I used to have AT&T as my Internet provider. They outsourced some of their functions, such as e-mail, to Yahoo. There was a time when I was having e-mail problems, and tried to get technical support. I couldn't find any through AT&T, so I looked for a Yahoo Web site. The one I found had someone who asked me for information that would have given them access to my computer, in a way a reputable help line (such as Apple's) never asks for. As far as I could tell, Yahoo does not maintain any actual help line; there are only fraudulent pretenses at being Yahoo. That didn't cause me to drop AT&T, but when I decided to do so for other reasons, I counted being free of Yahoo as a fringe benefit.
I should add that you ignored the whole category of "Romance Scam" where someone befriends a recent widow or (usually female) recent divorcee and convinces them to hand over significant amounts of money.
I looked at pig butchering online, but it doesn't seem to involve anything that couldn't be done with the technology of a century ago. The only difference is that it is easier to do it at long distance. But back then the scammer could meet the target in real space, continue the scam by mail or telephone, and be far away by the time anyone realized what was going on.
It's true most of it is a con trick. But then many online scams are con tricks of one sort or another, even the "I've got pictures of you masturbating to porn" ones could be rewritten to imply someone with a camera and telephoto lens in decades gone by.
The main thing the internet has done is lower the barrier to entry for the scammers and made it easier to cast a far wider net to catch victims
One of the huge advantages of modern technology is that it has massive reduced the cost of communicating with people around the globe. Unfortunately that huge advantage is a huge advantage for bad people too. So now it is possible for almost zero cost to contact millions of people with a scam and hand the suckers that reply on to someone to process further. I have no doubt that AI will be used for some of the intervening layers too now so that an actual human criminal only needs to get involved when the sucker has been properly hooked
All fine examples. Technology can also prevent scams, of course, but sometimes the legal and social world can't move fast enough to implement the preventative tech. There is an asymmetry, because scams can often prey on the weakest link in the chain, whereas prevention requires all the links to be strong.
Telephone fraud is a good example. AT&T (or whoever your provider is) do not want scammers making nuisance calls to your phone. It degrades the value of their service to you, and makes you less willing to pay. If they found out one of their subscribers was making nuisance calls, they would kick them off sharp. And they have the technology to find out what their subscribers are up to.
But just 2% of robocalls originate from major carriers like AT&T. Scammers are typically on unscrupulous or incompetent telcos, in countries with dubious governance. This allows them to abuse the SIP protocol, misrepresenting their identity, and to evade consequences when they are caught. There are plenty of technological fixes (STIR/SHAKEN is the one the FCC has chosen), but there hasn't yet been sufficient legal/regulatory change to fix the problem, although it has ameliorated. The scammers' tech isn't ahead of the industry, but they just have to stay ahead of the FCC.
If telephony were a free market, I suspect the problem would have been solved long ago, as AT&T and the other tier 1s would have used their market power to enforce STIR/SHAKEN (or similar) worldwide, and simply drop all traffic from non-compliant or fraudulent telcos. Another example of how "consumer protection" regulation really hurts everyone.
The MagicJack service turns your landline phone into an Internet phone for $43 a year. The device itself is $50, though they have periodic giveaways. I haven't gotten a single spam call since. I just had to turn on “Automated Call Screening” in my account settings. This means callers have to tap a number before getting connected, such as "3" or whatever it is at that moment. Spammers can’t tap because they use auto dialers. Setup involves plugging in the MagicJack device, about the size of a fat thumb drive or memory stick. All you do is connect a phone cable between your phone and the MagicJack, then connect the other cable to your router/modem.
An old friend of mine fell for the Windows scam. It is just a typical Ransomware scam, they install TeamViewer and install some locker tool, and then demand money to remove it, by Bitcoin.
I keep my old university email for quite a few things, and a few years ago I noticed that warnings pop up from time to time asking if I'm sure what I just opened is a real email. Sometimes it is, sometimes it's a phishing or scamming attempt. It seems to be relatively effective at at least noticing unusual emails.
I have been doing internet and computer security for decades. I receive a lot of fraudulent e-mails and phone calls - and in general, I don't answer phone calls from unknown numbers unless I am expecting a call from that particular area code in a time period of interest. And my work e-mail gets lots of marketing contacts trying to sell me or my company various business services. I bit bucket everything and I don't try to be polite. As for generated compromising images, there is nothing that anyone can do to prevent it, so ignore it. That will probably be a big thing for a year or two, but it will be over-exploited and people will learn to ignore it - and in the process ignore real issues. Frankly, if someone was worred about images / video of some activity leaking, probably the wisest counter would be to generate a wide number of variants and spread them as well. And then deny everything and let reasonable doubt and justified distrust of sources deal with the issue.
There is the Nigerian money scam, which is still going around. I ran across that the first time in the 90's. And there is a call by an 'IRS agent', I got one of those a few weeks ago. And there are perpetual 'your account has been suspended' at Amazon, name your bank, .... e-mails with links to follow to compromise you. And there are a number of 'please log in to confirm your ______ requests' - some of those could be legitimate, but if they provide a link I would not follow it. Log into the account independently.
One small nit regarding the possibility of capturing both camera and simultaneously capturing screen content. If an attacker has one, they almost certainly have both. However, unless it was some type of live call, they would indeed be separate feeds that would have to be merged in post.
My point was that the separate feeds would not be evidence that you had watched porn, since it doesn't show that the screen content is from your screen.
I used to have AT&T as my Internet provider. They outsourced some of their functions, such as e-mail, to Yahoo. There was a time when I was having e-mail problems, and tried to get technical support. I couldn't find any through AT&T, so I looked for a Yahoo Web site. The one I found had someone who asked me for information that would have given them access to my computer, in a way a reputable help line (such as Apple's) never asks for. As far as I could tell, Yahoo does not maintain any actual help line; there are only fraudulent pretenses at being Yahoo. That didn't cause me to drop AT&T, but when I decided to do so for other reasons, I counted being free of Yahoo as a fringe benefit.
I should add that you ignored the whole category of "Romance Scam" where someone befriends a recent widow or (usually female) recent divorcee and convinces them to hand over significant amounts of money.
This kind of thing has actual call centers and (sadly) often the people working the call centers are effectively enslaved by others and are just as much victims as the people they scam - see articles on "pig-butchering" e.g. https://www.vice.com/en/article/n7zb5d/pig-butchering-scam-cambodia-trafficking
As a PSA if someone has been scammed like this, the following is a good resource to get help
https://avahoutreach.org/
I looked at pig butchering online, but it doesn't seem to involve anything that couldn't be done with the technology of a century ago. The only difference is that it is easier to do it at long distance. But back then the scammer could meet the target in real space, continue the scam by mail or telephone, and be far away by the time anyone realized what was going on.
It's true most of it is a con trick. But then many online scams are con tricks of one sort or another, even the "I've got pictures of you masturbating to porn" ones could be rewritten to imply someone with a camera and telephoto lens in decades gone by.
The main thing the internet has done is lower the barrier to entry for the scammers and made it easier to cast a far wider net to catch victims
One of the huge advantages of modern technology is that it has massive reduced the cost of communicating with people around the globe. Unfortunately that huge advantage is a huge advantage for bad people too. So now it is possible for almost zero cost to contact millions of people with a scam and hand the suckers that reply on to someone to process further. I have no doubt that AI will be used for some of the intervening layers too now so that an actual human criminal only needs to get involved when the sucker has been properly hooked
All fine examples. Technology can also prevent scams, of course, but sometimes the legal and social world can't move fast enough to implement the preventative tech. There is an asymmetry, because scams can often prey on the weakest link in the chain, whereas prevention requires all the links to be strong.
Telephone fraud is a good example. AT&T (or whoever your provider is) do not want scammers making nuisance calls to your phone. It degrades the value of their service to you, and makes you less willing to pay. If they found out one of their subscribers was making nuisance calls, they would kick them off sharp. And they have the technology to find out what their subscribers are up to.
But just 2% of robocalls originate from major carriers like AT&T. Scammers are typically on unscrupulous or incompetent telcos, in countries with dubious governance. This allows them to abuse the SIP protocol, misrepresenting their identity, and to evade consequences when they are caught. There are plenty of technological fixes (STIR/SHAKEN is the one the FCC has chosen), but there hasn't yet been sufficient legal/regulatory change to fix the problem, although it has ameliorated. The scammers' tech isn't ahead of the industry, but they just have to stay ahead of the FCC.
If telephony were a free market, I suspect the problem would have been solved long ago, as AT&T and the other tier 1s would have used their market power to enforce STIR/SHAKEN (or similar) worldwide, and simply drop all traffic from non-compliant or fraudulent telcos. Another example of how "consumer protection" regulation really hurts everyone.
The MagicJack service turns your landline phone into an Internet phone for $43 a year. The device itself is $50, though they have periodic giveaways. I haven't gotten a single spam call since. I just had to turn on “Automated Call Screening” in my account settings. This means callers have to tap a number before getting connected, such as "3" or whatever it is at that moment. Spammers can’t tap because they use auto dialers. Setup involves plugging in the MagicJack device, about the size of a fat thumb drive or memory stick. All you do is connect a phone cable between your phone and the MagicJack, then connect the other cable to your router/modem.
An old friend of mine fell for the Windows scam. It is just a typical Ransomware scam, they install TeamViewer and install some locker tool, and then demand money to remove it, by Bitcoin.
So what they want from you initially is access to your computer? That was one of my guesses but I didn't have any direct observation.
I keep my old university email for quite a few things, and a few years ago I noticed that warnings pop up from time to time asking if I'm sure what I just opened is a real email. Sometimes it is, sometimes it's a phishing or scamming attempt. It seems to be relatively effective at at least noticing unusual emails.
I have been doing internet and computer security for decades. I receive a lot of fraudulent e-mails and phone calls - and in general, I don't answer phone calls from unknown numbers unless I am expecting a call from that particular area code in a time period of interest. And my work e-mail gets lots of marketing contacts trying to sell me or my company various business services. I bit bucket everything and I don't try to be polite. As for generated compromising images, there is nothing that anyone can do to prevent it, so ignore it. That will probably be a big thing for a year or two, but it will be over-exploited and people will learn to ignore it - and in the process ignore real issues. Frankly, if someone was worred about images / video of some activity leaking, probably the wisest counter would be to generate a wide number of variants and spread them as well. And then deny everything and let reasonable doubt and justified distrust of sources deal with the issue.
Have you come across any interesting scams that I don't cover?
There is the Nigerian money scam, which is still going around. I ran across that the first time in the 90's. And there is a call by an 'IRS agent', I got one of those a few weeks ago. And there are perpetual 'your account has been suspended' at Amazon, name your bank, .... e-mails with links to follow to compromise you. And there are a number of 'please log in to confirm your ______ requests' - some of those could be legitimate, but if they provide a link I would not follow it. Log into the account independently.
One small nit regarding the possibility of capturing both camera and simultaneously capturing screen content. If an attacker has one, they almost certainly have both. However, unless it was some type of live call, they would indeed be separate feeds that would have to be merged in post.
My point was that the separate feeds would not be evidence that you had watched porn, since it doesn't show that the screen content is from your screen.
I have real pictures so send money!
What you ask? OH, you know, don't you? lol