Interpol anti-fraud operation busts call centers behind business email scams Law enforcement agencies around the world have arrested about 2,000 people and seized $50 million in a sweeping operation crackdown of social engineering and other scam operations around the globe. In the latest action in the ongoing "First Light", an operation Interpol has coordinated annually since 2014, law enforcement …
How long before people finally understand that there is no Nigerian prince, no free lunch and nobody begging to give you money ?
Wake up, people. Money is earned by hard work (unless you are a member of the 1%, in which case your money is earned just by you breathing).
Every one of us was new and young and naive once. As long as there is a steady supply of new people, some fraction of them every day will learn their lesson the hard way.
And the scammers are getting more sophisticated. Once they were the children of corrupt Nigerian officials or disgraced Arab royalty, now they're Linda from Microsoft or the nice people from Visa Fraud Prevention. Assuming they're not targetting you personally, that is. If they are, they can get creative.
Some of the scammed are not so young but still foolish apparently, from the number of elderly people appearing on daytime TV programs falling for the whole gaumont of romance, banking, IT problem scams this isn't just confined to the young, in fact some elderly people are at a disadvantage by being more trusting and unfamiliar with tech.
Saying this as a wrinkly myself :)
Unless you're a total diehard cynic you're bound to have some weaker spot. Obviously the more vulnerable among us are those who don't understand society all too well (too young, too old), are lonely/isolated, and naive enough to think lucky breaks might actually exist. The thing you usually hear is "In hindsight is sounded implausible, but I wanted to believe."
There's a wide array of psychological traps that make people fall for various cons. Some studies suggest those who are most confident they can detect scams before falling prey to them are actually more easily fooled by certain approaches.
That includes 419 scams. One 419 victim in Michigan was the treasurer of a good-sized firm and embezzled a large sum in order to feed the scam. That's someone with financial training and experience, and sufficient focus to rise to a high-level corporate position. Often desperation overrides rational calculation.
And, alas, there have been some financial schemes which sounded too good to be true but nonetheless were (often because some government body didn't think things through). The Economist had a retrospective several years ago on audacious (but legal) financial deals which included a few of those. So there's always that sliver of possibility to tempt people.
Tell me who downloads all those millions of malicious apps from Playstore to compromise their phone? yes young people. Us old folks just want a simple phone. Us old tech people don't want any apps, if a web page/app can't do it, I don't want/need it.
Now when grandma is senile/on gov drugs (out of their control) and someone calls saying its their child and in trouble - all bets are off. But those criminals - need extra punishment.
Sadly no computer criminals get sentenced hard enough to discourage them or others from more of the same.
I always find this a logical fallacy. Sentence severity usually doesn't deter criminals because they believe they'll never be caught. Especially if they're in a different country than their victims.
The really smart criminals are smart enough to have more gullible and/or stupid people front their operations and take the fall. The dumb ones don't realise exactly how dumb they are. And there are a lot more dumb ones than smart ones.
Yep. Organized crime typically operates like an MLM, insulating the organizers from most consequences. And why wouldn't it? Criminals can see how businesses work, and since they're committing crimes anyway, there's no regulatory framework or other mechanisms to discourage them from exploiting their employees.
"How long before people finally understand that there is no Nigerian prince, no free lunch and nobody begging to give you money ?"
I think people have realised that now. The backstory is a bit different now.
The latest was government coronavirus grants, which is a moderately believable scenario.
Until Interpol gets off its arse and arrests a lot of people in the City of London for carrying out fraud it's just the same old low hanging fruit. How many banks and institutions in the City take billions from the self-appointed leaders of countries whose people live in poverty. In my country I am president and I have billions. These banks know full well what they are doing. But wearing a sharp suit and knowing when to use a fish fork is what makes a gentleman.
I posted this here 16 days ago:
My mum passes frequent Indian telephone scammers across to me when I'm with her. Pretending to be Virgin Media the guy asked me to check out the lights, which was fine so I asked to speak to his manager. She was spiel, so I asked her to stop talking for a moment so I could. "Are you telling me to shut up? No, you shut up, YOU SHUT UP, YOU SHUT UP"
"Tough day in the scam call-centre, eh? "
I know some Telcos have basic whitelist/blacklist facilities but I've a suggestion that could slash this abuse in future. If some in a prison phones you then you are first told they are in prison and asked 'do you want to accept the call?'
Instead the message would say this call is from a phone in India (or where ever) and it has made 3,000 calls this month, to differentiate call centres from my mum's pals in India.
Or, a number you can call to report the last number who phoned you as a scam, and if more than a dozen complaints are received then that number is blocked internationally.
Starting next year, in the EU at least, laws zone in which mean that any call coming into the EU network has to be traceable to a specific address/number. Also no more faking the number that the call is supposedly coming from. Only the real numbers are able to be carried by the Telcos. I think even withholding numbers is no longer allowed (but I'm not completely sure about that).
Will this have a big effect, who knows? But it should go some way to helping. If you can see the call is coming from an international number and the person on the phone claims to be calling from your local area, well hopefully that will make people a bit suspicious.
It should also help with enforcement if the real number is shown. But no doubt some clever scrote will work out how to avoid that.
BT will never do this. They simply have no incentive to track the legal entity for caller ID, so they don't.
Only when they are made legally responsible for losses due to the caller not being identifyable will this change. I've heard of at least one scam where the scammers faked a real bank telephone number
I've lost count of how many times one of our older and somewhat technophobic friends had had their accounts pwned.
They have fell repeatedly for reasonably legitimate looking messages asking for you to click a link to reset a password because reasons. Anyone can pilfer FB or MS artwork to craft a legit looking page.
Teaching people to recognise the signs of a fake is an uphill battle. Some of the fakes are getting very good.
Personally I think email is a bit of a dated format as far as authentication of origin of communications is concerned. Spoofing IME headers is not exactly a difficult or new thing.
It's not hard to register a webmail address with hundreds of services to make your spam mail look like it's coming from a legitimate domain name "@outlook.com".
Solutions to these sort of problems usually breed other problems can be privacy / tracking nightmares e.g. DNS tracking techniques to target adverts.
No easy way to resolve this; but I am sure a consortium of the best minds could think of something better than email.
Some of the fakes are getting very good.
Particularly true for spearphishing and other cases where extra resources are justified for the scammers.
There was a nice twist making the rounds of the infosec lists and bloggers not long ago; I have a vague idea that Troy Hunt might have posted it originally. Victim got a call from a scammer pretending to be from a bank he uses, reporting possible fraud detection. Victim put the caller on hold and called the bank on another line, got through to Customer Service, and asked if they already had an open call with him. Customer Service says, yes, we show you're already on the phone with us. Victim resumes the call with the scammer, thinking he's verified that they're from the bank.
Turns out that as Scammer A was calling the victim, Scammer B was calling the bank pretending to be the victim. Perhaps to defeat this check; perhaps to MITM interactions with the bank.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
