Mastodawn

myrmepropagandist Sep 28, 2025

I think we should treat people who get scammed and come out and talk about it like heroes. And this is important: no matter how "obvious" the scam might seem in retrospect or from the outside of the community it prey'd on.

The more I look at scams the more I think this is major factor in how they keep going and keep coming back.

Show thread

Bitslingers-R-Us Sep 28, 2025

@futurebird I've spent a good bit of time studying why people fall for scams and why they don't listen to advice.

Some people are genuinely lazy and don't want to be bothered, but luckily they're in the minority. Most people, I think, just need better information.

Large companies, unfortunately, are actively working to make phishing easier by moving away from having real humans and by behaving more and more like phishers, which makes even good information less helpful to people.

Big businesses want people to be OK with getting phone calls from automated systems where we can't talk with humans and the "bot", if we can even interact with it, is dumber than a log. They expect us to authenticate ourselves to them when they call us. They make it either impossible or extremely time consuming to even talk to a human.

So when you tell people to never believe caller ID, to not believe any calls, to call a company back if you think they're actually trying to call you, it's understandable that they don't want to spend (sometimes literally) hours doing that.

The same goes with email. I tell people to not click links in email if they can help it. If they have reason to think the email might be legitimate (that is, they're expecting the email), I tell them to copy and paste the link in to a browser window and look at the URL. But what are people supposed to do when a link says "Walmart" (because email clients these days are basically web browsers), yet the URL actually starts with "walmartbpr.srvys.io"? Are people supposed to know how to deal with this?

This happens with banks, medical institutions, stores...

So how do we educate people to be careful when it's the opposite of what businesses are doing? Why should it be incumbent on users and not corporations to be more careful?

Show thread

sahqon

@AnachronistJohn @futurebird The only way to be (reasonably) sure is to call back and for emails to go to their page and interact from there. Every other solution, you are taking a risk. If people don't know this, they should be told. If people know this and risk getting their money stolen, then when it gets stolen, we are entitled to a "told you so".

Yes, there are things businesses should stop doing/do differently, but in the meantime, ignoring your safety just cause it's not fair that you need to go to all this trouble is just plain stupid.

Btw if people stopped responding to cold calls en masse, businesses would stop doing it. I'm not getting any by now because I probably got on a list of "don't bother, doesn't take calls". Mum gets at least one a day. Last time I actually picked one up (was waiting for a call), I told the caller I'm not interested right after the intro, and she got snarky saying "what you don't have two minutes" to which I replied "what the fuck" and put it down. I can count on one hand the number of people I know who would "dare" put it down like that, which is a major fucking problem, esp with the older, polite generation, who fairly blanched at work when I complained of it. But if it happened more often, the harassment would stop.