On a Tuesday evening this past October, I put $50,000 in cash in a shoe box, taped it shut as instructed, and carried it to the sidewalk in front of my apartment, my phone clasped to my ear.
I’m sorry, but this type of scam has been reported on for enough time that you’re a fucking moron for falling for it. How much time can pass between scams becoming what should be common knowledge and people still getting suckered without reading about them? I’m exagerating, but this is like falling for the Nigerean prince emails at this point.
I’ve sent out a fake scam message at work and always have at least two or three clicks. No matter how many times you tell people there’s always a few that just can’t get it through their skulls.
Even if I make it super obvious, spelling errors, poor grammar, and write “do the needful” at the end. They still click the god damn link. Some people just need to have their internet access restricted for their own good.
Sounds more like bad browser programming if it can’t handle all content safely. Any risky action should pop up an administrator password query to activate.
… admins and/or CISOs (ie employees) send such emails to other employees regularly as an additional form of cyber security education. It’s a controlled environment. (And you can’t really proof against social engineering irl anyway, you just gotta educate folk.)
Regularly educating employees is often even mandated by law directly (financial, public, etc sectors), or by any normal risk officer.
This usually includes lectures/vids/slideshows, questionnaires (mandatory for all), and irl testing/running scenarios.Much like how to deal with anything regarding personal data.
The man on the phone knew my home address, my Social Security number, the names of my family members, and that my 2-year-old son was playing in our living room
idk - when somebody knows all your personal information, says they’re monitoring you and is actively telling you that you and your family are in danger - being rational is very difficult - it may not seem that way in hindsight but everyone thinks only a moron falls for scams until you’re the one that gets suckered
I read that self-laceration is typical; half of victims blame themselves for being gullible, and most experience serious anxiety, depression, or other stress-related health problems afterward. I heard about victim support groups. I went to therapy.
“Everyone was so patronizing,” she told me. “The response was basically ‘It’s your fault that this happened.’”
Also yeah blaming victims sure is helpful…
Fascinating story. The most interesting part:
It was my brother, the lawyer, who pointed out that what I had experienced sounded a lot like a coerced confession. “I read enough transcripts of bad interrogations in law school to understand that anyone can be convinced that they have a very narrow set of terrible options,” he said. When I posed this theory to Saul Kassin, a psychology professor at John Jay College of Criminal Justice who studies coerced confessions, he agreed. “If someone is trying to get you to be compliant, they do it incrementally, in a series of small steps that take you farther and farther from what you know to be true,” he said. “It’s not about breaking the will. They were altering the sense of reality.” And when you haven’t done anything wrong, the risk of cooperating feels minimal, he added. An innocent person thinks everything will get sorted out. It also mattered that I was kept on the phone for so long. People start to break down cognitively after a few hours of interrogation. “At that point, they’re not thinking straight. They feel the need to put an end to the situation at all costs,” Kassin said.
This sounds like a good reminder to never trust incoming communication beyond ending the conversation and calling the company/person/whatever directly using a # you already have for them/a number from their confirmed website.
He gave me his badge number. “I’m going to need more than that,” I said. “I have no reason to believe that any of what you’re saying is real.”
“I completely understand,” he said calmly. He told me to go to the FTC home page and look up the main phone number. “Now hang up the phone, and I will call you from that number right now.” I did as he said. The FTC number flashed on my screen, and I picked up.
“How do I know you’re not just spoofing this?” I asked. “It’s a government number,” he said, almost indignant. “It cannot be spoofed.” I wasn’t sure if this was true and tried Googling it, but Michael was already onto his next point.
Yeah actually phoning the number would have been the best - I guess that’s why they bombard you with instructions so you don’t have much time to stop and think
Exactly, they don’t want you to have time to think and call but even if weird any place I’ve used or worked has been fine with you calling back on the main line yourself to make sure it’s the right place.
Taking that time to think is hard in the moment though.
