great and nothing else.
There's a bit of an art to stringing them along. You gotta act like the damsel in distress some times.
I got added to some whatsapp group investment scam once, when there was multiple scammers targeting me it was easier to do because they all didn't want to give up on me. Then they seemed to invite "big brother" so I guess was some leader who had much better English, and he was trying to prove the legitimacy of the platform. Went for about a week and a bit from memory. I sent them pictures of my daily walks and asked how much better it would be if was so rich I didn't have to walk at all!
These, and the spoofed number phone calls where the other side just hangs up when you answer. For the phone calls, I just assumed that someone was trying to build a database of phone numbers that do or do not answer for some other/future purpose...
Based on the delays in these sorts of calls, I’d guess that they’re robocalls which dial way more numbers than they have operators for and try to filter out no-answer and voicemail pickups automatically. Then if you pick up, they route you to an operator. If there’s no operator available, it just drops the call rather than reveal which annoying company just wasted your time. That way the operators— clearly the most expensive link in the chain — are always engaged. Just a guess though!
Even if that’s wrong, I’m sure you’re right that they collect caller-pick-up stats. I imagine even cursory vetting would dramatically increase the resale value of their lead list.
Last year I got a ton of emails supposedly from different people all talking about a "Becca" that I was allegedly in a relationship with. Some would accuse me of cheating on this person, others would say she was cheating on me. I remember one was about how she had cleaned up her life and was working at Arbys.
Like the ones in this story, none of them ever had links or asked me for anything. I never interacted with them. They were kind of interesting at first but after a while I blocked the emails.
I can only guess that this kind of long game scam is what was happening.
I've got an idea how to improve the scams. Instead of trying to communicate with the victim directly, create a group chat of fake accounts, with the victim added. The fake accounts can share information, and because this is information is shared between subjects obviously trusting eachother, the victim is very likely to believe it.
The effort is higher (multiple accounts needed), but for some high-value targets might be an alternative to other scams.
Does this kind of scam exist yet? Can I file a patent, and sue scammers applying it?
Are you kidding me? Of course it does! Inviting a victim into a group chat where everyone (all scammer-controlled accounts) is allegedly making good money from some get-rich-quick scheme has been a tried-and-true scam tactic for ages. Might be as old as group chats. FOMO is powerful.
There are even improved versions that involve multiple groups. E.g. you first join an entry level group, and after you invest a certain amount (they’ll make sure you’re rewarded for that initial investment), you’re promoted into an inner circle group for which the best opportunities are reserved. Of course, that’s where they drain your bank account.
Mine arrive mostly to Whatsapp, but there's no technical way to auto-block unknown numbers. I feel like such a simple control would solve the problem in majority of such cases.
It's an attempt at the 'pig-butchering' scam, they act friendly to get you hooked and then claim to teach you how to trade bitcoin. From what I remember reading it was a popular fraud in mainland China but they are branching out internationally because locals are getting wise to it and it is not widely known worldwide.
In my experience and in the other descriptions I've read, it is always a woman business owner from Asia, acts somewhat friendly and flirty, will talk about life with you in a very superficial way for a while in order to build a relationship. After a while they hit you with... a crypto scam or something? Like teaching you how to trade bitcoin but using some shady weird exchange that makes off with your money when you fund your account.
Sooo happy that someone did the research and write-up on this. I get a handful of these every week and I've been dying of curiosity. Tried stringing them along but could never figure out the end-game.
Now - can someone answer why I get 10 calls a day with no one on the other end? Either I pick-up and it's empty and the call ends a few seconds later, or they leave a 7 second voicemail of nothing.
I think many times the autodialer does a bit of a pre-screening. Like, if I say “hello?” there’s a quick pause and then either the recorded spiel starts (which is more pre-screening) or I get connected to a call center (there’s usually a little “pop” sound).
It’s like any other business… they want to be talking to qualified leads because they only have so many call center scammers. This is why Kit Boga et. al. are truly doing the lord’s work by wasting that precious time.
The article talks of WhatsApp, but I have received these weird messages via iMessage on my iPhone as well. I'm not sure if that's because I have a really old iPhone (iPhone 6). I generally block these numbers.
It would be good if iMessage could create a "fraud/spam" marking for a message/contact similar to what email has today. WhatsApp seems to have a "report" button. fwiw - I have received more weird texts on iMessage and very little on WhatsApp.
I've also noticed that these scammers may have access to data from other sources as well. I'm moving at the moment and out of the blue receive a call asking me if I have a house to sell. I just said no and cut the call. But there is most likely a massive data gathering operation behind the scenes as well.
the victim deposited the money into a fake crypto platform that told him his investments were performing well, presumably to entice him to deposit even more. Of course, once he tried to withdraw the money, he found he was unable to.
And how exactly does this differ from a REAL crypto platform?
I've been wondering what the scam was. I've gotten 3 of these so far. I've received actual wrong number texts in the past, so I want to let the person know they got the wrong number and aren't getting ghosted by their friend. But they just keep texting back, which is really weird.
With the first one I didn't know what was going on the person said they just moved to the country, which is plausible, so I didn't want to be a jerk, but when she asked for my name I stopped replying. When the 2nd one came with with the same pattern it was clear there was some kind of scam going on, but I couldn't for the life of me figure out what it could be, as they weren't asking for anything.
A lot of people are isolated and lonely, not just the elderly. The scammer tries to create a spontaneous meet that seems genuine. If you engage then it’s about quickly developing a relationship and then if that works, asking for money.
I wonder how much of this can be automated these days. This sort of scam usually requires a lot of effort and is more targeted. Since many are claiming ti be targeted now it could be a sign that scammers have been able to automate it with some basic scripts or even AI so it can scale.
Yep, that's pretty much what the article says. They take several weeks before getting to the scam.
Someone messaged me on Reddit a while back pretty randomly after a comment I made mentioned it would be my birthday at some point in the year. It seemed a little too weird, she said we lived 30 minutes from each other. I didn't know if it was a girl or a guy for quite a long time, so there was no relationship talk. We both wrote really long detailed replies, much more than any script would be able to handle. Ended up meeting up with her and it was in fact a real person, but I was very up front with my skepticism very early on in the chat. Even after we met up I said something about how I was half expecting my car to be broken into or something. She ghosted me afterward, lol. Maybe it was a relationship long con, but I didn't look like I was worth conning or I was still too on edge and not engaging enough to make it worth the time she'd have to put in to make me not think she was scamming me. Or I'm just boring, ugly, and weird. Whatever, she basically just complained about work for an hour.
I get phone calls like this, asking for some non-existent person. When I tell them there's no such person, they say "I'm from the police benevolent association..." I hang up at that point.
For a collection of brilliant, witty, hysterically funny reverse scams, check out http://www.scamorama.com/
Like the scammer who was persuaded to greet a planeload of passengers debarking from a Helsinki flight, with a big sign that said "I will blow you" in Finnish (https://www.scamorama.com/smurf.html)
I've had two friends that fell to a pig butchering scam, and lost thousands. One was from a dating app (maybe romance scam than pig butchering?), another was via a foreign student in an online class the friend was taking. In both cases, fake / scam crypto sites were involved.
The only way to help with this is education - maybe we need a course on online scams that kids need to take to graduate, along with personal finance.
Two weeks ago I received an email saying I had funds in Bitcoin and I could cash out, with login details for a website account [1]. I knew this must be a scam, but for the life of me, I couldn't figure out the angle. Now I'm thinking it's a similar type of scam.
Any person who is remotely knowledgeable about bitcoin should know that there is no need to "connect your wallet" or reveal your private key to receive bitcoins. To receive, you only need the address which is basically a public key.
Most people in crypto aren't remotely knowledgeable about bitcoin: luring in rubes is almost the entirety of the crypto industry's thesis, not to mention comprising it's (actual) market cap.
To wit: the wallet-drainer billboards that popped up around the NFT NYC and Eth Nyc conferences this year:
I've seen messages in Facebook comment threads where the usual approach is using short phrases like "Hi", "How are you", "I really love your posts" and some of them end with asking for a friend request (so they don't have to initiate one).
It may be a way to add a degree of positive reputation to those compromised accounts like another commenter suggested.
Spammers contribute to user/engagement numbers and are unlikely to drive away real users because they already have a monopoly, therefore Facebook benefits from them.
Not directly mentioned in this article, but the strategies shown here were exactly the ones used by the Tindler Swindler, which has a surprisingly enjoyable documentary (https://www.imdb.com/title/tt14992922/)
I've gotten a few of these. I like to agree that you're the person they're trying to reach. Both times you can tell the person on the other end doesn't really have a script for that. I usually get a "oh I made a mistake" with no follow up.
What I find mildly interesting is that different people get a different mix of scams. I only get "extended warrantee" scams. I've never seen these "wrong number" texts.
Other people get a completely different mix. I wonder how these get determined.
Ah, about 20 years ago I think a relative responded to a, I think it was, an "I'm here at the airport, don't see you anywhere" kind of email. This was before spam filters got good, so that email address was basically kaput.
I still have friends and relatives who respond with “sorry! I think you have the wrong number” despite my warning turn just to delete the message and forget it. People just want to be “helpful”
I fell for this! I got drawn into a conversation but I guess they didn't know what they were doing and they stopped responding. I was still suspicious and would've never sent money.
These are a ping test. Scammers will ping a number with garbage. Live lines get kept. Could be used to pre-filter a purchased list - so the real delivery isn't wasted on dead ends.
Well researched for sure, good read as I had some of these recently too and am glad now to understand more about it.
What I do want to highlight is the deeper "why", and that is "why" are these people doing this? There must be a fundamental survival mechanism here, in a larger chain. These people may not have opportunities, the ones holding others captive. What kind of environment is needed to create this type of behavior? Surely we must address that at the core of it all. I think it comes down to basic resources, and this is where I think the vision of Jacque Fresco and The Venus Project can come into play. Which is to create a resource-based economy and evolve as a civilization to taking care of one another, it is a form of democratic socialism, which I think can solve this type of issue, and help us all be more integrated and happier.
I feel like if someone has the resources to kidnap a bunch of people and hold them captive in a large, heavily-guarded office building, while forcing them to scam people over the internet, they probably have the resources to do something not-scammy.
Stuff like this just erodes my faith in humanity. Humans are not fundamentally good. So many people want to prey on the weak or gullible, not only because it can be easy and lucrative, but because they get off on that kind of power dynamic.
Useful site: unlec.com . You can look up the detailed information about a number. Includes information from the phone companies and an estimation of the fraud risk.
If you get a text (not What's App) reply with "Do you know what happened in Tiananmen Square in 1989? Ask Winnie The Pooh, A Free Tibet or Uyghurs". That'll trigger a few Chinese monitors, or at least scare the scammers into thinking so.
But the most interesting scammer said: "for my safety, can I send you a 6-digit number, and you confirm it, so I know the listing is not fake?" I say yes, unsure what the scam was going to be, but sure it was a scam. Moments later I got an SMS from Google Voice asking me to verify my phone number. Mofo tried to steal my number, presumably to use it to scam other people. I was pissed and impressed.