Sunday, August 11, 2024

Never, Never Say Yes

A couple of weeks ago, a groundhog nibbled my inadequately buried cables, and I lost my landline for more than a week. I thought that there would be a silver lining, in that, with an engaged signal on the line for would-be callers, surely the scammers would give up.

Not so. When my service was restored, my second call (the first was from the cable company to tell me that they'd done their work) was from a caring-sounding someone wanting to know if I can hear her.

Her goal was to record me saying, "Yes".

When does one lower ones guard? A lengthy political survey would be the perfect ruse to trick victims into saying all sorts of useful things, including "Yes".

If informed voters either say "No" to every pollster's question (in which case, pollsters usually end the survey when the answer to whether or not one intends to vote in the November election is no) or the voters hang up on them or block them, we might infer that political poll results might be unusually inaccurate this year.

Cameron Abbott, Rob Pulham, Dadar Ahmadi-Pirshahid, and Adam Asadurian of the cyber law watch blog owned by lawfirm K & L Gates LLP discuss the astonishing perils of scam calls.

https://www.cyberlawwatch.com/2024/07/10/ais-next-frontier-the-new-voice-of-scam-calls/#page=1

In "AI's Next Frontier  The New Voice of Scam Calls", the lawyers discuss recent, frightening innovations to the "Hallo, Grandma" "imposter calls", and also the recent study by QR Code Generator.

In my case, the "Hello, Grandma" calls are way fewer than 33%. I get a lot of calls from sullen foreigners who tell me that they are calling from my TV provider, but they do not know who provides my TV service. I probably talked too much in establishing that!

According to the cyber law watch bloggers, scammers can create voice clones from mere seconds of a recording of a potential victim's family member's voice.

They elaborate. It's a worthwhile two-minute read.

No thanks to AI and autocorrect, scam emails are less easy to recognize by the bad grammar alone. Some neighbors on Next Door have recently suggested that overly polite and lengthy text messages might be a sure sign of a scam in the making.

Apparently, a popular scam on social media sites is where the potential victim offers to sell something second hand. The would-be scammer offers to mail a check. The mailed check arrives and is for a greater amount than the agreed price. The scammer then asks the victim to encash the check and use PayPal or Venmo (or whatever) to quickly return the excess. The scammer pockets the excess, disappears with whatever was "purchased" and meanwhile the original check proves to be a forgery or it simply bounces.

The social media seller loses the sold item, the excess amount returned to the scammer, also banking and overdraft fees, and possibly more.

An oldie but goodie of the anti-scam advice type comes from an EFF blog from last October about the hack of one of the two best-known social DNA testing businesses. In this breach, the scammers wanted to know who in America has even 1% Jewish ancestry. The trouble with that is that one of the business's Jewish ancestry results were an absolute FUBAR (false positives).

The EFF link:  

Allegedly, they got in using "credential stuffing" which is where a bad actor takes email addresses, names, and passwords that were exposed in other data breaches and try them out on new platforms, because, of course, people re-use passwords.

Cybercrime Magazine just published an astonishing list of the most recent data breaches up to yesterday (August 10th).
 
Bluefin has more details on other 2024 breaches and leaks.

"Credential Stuffing" is a concept that should concern anyone who has done business with Intel, AT&T, Corewell Health, McLaren Health, ADT, Verizon, Bank of America, Dell, Microsoft, Ticketmaster, and many more as revealed by Bluefin and Cybercrime Magazine.

 All the best,

 Rowena Cherry 
 SPACE SNARK™ 

 

 

No comments:

Post a Comment