❮❮prevnext❯❯

Visiting with my folks (mom/aunt), my mom was asking for tech help, the biggest part was going over some spam phishing and making sure she could ignore it. (Mostly that norton/mcafee 'you've been billed' crap along with the odd 'we charged you for your new mobile phone purchase, contact us if that was a mistake;)

Time was the "tells" for phishing were obvious (misspelled words, funky as hell URLs, weird formatting - besides the classic outlandish Nigerian royalty cover stories) and rumor was that was by design - it was a first filter only the gullible would through, anyone smarter than that low bar weren't worth trying for. But there's been upgrades in the professionalism, and this whole genre of fake-corporate that can look pretty real.

it's tough getting people suspicious enough and in the right ways - especially fraught as loved ones get a bit older and crystal clear rationalizing can get muddled in age - and it could get so much worse, between new ways of paying (venmo, zelle, whatever digital currency nonsense some techbros manage to make happen), and AI fueled scams, like that one I've heard about where they can fake a loved one's voice to mock up an interactive plea to help send bail money or whatever. (And now my mind is full of other threats like keyloggers and what not )

The 2 part scams where some human (soon to be AI) calls you to get your details as a follow up for a situation primed by email or text are HUGELY dangerous- the "helpful" voice getting back to you is such a vast reassurance. And once they get their hooks into you, there are weird reverse scams. Stuff where a small refund situation becomes oh we accidentally sent you TOO much money, we're made at you, you have to make this right.

Bedrock principles to try to instill in vulnerable folks - which is all of us, really -
* never EVER reactively give out any financial /payment information. 99% such requests are scammers; for the last 1% you have to insist on going to a well known URL and making your own path to login - never trust a link someone hands you.
* be even MORE paranoid about direct bank information; credit cards still carry some limited protections in a way debit cards etc don't. (other payment methods... well be careful of things that can automatically suck out from your bank account, glance at the transactions)
* I guess 2FA (where a bank or company will send you a text) can help, but make sure you haven't inadvertently told them (like they ask for your email or phone, then send you a message "to confirm its you"). These only work because you previously gave them the extra path.
* Like ignore messages that say "thank you for your order/renewal, let us know if its a mistake" - instead, keep an eye on actual withdrawal records from your account, and if you want to investigate something start from there - be suspicious of one-off billing notifications

Oy. I find my usual liberal sympathies are taxes trying to come up with any forgiving thoughts for these scammers, and I hope hammers of justice come down on them hard enough to be a deterent to others.