[HN Gopher] A day in the life of a prolific voice phishing crew
___________________________________________________________________
A day in the life of a prolific voice phishing crew
Author : todsacerdoti
Score : 262 points
Date : 2025-01-07 23:51 UTC (23 hours ago)
(HTM) web link (krebsonsecurity.com)
(TXT) w3m dump (krebsonsecurity.com)
| ChrisMarshallNY wrote:
| I have gotten a few of those "Apple" phishing attempts. They
| really look legit. My Apple ID got compromised, many years ago,
| and people try to use it, from time to time.
|
| However, I am pretty up on the state of my accounts, so I won't
| follow up on them.
|
| The only people who ever call me, from Apple, are the Developer
| Support folks, and that's usually to castigate me, for stepping
| on some soft spot, or in response to me reaching out to them. I
| totally ignore calls from numbers that I don't know; a rare
| privilege.
| eru wrote:
| > I totally ignore calls from numbers that I don't know; a rare
| privilege.
|
| When I am not totally busy, I usually accept them and put
| myself on mute and put the phone down.
|
| They typically waste a minute saying 'hello, hello?' before
| hanging up, while I keep working. (Alas, I get a lot of spam
| calls.)
| paul7986 wrote:
| I would think those who answer the calls are automatically
| placed on a list as this person answers and your number is
| sold as such.
|
| Personally I have the "Silence Unknown Numbers," feature on
| my iPhone always toggled on. All unknown ..not in my contacts
| already..I never hear or see calling.. I might see I missed
| their call but my mind ignores missed call.
|
| Overall if I dont know you well your not in my iPhone
| contacts ..getting to know new folks they are given my Google
| voice number which is only for texting.
| avh02 wrote:
| I'd love to do this but too often a call is made by an
| unknown number to me in response to an action, e.g i
| requested a dishwasher repair via email, i was called to
| schedule it by the contractor it was assigned to by my
| landlord. If i ignored that call it's likely a game of
| chasing them back up and potentially navigating PBX
| systems, etc
| eru wrote:
| I find that caller-id works pretty well for these kinds
| of expected unknown calls for me. But that might just be
| a Singapore thing? (Or perhaps it's an Android thing, and
| Google looks up the number? Not sure.)
| chatmasta wrote:
| They can leave a voicemail.
| pavel_lishin wrote:
| My phone number is already on multiple lists like that; I
| get a minimum of three spam phone calls a day. I don't
| think that answering or not-answering is going to make a
| significant dent.
|
| > _Personally I have the "Silence Unknown Numbers," feature
| on my iPhone always toggled on. All unknown ..not in my
| contacts already..I never hear or see calling.. I might see
| I missed their call but my mind ignores missed call._
|
| I have a young child, in school and after-school
| activities; I don't want to risk missing a relevant phone
| call, as well as phone calls from actual doctors & such who
| need to get in touch with me. (And I can't easily whitelist
| every phone number some given office/person might end up
| using to reach me.)
| IncreasePosts wrote:
| Your method probably leads to more calls since your number
| will be marked as active if you pick up
| suprfsat wrote:
| They usually spend a minute cursing my mother in a language
| I don't understand, but they aren't organized enough to
| note that my number is a huge waste of time.
| eru wrote:
| Occasionally, when I'm bored, I actually tried to engage
| with them, but they immediately hang up, when they notice I
| don't speak Mandarin; and my attempts at Nihao haven't
| convinced anyone so far.
|
| For context, I'm in Singapore, and I suspect the vast
| majority of these spam calls are manned by PRC people.
| Scoundreller wrote:
| > and my attempts at Nihao haven't convinced anyone so
| far.
|
| Try some Nihao's and then say you'll go get grandma or
| something. You're just the child answering the phone for
| your immigrant parents that always forget that the call
| is on hold.
| eru wrote:
| They immediately hang up. And I don't sound like a child
| on the phone.
|
| Funnily enough, I am an immigrant parent myself here.
| alisonatwork wrote:
| I get tons of these on my Canadian VOIP number, even I
| don't live in Canada. I can't decide if it's because they
| know a Mandarin phishing will hit 5% of Canadians so it's
| worth the effort to spam everyone or if it's because they
| know who I am and that I can speak passable Mandarin,
| which is somewhat creepier.
| passwordoops wrote:
| Canadian here who can barely get past ni hao... My voice
| mail from SPAM tends to be Mandarin, so I think it's a
| shotgun blast to the 5%
| pavel_lishin wrote:
| As an American with a Texas area code, I noticed a wave
| of Chinese-language+ spam - I recall reading that it was
| some sort of scam involving threats of deportation,
| maybe? But it settled down after a few weeks. Maybe their
| targeting got better, or maybe enough word got around the
| Chinese-speaking community to make the scam unprofitable.
|
| + - I have on idea which language specifically was being
| spoken. Probably Mandarin, but how would I know?
| Scoundreller wrote:
| I have two numbers in the same area code, one work and one
| personal.
|
| I mess with them on the personal line but never the work.
| (Ok, that's slightly different than answering vs not).
|
| Informally, I don't see a difference and this is after
| years of this hilarious activity.
| hoseja wrote:
| I think if you pick up but are silent it's still (mostly)
| fine.
| SkyBelow wrote:
| Pickup but silence might end up being better than letting
| one's voicemail grab it. Would make for an interesting
| study.
| renewiltord wrote:
| I just have a number with a rare area code and then block
| everything from that code using NumberShield, the iOS app. I
| usually have a few voicemails to delete but I don't really
| notice the calls.
|
| I do have to laugh at security, though, since many banks and
| trading companies just call you direct. I've definitely
| received incoming calls that I hesitate about not continuing.
| Fortunately, I'm not too confident in my skill to detect a
| phisher so I always go online to find the official account to
| call.
|
| If they can redirect my call then I'm doomed but often it's
| exactly a completely normal call. They were just calling to
| make sure the wire I set up was intentional. Come on, dude!
| flerchin wrote:
| Seems like a lot of work and upfront capital. I suppose the VC
| ride is truly over.
| joeyagreco wrote:
| Some of these tactics are really clever.
| ttul wrote:
| I run a cybersecurity company and I've had drinks with Krebs at
| various events over the years. He's the real deal, digging up
| dirt on the people who ruin everything for everyone and risking
| his life in the process for a minuscule payoff. I don't know why
| he does it; I suppose it's just the journalist's passion. A
| really nice guy in person too.
| anitil wrote:
| I didn't realise Krebs was a person, I thought it was a
| collection of people using a unified moniker. To your point
| though, we're lucky to have 'unreasonable' people like him, I
| know I don't have the courage
| SnorkelTan wrote:
| His first name is Brian. That's his picture at the top. I
| can't think of any other groups or organizations that have
| the persona of a single person. Can anyone point to an
| example? Genuinely curious about this.
| Scoundreller wrote:
| I think it's on the down low when that's done.
| mikebike wrote:
| Does "Nicolas Bourbaki" count?
|
| https://en.wikipedia.org/wiki/Nicolas_Bourbaki
| devin wrote:
| This is IMO an excellent example, and the one I came to
| post.
| Physkal wrote:
| I always felt Banksy was a collective of artists.
| have_faith wrote:
| Banksy is one person but he does have a team that
| executes most of his projects for/with him.
| jillyboel wrote:
| How do you know?
| MrMcCall wrote:
| Well, for one, he can't film himself installing, e.g.,
| fake artworks in the greatest museums in the world, as he
| did.
|
| And, for those who don't know, he is from Bristol,
| England, the home of the band Massive Attack. I've been
| digging their music lately, especially their songs with
| the late Sinead O'Connor.
| have_faith wrote:
| There's multiple interviews from over the years with
| people that worked very closely with him, including the
| person who was his publicist for a long time (or a very
| similar role, I forget exactly). You can obviously decide
| that it's all part of some long game of deception but
| it's just not needed. No one is trying to arrest him here
| and they haven't seriously wanted to for over a decade,
| he's become an institution like baked beans.
| nickjantz wrote:
| There's video of the creation of the death of a phone box
| piece in his documentary and it was indeed a team of a
| few people.
| dbtc wrote:
| trump
| recursivecaveat wrote:
| I always thought Krebbs was a cybersecurity firm organized
| like a lawyer's or dentist's office, where there is one
| senior person on the cover but they are rarely involved
| with individual pieces of work. Crazy to learn it is just
| one person actually, they do a lot of good work.
| philipwhiuk wrote:
| Previously, McAffee (John McAfee) and Norton (Peter
| Norton).
| dylan604 wrote:
| What about Kaspersky?
| philipwhiuk wrote:
| As it happens, Kaspersky was founded by three people, two
| of which are Kaperskys.
|
| For my mind they also haven't really traded on the
| 'individual security hero come to save you' person(which
| Norton definitely did in the early years).
| creaturemachine wrote:
| Peter Norton also put his photo on the box of AntiVirus.
| geoduck14 wrote:
| Anything Elon Musk owns?
| anonym29 wrote:
| The "Tyler Durden" author on ZeroHedge.
| saghm wrote:
| Using that name specifically has a bit of a different
| connotation than a generic one with no previous
| association like "Brian Krebs", though. If anything, it
| would be _more_ surprising to find out that someone going
| by the name Tyler Durden was just a single, regular
| person rather than something else going on.
| tough wrote:
| We don't know but some argue Banksy could be a team effort
| by now, part of the allure of anon work
| 7speter wrote:
| Same with Shakespeare, though that might've been
| disproven
| drfuchs wrote:
| Mavis Beacon.
| sangnoir wrote:
| I'm not parent, but at some point McAffee could refer to
| either the person or the company in the past.
|
| Whenever I read a Wolfram blog post that floats to the HN
| frontpage, I'm never certain if the post is entirely the
| effort of just Stephen Wolfram, or is a group effort.
| nonameiguess wrote:
| Happens in some artistic fields. Rodin didn't personally
| sculpt all of his sculptures. He directed the effort, but
| it was too much work for one person. I've seen Tom Clancy
| novels continue getting published even though he died over
| a decade ago. I think there are living authors doing the
| same thing, farming out production to ghost writers and
| just signing their name to the end product.
|
| There are famous examples in advice columns, sort of. I
| don't know that any of them have ever been written by
| different people at the same time, but they've maintained
| stable personas and names even as the writers have moved on
| or died. The original founder of the Dear Abby column was
| famously the twin sister of the second iteration of Ann
| Landers and they feuded for the rest of their lives over
| it. They're both dead now but the columns go on using the
| same byline name.
| singleshot_ wrote:
| That Cringely guy who used to post an IT column.
| bostik wrote:
| As a testament to his effectiveness at digging out the various
| online scammers, Akamai "had to" boot Krebs off of their
| service - the criminal gangs wanted him and his website out of
| the picture, and directed enough DDoS volume to overwhelm
| Akamai's ability to handle the load.
|
| IIRC Google intervened and offered to put him behind their
| shield system. Which I think tells more about Akamai than
| anything else. (Krebs's website address resolves to a Google
| network space.)
|
| In a fit of irony, even sometime after that event, Krebs's
| website still sported Akamai's DDoS protection service ads.
| bragr wrote:
| To be fair to Akamai, they were providing their services to
| Krebs free of charge.
| bostik wrote:
| Sure, as a business decision it must have made perfect
| sense at the time - Akamai had bigger (paying) customers to
| protect. But that doesn't make the optics around it any
| less terrible.
|
| The message they were telegraphing with their combined
| actions was effectively: _" We protect some of the largest
| corporations on the planet... but do not have the resources
| to keep an individual journalist and blogger online. Your
| business could be next."_
|
| Whoever made the decision to pull service to Krebs should
| have also thrown their weight around to get those ads off
| of Krebs's website, because the compound outlook must have
| been hideous. (How do you get your ads off of a website
| without causing any more animosity? You quickly renegotiate
| an exclusivity deal and then choose not to run any ads at
| all on it.)
| bravetraveler wrote:
| Heavy is the head that wears the crown _(or offers
| mitigation services advertised on a cybersecurity website)_
|
| If Akamai can't _(or won 't)_ serve Krebs, I'm not sure I
| would want my business to pay them.
| bravetraveler wrote:
| Can't edit now, but a point to this I'd like to add:
| 'serve' could _absolutely_ mean best-effort _(ie:
| filtered, moved, null routed, whatever)_. I don 't intend
| for compulsory weathering-of-the-storm _(for the sake of
| PR)_ , but rather... recognition that this is part and
| parcel with The Business.
|
| Maybe they/partners couldn't weather the storm. Report on
| it; Engineering blogs are all the rage. Being a CDN
| involves more than serving well-traveled bytes, getting
| paid, or touting how big of a reseller you are. Cat must
| chase mouse! Krebs is arguably _the best_ customer for
| this; not e-commerce _(can endure the worst outcome - no
| service)_ and has domain expertise.
|
| If I enter a protection scheme with someone who - after
| all - _isn 't_ all that tough... why would I/anyone
| continue? The internet is a big place.
| donavanm wrote:
| Unless you have direct 1p knowledge Im very skeptical of
| framing that as a capability or capacity problem ("had to"
| "overwhelm" etc). Im very confident it was purely an effort
| vs benefit discussion. Which isnt too hard when the benefit
| is an intangible good will.
|
| Ive worked for a very large CDN, and Ive both unilaterally
| removed a customers access and involved in even more awkward
| "inviting them to use another provider more suited to their
| use case" discussions with account managers, PMs, legal, etc.
| There are a multitude of unsurprising reasons those things
| happen, even for credible and legitimate paying customers. It
| was _never_ because we were "overwhelmed." However attracting
| a high operational burden or cost burden would certainly play
| in to the _business decision_.
|
| As a trivial example a transparently online gambling site
| with nominal jurisdiction somewhere difficult in asia may
| generate very legitimate traffic and even pay their $20 or
| $200 bill. But that revenue isnt worth the cost of scaling up
| our network edge all across the AP for unmetered junk bits
| directed at their distribution, burning goodwill with peers
| when _their_ network gets blown up, or driving more
| operational and security load as their gambling site
| competitors employ more novel and bigger attacks. Simply put
| not all business is worth it, and you dont have to accept all
| customers. Part on reasonable terms when possible and apply
| by relevant laws. Thats the actual obligation.
| bostik wrote:
| While I don't have immediate first-person knowledge, the
| event and decisions were widely reported at the time.
|
| https://www.zdnet.com/article/krebs-on-security-booted-
| off-a... -- note the quote, in particular
|
| https://www.theregister.com/2016/09/26/google_shields_krebs
| / -- _" could no longer shield the site without impacting
| paying customers"_
|
| Krebs's own post from the time does not reference the
| business decisions, only the technical aspects: https://web
| .archive.org/web/20160922124922/http://krebsonsec...
| sim7c00 wrote:
| "without impacting paying customers"
| timcobb wrote:
| This all makes sense. But then since Google is not a
| benevolent entity either, why did Krebs make sense as a
| customer for Google and not for Akamai?
| tokioyoyo wrote:
| Very good PR that will get shared in the groups like this
| one, where some of us are in decision making tables for
| purchasing such products?
| dylan604 wrote:
| Every company I've worked for has certain clients/customers
| that the company would (for various reasons) be better off
| financially to no longer have those clients/customers. At
| some point, those internal conversations become much less
| awkward as every realizes the reality of the situation.
| Those companies that had to undergo bidding processes
| usually fixed the glitch at that time by making very
| noncompetitive bids.
| greentxt wrote:
| Even worse in health insurance.
| sollniss wrote:
| He also doxxes random people just because their tool got abused
| as malware.
|
| There's a German community donating thousands to cancer
| research each year because "fuck Krebs" (Krebs means cancer in
| German).
| nilsherzig wrote:
| Pr0s js crypto miner?
| IG_Semmelweiss wrote:
| There are so many non-techy folks that are getting run over by
| phishers. If tech workers can also be targeted, the rest really
| have no hope.
|
| I really wish someone would make movies or enticing thriller
| series out of these post-mortems. There are some good stories to
| be told, plus it would help the most vulnerable to be better
| prepared..
| acomjean wrote:
| We've lost control of the telecom system. The fact you can't
| trust caller id and bad actors aren't banned still astounds me.
| doix wrote:
| Yep, we need the equivalent of DMARC, DKIM, and SPF for the
| telecom system. We solved it for email, feels like we should
| be able to solve it for telecom.
|
| I really hate any system that relies on the telecom system
| for any sort of verification. I hate every
| website/app/whatever that doesn't let you disable SMS
| verification as a "backup". So many places that offer (and
| even force) 2FA just let you bypass your authenticator with
| SMS verification.
| ceinewydd wrote:
| This exists. https://en.wikipedia.org/wiki/STIR/SHAKEN
| dqv wrote:
| And it does work, despite what people will say. My
| carrier blocks outbound phone calls from caller IDs of
| number we don't own. The next step will be to for
| carriers to start refusing calls that don't pass
| attestation.
| pavel_lishin wrote:
| My carrier is GoogleFi, and I still get several phone
| calls a day with my cellphone's area code as the incoming
| number. (At least, it makes it easier to ignore those
| calls. I really wish I could program my phone to
| automatically reject any calls from that area code if
| it's not in my phone book.)
| dredmorbius wrote:
| It exists.
|
| It's utterly ineffective to the scale of attack.
| dcrazy wrote:
| It's still being deployed. Or more precisely, it's now
| mandatory and the service providers which haven't
| implemented it are in the process of being forcibly
| removed from the PSTN:
| https://natlawreview.com/article/fcc-cracks-down-are-you-
| rea...
| ipython wrote:
| Yes. Now tell me how I can determine the stir/shaken
| attestation level of a given incoming call to my iPhone
| before I answer it.
|
| (The answer in my experience is: you can't, and next,
| nobody knows what the different attestation levels mean,
| and many legit calls still come in without any
| attestation)
|
| It's like if browsers only told you that https was
| enabled _after_ you POSTed your credit card number to the
| remote site.
| ForHackernews wrote:
| The FCC is fixing this: https://www.fcc.gov/call-
| authentication
| miohtama wrote:
| Finland passed a law that simply forbids forging caller IDs
| and forced telecoms to implement it in 2024.
|
| https://ficom.fi/news/combatting-scam-calls-and-smss-how-
| fin...
| anotheruser13 wrote:
| STIR/SHAKEN isn't helping much either. The carriers are all
| about that sweet, sweet revenue...
| BurningFrog wrote:
| This is really a case where PSAs/ads could actually help.
|
| The targeted old people still watch TV, and * hearing* the
| actual fraudulent pitches will be far more educational than
| reading about it.
| jmward01 wrote:
| I am glad this kind of reporting happens but I am sad it is
| needed. This type of crime is violent in nature. I would rather
| be mugged than have this happen to me. Being mugged just gets you
| hurt but this can destroy you and your family.
| dcrazy wrote:
| It's worth pointing out the incongruity of calling online theft
| "violent in nature" and then directly comparing it to mugging,
| which works off the threat of implied violence.
|
| You clearly understand the difference between violence and mere
| deceit. The fact that this _isn't_ a violent crime is probably
| relevant to its popularity, since recruiters don't have to
| filter for people who are willing to resort to violence in the
| face of resistance.
| voidpointer wrote:
| The relative ease with which called-IDs can be spoofed seems to
| be one of the major "tools" with which scammers can gain the
| trust of their victims (or trick other systems into believing
| that they are the victim). Most of the non-technical folks I know
| will also more or less blindly trust a caller-ID. Fortunately,
| many scammers (at least here in Europe) are still calling you
| claiming they are interpol following up on your Paypal account
| being breached whilst a +233... number shows on your phone.
| ForHackernews wrote:
| > KrebsOnSecurity recently told the saga of a cryptocurrency
| investor named Tony who was robbed of more than $4.7 million in
| an elaborate voice phishing attack.
|
| > Stotle's messages on Discord and Telegram show that a phishing
| group renting Perm's panel voice-phished tens of thousands of
| dollars worth of cryptocurrency from the billionaire Mark Cuban.
|
| > Cybercriminals involved in voice phishing communities on
| Telegram are universally obsessed with their crypto holdings,
| mainly because in this community one's demonstrable wealth is
| primarily what confers social status. It is not uncommon to see
| members sizing one another up using a verbal shorthand of "figs,"
| as in figures of crypto wealth.
|
| Seems like this is all players playing each other.
|
| Does this stuff also affect normal people who have real money in
| the bank and not digital Chuck E Cheese tokens? I don't think my
| 401k provider has a one-click "bankrupt yourself" button.
| burningChrome wrote:
| >> In Tony's ordeal, the crooks appear to have initially
| contacted him via Google Assistant, an AI-based service that can
| engage in two-way conversations.
|
| This type of scam has been going on since the early 2000's.
|
| Back in the day when I was a fresh faced high school kid working
| for a mom and pop wireless shop, criminals would use the NAD rely
| system to call dealers like the one I worked for. They'd offer
| credit card payment for phones without any service on it ask for
| it to be mailed to a PO Box. Back then, companies like Verizon
| subsidized their phones so to buy a phone without any service on
| ran $500+ and we rarely, if ever sold phones without service on
| it since that's how me made our money.
|
| As soon as a new model phone would come out, it was like
| clockwork. We'd start getting relay calls everyday for about a
| week. Once they figured out we weren't a mark, they'd stop.
|
| Kind of interesting thieves are just utilizing newer technology
| for the same type of scam.
| somerandomqaguy wrote:
| True the underlying scam is the same, but the operating costs
| have gotten quite a bit cheaper. Before one person could only
| call one target at a time, today with a good SIP trunk a single
| person can target thousands of numbers a day and not even have
| to be present. It can be just a background task running on
| their desktop while the scammer goes to their normal 9 to 5.
| EvanAnderson wrote:
| My parents' independent gas station in rural western Ohio (in a
| town of sub-1000 population, albeit on a state route that sees
| significant commuter traffic) was targeted for a voice phishing
| scam over the last week. A caller left voice messages to multiple
| recipients (we're not sure how many, but it seems like at least
| double-digits) purporting to be the gas station and asking to
| settle-up unpaid bills via credit card over the phone. I didn't
| get to hear any of the callers, unfortunately. The call-back
| number they left wasn't the gas station's number, nor was the
| caller ID the gas station's number.
|
| At first I felt like it was probably a small-time local scammer.
| Then I thought about how close we are to being able to run this
| entire scam using fully automated means (including voice
| assistant software and an LLM to talk to the callers, probably
| with a human in the loop for handing exceptions). I assume we'll
| see a rash of these kinds of scams targeting local businesses
| once the tool kits to run them become widely available.
|
| The idea of building up the automation to run that scam sounds
| like fun. I wouldn't actually do it but somebody with fewer moral
| scruples absolutely will (or, rather, probably already has).
| ge96 wrote:
| It is neat like with Twilio you can produce that audio file for
| the voicemail with XML but yeah I have no drive to screw
| someone over myself
| anotheruser13 wrote:
| Voice phishers are looking for people to say "yes" and read
| numbers. Just say no!
| ksenzee wrote:
| Does that really even matter anymore, now that we can
| generate anyone's voice saying anything?
| shkkmo wrote:
| Follow the same steps for callers whose voice you don't
| recognize, before giving any financial information or
| reading any codes, call the person back using a verifiable
| good number.
| fortran77 wrote:
| For now, much of this can be avoided by always hanging up if you
| receive a call from google, apple, etc, and then--if you really
| thing there's something going on--contact them via an official
| way documented on their website.
|
| Of course, they try to catch people off-guard as they did Mark
| Cuban.
|
| When I tell my bank or broker if I should get a call that I'm
| going to hang up and call back on their main number, they always
| understand and support it.
| nottorp wrote:
| > Included in the message was a link to a website that mimicked
| Apple's iCloud login page -- 17505-apple[.]com.
|
| So... the main culprits are the idiots that hide the page URL in
| the name of user friendliness?
| abhayhegde wrote:
| I have been receiving various spam texts under the pretext of
| USPS has lost my mails and would like to reaffirm my address to
| them. The scammers are pretty smart to build an identical looking
| to site USPS (pretty easy if they copy CSS but change the
| endpoint for form submissions). Those with the keenest eyes and a
| bit of commonsense can dodge these types of phishing.
| ipython wrote:
| Tbh at least iPhone iMessage protects even the less
| knowledgeable from just blindly clicking through these links.
|
| I've received at least a half dozen of these in the past week.
| Every time, the link is disabled so you actually have to copy
| and paste the url into safari. In fact the scammers even
| helpfully include instructions for someone to scam themselves
| in the text message. Here's one of the most recent ones:
|
| > (Please reply Y, then exit the text message, reopen the text
| message activation link, or copy the link to Safari browser to
| open it, and get the latest logistics status) Once your
| verification is completed, we will arrange delivery again
| within 24 hours. Have a great day from the USPS team!
| anotheruser13 wrote:
| Any time you get a message purporting to be from the USPS
| saying there's a delivery problem and you need to pay a small
| fee to fix it, it's a scam. Block and report.
| lifeisstillgood wrote:
| My takeaways
|
| 1. The prime target list is people with crypto accounts. You can
| steal from them much more easily than the real banking system.
| The guys who got _Mark Cuban_ must have been super pumped until
| they only got 40 grand.
|
| 2. Remote Teams of thieves who scam remote people over the phone
| tend to be morally lax enough to steal from their teammates and
| so the teams only last a few weeks. Which is weirdly opposite to
| the advice for bankers which is crimes occur less when WFH
|
| 3. Why did I not get the domain "commandandcontrolserver.com" -
| that's cool!
|
| 4. This is so easy to fall for. But it's fairly hard to steal
| "real" money, and honestly we should pressure banks to make it
| even harder - something along the lines of "want a loan, visit a
| branch in person" and similar fraud reduction choices. Criminals
| are showing us the way - they target easy to steal / easy to get
| away crypto - so run in the opposite direction
___________________________________________________________________
(page generated 2025-01-08 23:00 UTC)