I think we should treat people who get scammed and come out and talk about it like heroes. And this is important: no matter how "obvious" the scam might seem in retrospect or from the outside of the community it prey'd on.
The more I look at scams the more I think this is major factor in how they keep going and keep coming back.
People should not be ashamed of being scammed. Grifters' tricks are designed to bypass your critical thinking skills, and they can get you no matter how smart you are.
Different tricks for different people.
Yes. YOU would never have fallen for that, but there are things you would fall for.
@jjLitke @futurebird @suetanvil I've gotten scammed by being too tired and just kind of mindlessly doing what was asked of me, in ways that I couldn't even explain in the light of day.
I wonder what the mental health toll is for a region of people who have to constantly be knives out for scams, how that exhausting vigilance erodes your sense of safety and community as a population.
I think the sociologists and anthropologists could tell us! Iirc there’s a big difference between high trust and low trust societies.
More vaguely… middle trust isn’t stable, high and low trust are attractors? The compromise is high trust only in in groups? (And that can get broken.) Trade and technology depends on trust a *lot*?
*Oof*.
I wonder if that's the end state of in-group trust, or the vulnerability that breaks it, or what.
There's also a lot of stuff on what maintains trust and IIRC big candidate is swift reliable universal punishment of trust-breaking. You can let people make amends and get back in (maybe you have to? i forget) but you gotta actually punish.
I think we should treat people who get scammed and come out and talk about it like heroes.
Agree.
From a couple of days ago, a hidden number, I answer only with hello then wait. This is paypal , did not use my name about money booked from your account, 500 Euros, press 1 to connect to accounts department.
I just kept quiet and waited to see if a human would try and talk me in to revealing some information.
Had I answered with my name that number could be sold as confirmed.
The problem: American society gives scammers not just a free pass but status and admiration instead of isolation and shame.
In the world of power and business, scamming people is elevated to high art, everything from endless TOS no on can read to bait and switch ad campaigns to free offers that roll into locked-in subscriptions to insurance companies denying the plain service they sold you to … the list is endless. And the men (mostly) who do this are lauded, followed, even made president. And then on the other end of the scale all kinds of dodgy hustles are accepted in communities that don’t see what other choice they have.
As with most social ills, shaming the perpetrators - especially the wealthiest, most prominent, most ‘white-collar” - and throwing the book at them in proportion to their wealth will work better.
So yes, making them the slimiest of slimy low-lifes requires de-stigmatizing victims so they can speak openly.
I think you mean scam artists only get punished if they aren’t wealthy…
@futurebird I agree emphatically.
Thinking about the org context: It's impossible to build a culture of better security while also reinforcing a culture if personal fear and shame for being scammed. It's not your fault someone lied to you. Compensating controls are the responsibility of the organization; the staff responsibility is to follow procedures, and the procedure should invoke the compensating control. That is a completely different concept than "don't get scammed or it's your bad."
@RealGene @futurebird That's interesting, I think you're seeing different scams than I am. I've gotten roughly the same number that claim my McAfee has auto-renewed, and... I'm not sure what the scam is from there; as another McAfee non-user, I just delete them. I guess I'm supposed to log in to some page to dispute it? And maybe they mean to steal my credentials?
Anyway, I think sharing info about scams is another mutual defense method, hence my reply.
@kagan @futurebird
> I guess I'm supposed to log in to some page to dispute it?
Exactly. They'll then encourage you to call a toll-free number and get whatever they can.
Absolutely 👏
Embarassment and fear of derision from others helps scammers, scammers count on it.
The reason why people fall for most scams is that, as you write, we have an entire business ecosystem set up to encourage scams. This isn't a design problem: it's set up this way because business scams us at every level.
When someone pushes on a physical door instead of pulling (or the reverse) it's not because they are lazy, it's because the door is badly designed. But not all doors are. For business, all doors are because it's purposeful.
@AnachronistJohn @futurebird The only way to be (reasonably) sure is to call back and for emails to go to their page and interact from there. Every other solution, you are taking a risk. If people don't know this, they should be told. If people know this and risk getting their money stolen, then when it gets stolen, we are entitled to a "told you so".
Yes, there are things businesses should stop doing/do differently, but in the meantime, ignoring your safety just cause it's not fair that you need to go to all this trouble is just plain stupid.
Btw if people stopped responding to cold calls en masse, businesses would stop doing it. I'm not getting any by now because I probably got on a list of "don't bother, doesn't take calls". Mum gets at least one a day. Last time I actually picked one up (was waiting for a call), I told the caller I'm not interested right after the intro, and she got snarky saying "what you don't have two minutes" to which I replied "what the fuck" and put it down. I can count on one hand the number of people I know who would "dare" put it down like that, which is a major fucking problem, esp with the older, polite generation, who fairly blanched at work when I complained of it. But if it happened more often, the harassment would stop.
@AnachronistJohn "Most people, I think, just need better information."
This is also a good argument for teaching people to look at domain names (+HTTPS) before clicking.
"yet the URL actually starts with "walmartbpr.srvys.io"? Are people supposed to know how to deal with this?"
Because no one is reminding them of its significance and that the spelling matters.
"Why should it be incumbent on users and not corporations to be more careful?"
Because HTTPS (TLS+PKI) was meant to be the verification scheme for end-users to verify who they are communicating with. The user gains a great deal of power (verified Internet communications!) in exchange for a few seconds of acting responsibly – looking at the domain. You seem to be asking why a corp can't be in the middle being responsible for us; well that role sort of belongs to CAs but if you want it to be more convenient than that then you're asking for legalized MITM (and being treated like a child).
Most Internet security schemes meant to replace or wallpaper over PKI are trying to remove some element of irreducible complexity in the problem, with the goal of reducing remote communications to an invisible, mindless process.
@futurebird So you remember end of April when I had a scammer supposedly part of the (Name of my bank) Fraud Unit latch on. I posted about it then. It was a shocking experience. The scammer had my legal name, address and knew I did my banking there and had a money market account. They did not ASK me to reveal anything. I thought it was for reals. They told me only 14 money market accounts there in different branches were involved. That it was an inside job with one staff arrested. They were quietly looking to see if there were accomplices.
Yes I did what was requested. Withdrew my money at bank and started a new account there but used a special acct # as requested “that would be masked” so an employee couldn’t discover it for a week. This was required to protect me. I felt really uneasy but well , my money was saved from fraud.
Drove out of parking lot and still felt really bad so called son who was traveling on business. He called the bank and guess what, there’s no Fraud department. Drove back to bank 20 minutes later. Was able to stop transfer. Started all 4 brand new accounts. Froze my credit at 3 big credit bureaus. I was told likely need at least a year because the scammer had enough added info now they likely sold my info. I’m damn lucky to have saved my money and no loss. Yikes.
I like the word "exposed" for this. It's heroic to expose a scam, especially for those who had been victims. We should applaud this.
Had an interesting discussion regarding why so much spam is OBVIOUSLY fake.
It is because they are also building a contact list of the more easily fooled.
@futurebird I occasionally drop in on /r/scams and the folks there are pretty good at not being judgy towards people who've been scammed, particularly serious long-term cons like romance scams.
I think it's important for everyone to keep in mind many scam victims aren't being greedy or trying to cheat the system or whatever; often it's just that they really want a job, or love and affection. Or, worse, it's one of those scams that uses urgency and panic, like "your phone will be cut off" or "you'll be arrested" or even "your loved one is being held hostage".
I think there are two types of scams.
There are those who try to get under peoples skin and try to catch them unaware or exploit their trust.
And there are those who target greedy people. There's a lot of "get money without putting in the work" schemes out there. The entire cryptocurrency bubble for example. Or any other ponzy scheme.
Scams are embedded in the very fabric of society.
Republicans are stirring up Trans panic to get evangelicals to vote. Evangelicals have a worldview that women must remain underpaid or unpaid labor to society & to men.
Just as they were "outraged" by a black president and the possibility of female presidential candidates, they were "outraged" by blacks who could "pass as white" and Latinos who were perfectly bilingual.
You can't do wage suppression without superficial bigotry.
@futurebird agreed!
also expose the people who avoided a scam by being like "no I won't send $100 to my nephew in distress"
@futurebird i always find it funny when people think they’re smarter than the scammers
https://youtube.com/@JimBrowning makes videos on how the scammers operate and how he stops scamming operations, but even he has been scammed before
its only a matter of time before someone is scammed
myrmepropagandist
Chris [list of emoji]
JJ Litke
Raven667
clew
@pineywoozle ‘s #3WordNote
Damon L. Wakes
Ighostrider
Loohoosaher
sahqon
sabik
Dave Wilburn 
Kerplunk
noplasticshower
Anybody's King (Scrummy)
Steven G. Harms
David Mitchell 
Gadfly (-booq-)
🔶Mark Nicoll 3.5%🏴🇬🇧🇪🇺🇺🇳
Robin Barton
Jessica D Dooley
RealGene ☣️
Kagan MacTane (he/him)
Cy
Ana
FediThing 
Sarah E Bourne
Bitslingers-R-Us
Rich Puchalsky ⩜⃝
K M Lawrence
MostlyTato
wyngman
cobalt
sillyplasm!
Vincarsi
Seán Fenian
Coach Spore Diesel
Chancerubbage
CM Thiede
👩🦯The Blind Fraggle
neville park
Billiglarper
DEY!
Nicole Parsons
Fish 🦈
David Benqué
Baron Vonskinnback
LogicalErzor