Users are persuaded in chats initiated by the hackers to divulge security verification and pin codes, giving them access to personal accounts and group chats, they said in a statement.
So we’re talking about the most basic social engineering. Nothing clever or novel. The kind of thing only your grandparents would fall for these days. Solid PSA 👍
I agree, except I’d say it isn’t helpful to shame people who fall for this stuff by claiming only your grandparents would fall for it. It discourages victims from getting help or sounding the alarm.
I know you probably didn’t mean it like that, but yeah. Anyone can fall for this stuff, especially when they come up with a new angle. You don’t know what you don’t know, and these things are designed to trick you, and all it takes is one mistake.
Now ideally, I’d expect more from govt officials or journalists… But I’d still hate for an official to keep quiet about something because they’d rather not face the public backlash, or delay coming forward so somebody can take action to fix things.
I can see your argument has values in many situations.
But shame and ridicule are important social tools to shape behavior. Especially behavior of people with power and influence. Calling out dumb shit as dumb shit, is just as important as basic digital training thease people.
The kind of thing only your grandparents would fall for
But evidently not.
Last week I helped someone navigate their bank’s tech support to regain access to an account they’d been locked out of. I believe the bank was having some technical difficulties that they weren’t admitting to (or which the support people weren’t even aware of). Many standard approaches did not work, and we kept getting escalated. The top person we talked to eventually asked for some information that didn’t conform to the usual security question / answer format (“What year what the account opened?” for a ~50 year old account that had been opened many bank mergers ago) and wound up reading us a new password over the phone.
This approach alarmed me, it seemed to violate some security rules of thumb that I thought I understood. But this is what the bank does, sometimes. Given the sort of nonsense that goes on legitimately sometimes, expecting the general public to understand which information flows to be suspicious of – expecting them to think in terms of information flows at all – may be asking too much. We’d all hope journalists would be more savvy, I guess, but “government officials?” Nope. I used to think “Oh, I wouldn’t fall for that” when I read stories like these, but now I’m less sure.
So we’re talking about the most basic social engineering. Nothing clever or novel. The kind of thing only your grandparents would fall for these days. Solid PSA 👍
I agree, except I’d say it isn’t helpful to shame people who fall for this stuff by claiming only your grandparents would fall for it. It discourages victims from getting help or sounding the alarm.
I know you probably didn’t mean it like that, but yeah. Anyone can fall for this stuff, especially when they come up with a new angle. You don’t know what you don’t know, and these things are designed to trick you, and all it takes is one mistake.
Now ideally, I’d expect more from govt officials or journalists… But I’d still hate for an official to keep quiet about something because they’d rather not face the public backlash, or delay coming forward so somebody can take action to fix things.
I can see your argument has values in many situations.
But shame and ridicule are important social tools to shape behavior. Especially behavior of people with power and influence. Calling out dumb shit as dumb shit, is just as important as basic digital training thease people.
Are all these officials and journalists grandparents? Or are real people still more gullible than you’d hope?
Real people are gullible in the sense that it’s way easier to notice trouble when it happens to others than when you’re at the center of it.
The triggers for recognition change alongside perspective so it’s harder to notice something you see as a 3rd person when viewed in 1st person.
No need for ageism. They’re not grandparents.
They’re imperial officials and journalists. Stooges. What else should we expect?
50/50 maybe
Not sure
But evidently not.
Last week I helped someone navigate their bank’s tech support to regain access to an account they’d been locked out of. I believe the bank was having some technical difficulties that they weren’t admitting to (or which the support people weren’t even aware of). Many standard approaches did not work, and we kept getting escalated. The top person we talked to eventually asked for some information that didn’t conform to the usual security question / answer format (“What year what the account opened?” for a ~50 year old account that had been opened many bank mergers ago) and wound up reading us a new password over the phone.
This approach alarmed me, it seemed to violate some security rules of thumb that I thought I understood. But this is what the bank does, sometimes. Given the sort of nonsense that goes on legitimately sometimes, expecting the general public to understand which information flows to be suspicious of – expecting them to think in terms of information flows at all – may be asking too much. We’d all hope journalists would be more savvy, I guess, but “government officials?” Nope. I used to think “Oh, I wouldn’t fall for that” when I read stories like these, but now I’m less sure.