Tuesday, April 05, 2022

Rats in cyberspace

 Many years ago I posed the question "Where have all the scammers gone?" At that time most scams were worked through email or phone calls but the frequency of both seemed to be diminishing. I now realise that the attention of these parasites has been shifting to text messages sent to mobile phones and to the manipulation of social media. My first-hand experience of scammers on both media is almost zero.

Today's scammer sends a text (sometimes an email) to a victim (that is to say, many texts to random numbers, hoping one or two will take the bait). Here are some of the variations:

  • It promises huge returns if they will only send some money to an untraceable account, usually a cryptocurrency. This may be linked to a stolen social media account as outlined below.

  • It breathlessly begs for help, an emergency code is needed, please receive it on behalf of the sender. The catch being that this will be the reset code for the recipient's own account with Instagram or some other site, and the scammer is using the reset password technique to take control of it. Often the scammer has already got control of another Instagram site and is using that site's contacts. A victim who receives a message apparently from someone they follow is more likely to fall for the scam. The scammer will then seek to monetise their corrupted accounts by inviting their contacts to send them money through some subterfuge such as "I am making huge profits on crypto, you can too, just send me your startup investment".

  • The scammer pretends they were trying to contact a friend or business contact, apologises for making a mistake and then tries to start a conversation anyway. The endgame here is to lure the victim into "investing" in cryptocurrency though a website that the scammer has set up. Or perhaps to start a longer term "friendship" which will sooner or later result in a plea for financial help. Charmingly, this is known as the "pig-butchering" scam, an expression of Chinese origin.

  •  It just has a weblink, often in an obscured form which makes it hard to see where it is really going. This may lead directly to an attempt to download malware to the victim's phone or to do identify theft by asking for a login and other personal details. And yes, there are people who click on links even though they haven't the faintest idea of what they are.

  • It pretends to be from a bank, or Amazon or similar and says a payment has been blocked and the account must be verified by clicking on a link, which will then harvest as much personal detail as the victim is stupid enough to supply. The giveaway in all these cases is that the text will not address the victim by name and account number and will come from a phone number or email address that is obviously not from the institution that it claims to be.

What is frightening is the huge number of people who fall for them. I regularly read the r/scams forum on Reddit where these exploits are publicised and discussed. Although the public opinion on scam victims is that they are usually the out-of-touch elderly, it is clear that naive young people are as likely to be taken in. Some will respond at once to any message, even if sent in the middle of the night when they are groggy with sleep. Some just click first on any link then worry about it afterwards. Some will look at an obvious scam (such as "This is the president of the World Bank, I have $50million hidden away and need your help to get it") and then make a plaintive posting asking "Is this a scam?". 

Then there are the willing victims, driven by either greed or lust. The greedy fall for adverts promising stupidly high financial returns on "investments"; almost always these are for cryptocurrencies. The websites that lure them in may look convincing and may even provide regular updates, once they have made an "investment" showing increases in value. But requests for withdrawals will be met either with the blocking of the account or a claim that taxes or other fees have to be paid first so please send some more cash (needless to say nothing will ever be repaid).

A separate group of willing victims are those who go to internet dating sites, contact a "girl" and swap nude pictures. The victim supplies photos showing their faces and giving real personal details. The "girl" supplies pictures stolen from the net and has an entirely fake profile. Then the "girl" blackmails the victim saying they will send the nudes to their family and friends unless a payment is made. Or they contact the victim, using a different profile and claiming to be the husband or father of the"girl", and threatening exposure and violence. Of course, the scammers do not know who the family and friends of the victim are and are unlikely to do anything at all, other than make empty threats. But that does not stop large numbers of frightened young men making payments to buy them off and then receiving more demands for cash.

Living quietly as I do in retirement, it now becomes plain why so many of these scams have passed me by.


No comments:

Post a Comment