I have a landline and a cell phone. Calls on the landline number, which I have had for much longer, are almost never from people I want to call me, usually scams. They, plus my much larger volume of scam emails — I have never been very careful about concealing my email address — give me a first-hand picture of ways of swindling people enabled by the Internet.
I used to have AT&T as my Internet provider. They outsourced some of their functions, such as e-mail, to Yahoo. There was a time when I was having e-mail problems, and tried to get technical support. I couldn't find any through AT&T, so I looked for a Yahoo Web site. The one I found had someone who asked me for information that would have given them access to my computer, in a way a reputable help line (such as Apple's) never asks for. As far as I could tell, Yahoo does not maintain any actual help line; there are only fraudulent pretenses at being Yahoo. That didn't cause me to drop AT&T, but when I decided to do so for other reasons, I counted being free of Yahoo as a fringe benefit.
I should add that you ignored the whole category of "Romance Scam" where someone befriends a recent widow or (usually female) recent divorcee and convinces them to hand over significant amounts of money.
One of the huge advantages of modern technology is that it has massive reduced the cost of communicating with people around the globe. Unfortunately that huge advantage is a huge advantage for bad people too. So now it is possible for almost zero cost to contact millions of people with a scam and hand the suckers that reply on to someone to process further. I have no doubt that AI will be used for some of the intervening layers too now so that an actual human criminal only needs to get involved when the sucker has been properly hooked
All fine examples. Technology can also prevent scams, of course, but sometimes the legal and social world can't move fast enough to implement the preventative tech. There is an asymmetry, because scams can often prey on the weakest link in the chain, whereas prevention requires all the links to be strong.
Telephone fraud is a good example. AT&T (or whoever your provider is) do not want scammers making nuisance calls to your phone. It degrades the value of their service to you, and makes you less willing to pay. If they found out one of their subscribers was making nuisance calls, they would kick them off sharp. And they have the technology to find out what their subscribers are up to.
But just 2% of robocalls originate from major carriers like AT&T. Scammers are typically on unscrupulous or incompetent telcos, in countries with dubious governance. This allows them to abuse the SIP protocol, misrepresenting their identity, and to evade consequences when they are caught. There are plenty of technological fixes (STIR/SHAKEN is the one the FCC has chosen), but there hasn't yet been sufficient legal/regulatory change to fix the problem, although it has ameliorated. The scammers' tech isn't ahead of the industry, but they just have to stay ahead of the FCC.
If telephony were a free market, I suspect the problem would have been solved long ago, as AT&T and the other tier 1s would have used their market power to enforce STIR/SHAKEN (or similar) worldwide, and simply drop all traffic from non-compliant or fraudulent telcos. Another example of how "consumer protection" regulation really hurts everyone.
The MagicJack service turns your landline phone into an Internet phone for $43 a year. The device itself is $50, though they have periodic giveaways. I haven't gotten a single spam call since. I just had to turn on “Automated Call Screening” in my account settings. This means callers have to tap a number before getting connected, such as "3" or whatever it is at that moment. Spammers can’t tap because they use auto dialers. Setup involves plugging in the MagicJack device, about the size of a fat thumb drive or memory stick. All you do is connect a phone cable between your phone and the MagicJack, then connect the other cable to your router/modem.
An old friend of mine fell for the Windows scam. It is just a typical Ransomware scam, they install TeamViewer and install some locker tool, and then demand money to remove it, by Bitcoin.
I keep my old university email for quite a few things, and a few years ago I noticed that warnings pop up from time to time asking if I'm sure what I just opened is a real email. Sometimes it is, sometimes it's a phishing or scamming attempt. It seems to be relatively effective at at least noticing unusual emails.
I have been doing internet and computer security for decades. I receive a lot of fraudulent e-mails and phone calls - and in general, I don't answer phone calls from unknown numbers unless I am expecting a call from that particular area code in a time period of interest. And my work e-mail gets lots of marketing contacts trying to sell me or my company various business services. I bit bucket everything and I don't try to be polite. As for generated compromising images, there is nothing that anyone can do to prevent it, so ignore it. That will probably be a big thing for a year or two, but it will be over-exploited and people will learn to ignore it - and in the process ignore real issues. Frankly, if someone was worred about images / video of some activity leaking, probably the wisest counter would be to generate a wide number of variants and spread them as well. And then deny everything and let reasonable doubt and justified distrust of sources deal with the issue.
One small nit regarding the possibility of capturing both camera and simultaneously capturing screen content. If an attacker has one, they almost certainly have both. However, unless it was some type of live call, they would indeed be separate feeds that would have to be merged in post.
I used to have AT&T as my Internet provider. They outsourced some of their functions, such as e-mail, to Yahoo. There was a time when I was having e-mail problems, and tried to get technical support. I couldn't find any through AT&T, so I looked for a Yahoo Web site. The one I found had someone who asked me for information that would have given them access to my computer, in a way a reputable help line (such as Apple's) never asks for. As far as I could tell, Yahoo does not maintain any actual help line; there are only fraudulent pretenses at being Yahoo. That didn't cause me to drop AT&T, but when I decided to do so for other reasons, I counted being free of Yahoo as a fringe benefit.
I should add that you ignored the whole category of "Romance Scam" where someone befriends a recent widow or (usually female) recent divorcee and convinces them to hand over significant amounts of money.
This kind of thing has actual call centers and (sadly) often the people working the call centers are effectively enslaved by others and are just as much victims as the people they scam - see articles on "pig-butchering" e.g. https://www.vice.com/en/article/n7zb5d/pig-butchering-scam-cambodia-trafficking
As a PSA if someone has been scammed like this, the following is a good resource to get help
https://avahoutreach.org/
One of the huge advantages of modern technology is that it has massive reduced the cost of communicating with people around the globe. Unfortunately that huge advantage is a huge advantage for bad people too. So now it is possible for almost zero cost to contact millions of people with a scam and hand the suckers that reply on to someone to process further. I have no doubt that AI will be used for some of the intervening layers too now so that an actual human criminal only needs to get involved when the sucker has been properly hooked
All fine examples. Technology can also prevent scams, of course, but sometimes the legal and social world can't move fast enough to implement the preventative tech. There is an asymmetry, because scams can often prey on the weakest link in the chain, whereas prevention requires all the links to be strong.
Telephone fraud is a good example. AT&T (or whoever your provider is) do not want scammers making nuisance calls to your phone. It degrades the value of their service to you, and makes you less willing to pay. If they found out one of their subscribers was making nuisance calls, they would kick them off sharp. And they have the technology to find out what their subscribers are up to.
But just 2% of robocalls originate from major carriers like AT&T. Scammers are typically on unscrupulous or incompetent telcos, in countries with dubious governance. This allows them to abuse the SIP protocol, misrepresenting their identity, and to evade consequences when they are caught. There are plenty of technological fixes (STIR/SHAKEN is the one the FCC has chosen), but there hasn't yet been sufficient legal/regulatory change to fix the problem, although it has ameliorated. The scammers' tech isn't ahead of the industry, but they just have to stay ahead of the FCC.
If telephony were a free market, I suspect the problem would have been solved long ago, as AT&T and the other tier 1s would have used their market power to enforce STIR/SHAKEN (or similar) worldwide, and simply drop all traffic from non-compliant or fraudulent telcos. Another example of how "consumer protection" regulation really hurts everyone.
The MagicJack service turns your landline phone into an Internet phone for $43 a year. The device itself is $50, though they have periodic giveaways. I haven't gotten a single spam call since. I just had to turn on “Automated Call Screening” in my account settings. This means callers have to tap a number before getting connected, such as "3" or whatever it is at that moment. Spammers can’t tap because they use auto dialers. Setup involves plugging in the MagicJack device, about the size of a fat thumb drive or memory stick. All you do is connect a phone cable between your phone and the MagicJack, then connect the other cable to your router/modem.
An old friend of mine fell for the Windows scam. It is just a typical Ransomware scam, they install TeamViewer and install some locker tool, and then demand money to remove it, by Bitcoin.
I keep my old university email for quite a few things, and a few years ago I noticed that warnings pop up from time to time asking if I'm sure what I just opened is a real email. Sometimes it is, sometimes it's a phishing or scamming attempt. It seems to be relatively effective at at least noticing unusual emails.
I have been doing internet and computer security for decades. I receive a lot of fraudulent e-mails and phone calls - and in general, I don't answer phone calls from unknown numbers unless I am expecting a call from that particular area code in a time period of interest. And my work e-mail gets lots of marketing contacts trying to sell me or my company various business services. I bit bucket everything and I don't try to be polite. As for generated compromising images, there is nothing that anyone can do to prevent it, so ignore it. That will probably be a big thing for a year or two, but it will be over-exploited and people will learn to ignore it - and in the process ignore real issues. Frankly, if someone was worred about images / video of some activity leaking, probably the wisest counter would be to generate a wide number of variants and spread them as well. And then deny everything and let reasonable doubt and justified distrust of sources deal with the issue.
One small nit regarding the possibility of capturing both camera and simultaneously capturing screen content. If an attacker has one, they almost certainly have both. However, unless it was some type of live call, they would indeed be separate feeds that would have to be merged in post.
I have real pictures so send money!
What you ask? OH, you know, don't you? lol