Technology Enabled Scams
I have a landline and a cell phone. Calls on the landline number, which I have had for much longer, are almost never from people I want to call me, usually scams. They, plus my much larger volume of scam emails — I have never been very careful about concealing my email address — give me a first-hand picture of ways of swindling people enabled by the Internet.
One of my favorites I first came across almost thirty years ago in a message on a Usenet group:
Mass Production Blackmail
I believe that it is okay to have sex before marriage unlike some people. This way you can expirence different types of sex and find the right man or woman who satifies you in bed. If you wait until marriage then what if your mate can not satisfy you, then you are stuck with him. Please write me and give me your thoughts on this. You can also tell me about some of your ways to excite a woman because I have not yet found the right man to satisfy me.
The message is read by thousands, perhaps tens of thousands, of men. A hundred or so take up the implied offer and email responses. They get suitably enticing emails in response – the same email for all of them, with only the names changed. They continue the correspondence. Eventually they receive a request for fifty dollars – and a threat to pass on the correspondence to the man’s wife if the money is not paid. The ones who are not married ignore it; some of the married ones pay. The responsible party has obtained $1,000 or so at a cost very close to zero. Mass production blackmail.
A version I came across more recently was an email informing me that the sender had taken over my computer and recorded me watching pornography, would refrain from making the videos of me doing so public in exchange for a modest payment. How my computer’s camera could be used to record a video of me watching pornography, which would seem to require a viewing position that showed both my face and the screen, was not explained. But the author doesn’t have to actually do it, only find people who will believe he did.
This, like the previous scam, depends on getting a message to a very large number of people at a low cost in the hope that some of them will fall for it.
A variant becoming increasingly practical uses forged evidence. Find an image of your target — lots of people have pictures of themselves on their Facebook page or other places online. Modify it to produce an image of the target naked engaged in group sex, or beating a child, or doing something else he or she would not want other people to believe. With the latest AI software you can, or soon will be, able to make it into a video. Threaten to make your creation public if not paid off.
This has the advantage of not requiring a target who can be fooled — you can show him the images. It does require a target who believes, perhaps correctly, that other people can be, that some of them will believe the forged images. It has the disadvantage of requiring individualized effort for each target.
But as AI gets better …
Legal Services
I encountered the latest version of the mass production approach multiple times in recent weeks. It takes the form of a phone call from a legal services firm which knows that I was recently the victim of a traffic accident for which I have not yet collected adequate damages and is offering to help me out.
I have not recently been the victim of a traffic accident. The voice is a recording. Presumably they are calling people at random, lots of people. A few have been victims of traffic accidents and would like help collecting damages. A few more have not been victims of traffic accidents but figure that there might be a way of getting money from someone who thinks they have been. I have played along far enough to be connected to someone with an accent who told me that they have a team of attornies, but when I expressed skepticism she hung up on me. Presumably the next step is either a request to be paid for their help or an offer to collect the damages for me.
Computer Services
The call from Microsoft offering to help me with my Windows computer would be more believable if the speaker did not have an Indian accent. Also if I had a Windows computer — but many people do. I have not tried to follow up on what sort of help is being offered but I assume I would either be asked to pay for it or to give the voice over the phone access to my computer, which could be used in various profitable ways — although not to me.
Deepfake Theft
A finance worker at a multinational firm was tricked into paying out $25 million to fraudsters using deepfake technology to pose as the company’s chief financial officer in a video conference call, according to Hong Kong police.
…
However, the worker put aside his early doubts after the video call because other people in attendance had looked and sounded just like colleagues he recognized, Chan said. (CNN)
Ransomware
… more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem, and difficult-to-trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and prosecuting the perpetrators difficult. (Wikipedia, Ransomware)
Writing about the implications of what I described as a world of strong privacy,1 I predicted all of it in 2008.2
A modern criminal who preferred extortion to theft could hold the contents of computers for ransom using either a downloaded ActiveX control or a computer virus – and take advantage of the power of public key encryption. Once the software gets onto the victim’s computer it creates a large random number and uses it as the key to encrypt the contents of the hard drive, erasing the unencrypted version as it does so. The final step is to encrypt the key using the criminal’s public key and erase the original.
The next time the computer is turned on, its screen shows a message offering to unencrypt the contents of the hard drive for twenty dollars in anonymous ecash, sent to the criminal through a suitable remailer. The money must be accompanied by the encrypted key, which the message includes. The extortionist will send back the decrypted key and the software to decrypt the hard drive.
From the standpoint of the criminal, the scheme has two attractive features. The first is that since each victim’s hard drive is encrypted with a different key, there is no way one victim can share the information about how to decrypt it with another – each must pay separately. The second is that, with lots of victims, the criminal can establish a reputation for honest dealing; after the first few cases, everyone will know that if you pay you really do get your hard drive back. So far as I know, nobody has done it yet, although there was an old case involving a less sophisticated version of the scheme, using floppy disks instead of downloads.
(Future Imperfect, Chapter XI: The Future of Computer Crime)
Modern technology is wonderful, but every silver lining has its cloud.
and part, minus cryptocurrency for the payoff, in 1995, in the course that Future Imperfect grew out of — see my lecture notes from that year at “G. Virus blackmail?”
I used to have AT&T as my Internet provider. They outsourced some of their functions, such as e-mail, to Yahoo. There was a time when I was having e-mail problems, and tried to get technical support. I couldn't find any through AT&T, so I looked for a Yahoo Web site. The one I found had someone who asked me for information that would have given them access to my computer, in a way a reputable help line (such as Apple's) never asks for. As far as I could tell, Yahoo does not maintain any actual help line; there are only fraudulent pretenses at being Yahoo. That didn't cause me to drop AT&T, but when I decided to do so for other reasons, I counted being free of Yahoo as a fringe benefit.
I should add that you ignored the whole category of "Romance Scam" where someone befriends a recent widow or (usually female) recent divorcee and convinces them to hand over significant amounts of money.
This kind of thing has actual call centers and (sadly) often the people working the call centers are effectively enslaved by others and are just as much victims as the people they scam - see articles on "pig-butchering" e.g. https://www.vice.com/en/article/n7zb5d/pig-butchering-scam-cambodia-trafficking
As a PSA if someone has been scammed like this, the following is a good resource to get help
https://avahoutreach.org/