Conversation

Notices

1. Embed this notice
   Paul Cantrell (inthehands@hachyderm.io)'s status on Thursday, 22-Feb-2024 10:41:38 JST Paul Cantrell

   Fascinating account of what a successful con looks like:
   https://www.thecut.com/article/amazon-scam-call-ftc-arrest-warrants.html

   …and a hell of a paragraph toward the end:

   • Embed this notice
     Paul Cantrell (inthehands@hachyderm.io)'s status on Thursday, 22-Feb-2024 10:42:05 JST Paul Cantrell

     in reply to

     Police interrogators as con artists. 🤔🤔

   • Embed this notice
     Paul Cantrell (inthehands@hachyderm.io)'s status on Thursday, 22-Feb-2024 11:05:00 JST Paul Cantrell

     in reply to

     • Aaron

     @harpaa01 She did the latter: checked her Amazon account, found nothing. But they said that it was her Amazon •business• account — “I don’t have one” “We show that you have two” — and that sounded plausibly like identity theft.

   • Embed this notice
     Aaron (harpaa01@mastodon.social)'s status on Thursday, 22-Feb-2024 11:05:01 JST Aaron

     in reply to

     @inthehands the crazy thing about this con is that it plays like it could be straight out of one of Kevin Mitnick's books on social engineering.

     And the entire con would have been stopped cold had this author done the trivial thing of 1) being suspicious that Amazon was doing a voice call in the first place because calling people is too expensive, and then 2) going and checking her Amazon account or at least calling Amazon back at their known number.

   • Embed this notice
     Aaron (harpaa01@mastodon.social)'s status on Thursday, 22-Feb-2024 11:52:25 JST Aaron

     in reply to

     @inthehands ah, missed that nuance! So the root of her issue was continuing to just rely on the contact info of the people who reached out to her instead of reaching out to known real Amazon CS agents.

     idk, maybe my sensitivity is more heightened to this since i did read Kevin Mitnick's social engineering book, but the author acts like this was a sophisticated attack which in some ways it was, but also it was trivially easy to debunk.

   • Embed this notice
     Paul Cantrell (inthehands@hachyderm.io)'s status on Thursday, 22-Feb-2024 11:52:25 JST Paul Cantrell

     in reply to

     • Aaron

     @harpaa01
     Part of the point of the article was that it was so trivially easy to debunk, and she’s the sort of diligent and skeptical person you wouldn’t think would fall for it, and it still got her — and when it did everyone around her had pretty much the same reaction you did (should’ve known, your fault), which is exactly the reaction she would’ve had to something like this before it happened to her.

   • Embed this notice
     CuriousMatter (curiousmatter@mastodon.social)'s status on Thursday, 22-Feb-2024 13:34:14 JST CuriousMatter

     in reply to

     • Aaron

     @inthehands @harpaa01 Practically everyone can be scammed. Cory Doctorow was just talking about that on The Big Story (https://thebigstorypodcast.ca/2024/02/13/a-story-about-how-anyone-yes-even-you-can-get-scammed/) last week. Everyone's defenses have holes. If you're sharp and skeptical, maybe your defenses have more layers and fewer holes. But under the right (wrong) circumstances, the holes line up and the scammers get through. His story, like hers, involves scamming by fraudulent fraud detection. I like to think I'm vigilant, but you only need to slip up once.