Too good to be true
What Futjitsu are saying here sounds too good to be true, so presumably will itself turn out to be bullshit.
Boffins at Fujitsu and Japan’s Nagoya university are claiming to have successfully developed technology designed to prevent phone scammers by recognising certain keywords and detecting changes in voice pitch and level. The technology was developed as part of the "Modelling and Detecting Overtrust from Behaviour Signals" …
Pretend to be from Microsoft calling because "their server has received a message from my computer that it has been infected with a virus and that I need special software to remove it".
The first few times I just hung up, but recently I've taken to asking them to hold while I turn the computer on, then play the Apple start-up chime at them. "Hang on... Microsoft you say???"
"their server has received a message from my computer that it has been infected with a virus and that I need special software to remove it"
Has it? Gosh. That's quite amazing. Tell me, can you put me in touch with your company's data protection department, because I think I'd like to initiate a lawsuit given that they don't know my phone number and certainly shouldn't be linking it to an IP address.
Most scams are obvious and stupid. Most people who fall for them are similarly stupid. There are outliers where you've only just realised that maybe Granny doesn't understand that people are out to try to con her, but those are edge cases and the solution is not software. Ever.
The solution is to instil as much doubt as possible into their brains to the point that they ring YOU first and you tell them whether they can answer the door or not. If you can't get that message in, or they're too stubborn, or you don't want to restrict their freedom by, e.g. putting them into sheltered accommodation, then there is absolutely SQUAT you can do about them potentially being conned. Honestly. You really can't. Nothing.
If someone is not sane and aware enough to *ASK FOR ID*, *CHECK THE ID WITH THE COMPANY* and if in any doubt, close the door, or to just say "I don't understand, sorry" and hang up on them (like we've been drumming into the elderly for 50+ years and who are now all people who were drumming it into THEIR parents too), then the only way to make them safe is to put someone you trust in charge of their affairs. Relying on a computer to judge people's intentions is quite possibly the most ridiculous thing I've ever heard - the first rapist or conmen "allowed" by the system will mean the company's downfall.
The rules are simple. If you don't follow them, you're risking trouble. If you *can't* follow them, then you shouldn't be trusted to follow them on your own.
Trust nobody. The people who are GENUINELY calling to check your meter, inform you of a bank refund, need to change your meter, etc. will QUITE UNDERSTAND you not believing them. They won't be offended by it at all - they will be PLEASED you checked. The absolutely worst that will happen is that they will send you a letter or arrange an appointment with you at your convenience - BOTH of which you can have someone present to help verify the authenticity for you, and NOT be pressured into doing anything there-and-then.
Seriously. Even if your computer will explode or your gas will be cut off. Let it. Turn it off if you're worried. Just don't let them in to do it. If they NEED access to your property, a nice policeman or fireman or whatever will come who you CAN CHECK, who will quite understand your need to check, who will contact your relatives for you and get them to come and check on your behalf, if you want. And if you don't trust him and instead call the police when he arrives - guess what! That will still work!
In my old house, a guy rang the doorbell (while I was laying a floor) and wanted to talk to me about my electricity supply and pre-pay meter. He was "from your electricity supplier" and "just need to put this new key in for you". Strangely, he couldn't tell me WHO my electricity supplier was (but the first few guesses weren't bad attempts). He fled quite quickly once my tirade started to join his 50+ friends in hi-vis who were all performing the same con on the houses in the street. He was an EDF Energy employee (I like to shout about this con quite openly so people heed the warning and avoid them, but quite obviously I *WASN'T* an EDF customer). A genuine one. Who was trying to enter my house under false pretences so he could fiddle with my electricity supply and switch me to their tariff. Just how would you catch that if you're a senile old lady, or other vulnerable person, without your wits about you and following the rules?
Also in my old house, I was repairing a computer that was behind the front door (which was behind a porch). I heard someone approach the door (Fair enough. Postman? Leaflets?) and push it open (Neighbours looking for me? Someone who's seen the door was ajar? Even just wind blowing it open?). I had my fingers in my electronics behind the inner door at the time, so I just waited to see who it was. Some great lump of a lad walked past me, edging around every corner trying to be quiet, and quite obviously hadn't seen me at all. He made it nearly as far as the kitchen.
He jumped rather too much when I asked him if I could help and hastily came up with an excuse that he was just "Er... Er... looking for... John" before literally fleeing. Even *he* knew from my expression that that excuse was as likely to wash as a dog who's just jumped in mud. Yeah, mate, 'course you were. I'll give you a five second headstart.
It's easy to be exposed to a con, arranged and commercial, or opportunistic and individual. It's easy (but requires effort and confrontation and saying No) to avoid them. And nobody genuine will question you checking them out (in the same way that only those who have done something wrong will run from the police). If something is not scheduled, arranged, expected, then don't even *start* to fall for it. Nobody will be offended unless they are of criminal intent. And if it is scheduled, arranged, expected (ON PAPER) then you can have something you trust there, ready.
Oh, and next time your bank phones you to talk about "an issue with your account", you hang up and ring them back on THEIR number, not just immediately give out your bank details to "verify who you are". YOU RANG ME, you pillocks, on the number I gave you. The amount of people who fall for that one (even if 99% of the time it IS genuine) is astounding.
Trust the rules. Not the machine.
I predict an implementation of this would be popular in scammers' boiler rooms. If the call hasn't established overtrust in 60 seconds, click... next!
Still, no need to set them up for smartass "My computer's running OpenBSD, is that different?" replies any more, just groan "I... want... to... drink... the... koolade..." every few seconds and the overtrust indicator at their end will keep them on the line all day.
Biting the hand that feeds IT © 1998–2022