Posted by walterbell 17 hours ago
The hook was that you pre-pay some amount, do some trival work, then get like 500% return on your "investment". So they filter+train their mark by having them sign up for whatever financial transfer workflow, and figure out how gullable they are by giving them some payouts. A big part of this is some chat-group where lots of other fake-workers post comments saying how nervious/risky it seems and how sometimes the payment is delayed but they all eventually get paid. Eventually they let the mark sign up for some high-value amount, like equivalent of a few thousand USD. When the mark doesn't get paid, they contact the "technical support" team that then tries to social engineer the victim to loose even more money transferring funds the wrong direction (the scammers picked financial apps that make this mistake easiest).
I kind of find it unbelievable that people fall for this stuff, but the obvious proof is that enough people do :(
I remember reading a headline that being poor is equivalent to losing about 5 IQ points. Don’t know how true that is, but my intuition tells me that most people financially struggle, spend a lot of extra time worrying about money, and in general act a little more desperate and would be a little more aware/skeptical if their stress + financial situation allowed it.
After a few years working in cybersecurity, I viewed EVERYTHING through the lens of “is someone lying to me?”. Emails, text messages, downloading software from a website/App Store, job offers, investment opportunities, etc.the surface area is limitless. There’s exactly zero chance that even an experienced professional with excellent eyesight, who reads up on the newest scams, who doesn’t have lots of family / social events to care for, etc will never get hacked/scammed.
Even in the cybersecurity industry, almost all companies have abandoned the idea that there will never be a breach, and have moved towards thinking about resiliency, where any breaches that do happen are minimized or closed quickly/automatically.
That’s a lot of words to say: even though I thought I would never get scammed, once I spent more time educating myself about how it happens, it seems obvious to me that scams work a percentage of the time and the scale of attempts is enormous.
And incredibly, someone usually is. Most software download sites have so many UI elements saying "Download", on their downloads page, but only one of them is the legit software you want, and others are some random software that paid money to the website to be there to... probably try to get themselves installed and scam you some more.
I just checked the Google "play" store: searching for "Temu" (I know, dumb, but there was an ad on the main screen of the store), in the page of search results, the first install button is for the sponsored Alibaba app...
Even billion dollar businesses are... trying to scam you. "Don't be evil" no more indeed.
PS "full self-driving", also a scam..
Some government forms and processes for poor people assistance I've seen (and I imagine that forms and processes for new immigrants may be similar)... some of it is insanely kafkaesque, implemented with incompetence/indifference in both official communications/documentation, and sometimes on an individual human representative basis, with the effect of making no sense at all.
So I'm not at all surprised if someone who doesn't understand how some category of things works in reality, is easily tricked into believing a scam. Because the scammer is no more ridiculous than some of the official government bureaucracy they've been subjected to.
(BTW, I'm not anti-government. I support what some would call "big government". I'm only horrified at how poorly done it sometimes gets in the details. I know that, when it is done poorly, it is going to have very real negative effects on people's lives, including on the least powerful. I believe in good, big government.)
The first is that politicians want to get credit for creating the program, but also don't want it to cost a lot of money. Their incentive is to create a program that sounds good but does and therefore costs as little as possible. But making it obvious that it doesn't do much compromises the "sounds good" requirement, so instead they make a bunch of complicated rules and barriers that keep the price tag low but in a way which is difficult to understand. Relatedly, the people administering the programs are often under orders to accept some particular number or proportion of claims, again for budgetary reasons, and then if there are too many they have to start fabricating barriers themselves.
The second is that there is no accountability mechanism. Some majority of voters support the idea of the program, but they've been assured that it was created and exists and have no idea what a mess it is, and only a small minority are recipients. So if things are unintentionally broken, they don't get fixed, because the majority isn't aware of the problem and that's the only thing that gets politicians to address it.
It's not because of politicians opposed to the program. If politicians opposed to the program have a controlling majority then they simply repeal it. It's the politicians who support the (pretense of) the program who screw it up.
This is one of the reasons why complicated systems with many overlapping benefits each with their own application process and phase out rates are so ineffective, and the better way to address this is with simple direct transfer payments like expanding the EITC or a negative income tax.
Oh thank you for highlighting that, I've had some instance where I'd suddenly have the urgent feeling that something I'm experiencing is a hoax and I couldn't tell why this suddenly surfaced back then, but I guess years of exposure to security does that to one.
Later, I think I stretched the thought exercise to start identifying new business opportunities (trying to find value in protecting against each of those things I identified).
At the same time I grew “professionally paranoid”, I was learning about epistemology and skepticism (to try to understand the cultural and political changes of the last decade). It’s been a wild ride.
Poor people also spend a lot of time using cash equivalents rather than credit.
There is a big advantage to using credit. For example, I don't worry too much about fraud on my credit card as the reversibility means that the banking system is taking care of it. If a suspicious transaction hits my ATM card, the bank absolutely jumps on it since it simply doesn't match my patterns of usage.
On the other hand, if you are using your ATM card or cash transfer apps all the time, you're a ripe target for getting scammed. The protections are much weaker and the reversibility (if any) is much worse.
This doesn't even get into the fact that, as a poor person, the people you are transacting with are also stuck in the same system for various reasons of various levels of dubiousness.
I generally look at risk as a two-dimensional graph, with the axes being Probability and Severity, and the action strategies as being Prevention, Mitigation, and Remedy.
If we get realistic about likelihood and impact, we can figure out how to reduce the damage.
One trick a wealthy friend of mine uses, is keeping a small checking account, that he fills with just enough cash from his brokerage, so that even if his cards/accounts get pwned, he can't lose that much.
I just received a monitor at no-cost because the first one I bought had a hardware defect - the company didn’t respond to my attempt to contact them, so I returned it to amazon and left an accurate review. The seller followed up and sent me a non-broken one. If I’d ignored this, not only would I be down a monitor, I’d have just assumed the entire product category - of which there seems to be only a single supplier (16” 2880x1800 AMOLED monitors that match up perfectly to 27” 5K monitors when placed in portrait mode) simply wasn’t workable with my setup for whatever reason.
My dentist recently called to reschedule an appointment. I could have insisted that I call them back, but that just wastes everyone’s time for a conversation that has no real scam potential.
But ultimately, it’s a heuristic and is imperfect.
One example thing which bypasses weakness to this heuristic: when you import a programming language library or a “curl pipe bash”: how much research do you do to verify the authenticity of the library, the security of the package and contributors, that you didn’t typo and accidentally install a lookalike malware, etc? And then every time you take an action which updates the same thing, are you equally as rigorous and vigilant as the first time?
(I have had a few fraudulent charges on my credit cards but I don't really consider those to be scams and they're easy to resolve.)
For example, we're insanely good at pattern matching, but the flip side to that is we're not effective at spotting the rare subtle difference.
At the risk of accidentally demonizing the poor, I remember reading a think piece that could be summarized as “morals/ethics are a luxury only the rich can afford.” The gist is that if you can’t afford to quit your job on the spot and not worry about paying rent this month, you will always be victim to your boss’s unethical actions lowering your ethical standards.
As an engineer, I have frequently challenged myself to empathize with the VW emissions scandal engineers, who were pressured to meet unrealistic emissions and deadlines. The managers didn’t have to explicitly tell them to build emissions testing defectors — they came up with that as an engineering solution to the requirements they were given. I ask myself: at what point would you have quit, and hopefully told the authorities?
Also more recent example is the staff of the submarine that went down to the site of the Titanic and imploded. The CEO was apparently an unbelievable bully and took extraordinary risks, but the staff didn’t quit. One of them was a Scottish immigrant who moved his whole family to take the job. He was also worried about being blacklisted from the entire private sector submarine industry. There was a lot of friction to being able to exercise his highest ethical standards.
Thailand is more or less at war with Cambodian war lords, who have tens of thousands of poor English speakers from around the world living in captivity, their passports taken away, running long term scams over the internet. When they have no money and no power to run, is it fair to blame the low level scammers for having fallen for a job scam months or years ago?
The more financial pressure you are under, the more likely you are to tolerate an unethical environment.
Also the initial "tasks" the mark performs are worth only like a few USD. not worth anybody's time except for certain types of vulnerable people who not-coincidentally make good victims.
Its sad that these scams are so widespread today that a heavy handed approach like this is necessary. Unfortunately doing these attacks is incredibly cheap :(
The final solution was disabling the ATM network durimg night, except the ones located in safe places. Showing you are drawing money in a hurry in a lone hut in the night was a bad idea, anyways.
Why did they visit multiple ATMs?
Unfortunately, whenever governments try to solve the wrench attack, they do so by removing the end user's control over their own stuff.
To be honest, in my country I can also transfer all my liquid money (not countings stocks etc) with just my phone. The difference is that i'm not afraid of being kidnapped (it's safe here). And anyway, how much does normal person hold in the cash account? People living month-to-month don't have much anyway, while people with savings usually keep them in stocks/bonds/etc.
It’s also a different kind of enemy. The biggest crime organization in Brazil has switched their primary focus from drug running to financial scams. They invest millions and set up legitimate companies with hundreds of employees to facilitate these schemes.
They can certainly try. I’ve had a handful of legit fraud instances on my accounts, banks detecting before I do has been close to a coin flip. On the other hand, I’ve had at least an order of magnitude more false positive detections of fraud.
1. Banks need to own the risk, not the customer 2. Banks need to spend to defend 3. Laws need to make organized fraud catastrophically criminal.
There is a reason Singapore does not have this problem.
> It hit a record high last year, with $190.9 million stolen in such scams, more than five times the $36.9 million lost in 2019.
Can't find more recent concrete figures in a minute or two but their police are busting balls through international collaboration in 2025 so they must have a big problem still: https://therecord.media/asia-scam-center-takedowns-singapore...
I've seen bank defending people before with my own eyes. I was at a local branch doing some business and there was an old lady wanting to withdraw something like $50k to "pay a mortgage" or something, it was obvious she was scammed, the bank blocked her transaction and the teller was explaining to her she was scammed, and the old lady was shouting at the teller saying it was her money and they had no right to stop her. That's the thing, a lot of scam victims really don't believe they're scam victims until it's too late, and "it's their money, the bank has no right to stop them".
As emergency measures usually are.
Thailand doesn't want foreigners holding accounts. They've cranked up the requirements over time. It used to be possible to open an account as a tourist and now you're lucky to be able to get one on any visa that isn't attached to a work permit or PR.
2. The kind that try to reside in Thailand long term but don't want to file for immigration, so using various loopholes like the "Visa dash" or paying for Thai language classes with no attendance or requirements to attend the class. Lots of drop shippers are doing this and are dodging incorporation taxes in Thailand
3. The kind that come to only train Muay Thai or BJJ, but don't contribute to the rest of the economy (I'm guilty of this). Living and training exclusive at a Fairtex or a Sityodong isn't percolating capital in the rest of Thailand.
All 3 of these types of expats and tourists are barely spending $500/mo in Thailand after rent or hotel spend, and simply don't contribute to the Thai economy to the same degree the other sectors of the economy are. The only reason those 3 types of tourists are tolerated is because the businesses they patronize are overwhelmingly owned by local politicians and give them pocket change, but aren't actually useful from an economic perspective, because it has depressed wages, and exacerbated organized crime.
Heritage and upscale tourism is a separate story, because the premiums that can be demanded and the wages and skills needed incentivize upskilling as well as building a white money local ecosystem.
It's still the early stages, but Thailand is going to unavoidably be entering into demographic collapse over the coming decades. So tourism, especially when it results in attracting lawful/educated/etc long-term residents, provides more than however much money people can spend.
Of course Thais themselves just need to start having a lot more babies, but it's not looking like that's going to happen. The whole world is going to look so different in 50 years, even if literally nothing whatsoever changed from a technological POV. Fertility issues are going to radically reshape the entire world and the balance of powers, perspectives, even religions, and much more.
1. So what? Are you the kind of guy who wants "quality tourists" and then cries when tourism indicators are down several months in a row?
2. Whose fault is that? Give me a path to residency and I'll happily file taxes there. No one wants to play this game and be treated as a second class citizen.
Also if your visa allows back-to-back entries that's exactly what I'll do. Nowhere does it say that there's a limit, therefore it's not "abuse".
FWIW I really wish I could open shop in Thailand, pay taxes there from my online business and gain visa/residency through it, do it you think it's possible/easy? Nope. Roadblocks at every step.
3. WTF do you want exactly? I'm injecting $500/mo in Thailand, do you prefer 0? This line of thinking is insane.
Anyway $500/mo in Thailand nowadays is basically impossible unless you live in a shack or in the sticks.
Also if the law says you should pay taxes, that's exactly what you should do. Nowhere does it say that there's an exemption for people paying their food and rent ("injecting" $500), therefore you should pay (taxes).
That's incorrect; services represent around 56% of the economy while manufacturing only represents around 35% of the economy: https://www.statista.com/statistics/331893/share-of-economic... .
I don't know how much love is there in these marriages and don't draw any judgement either.
???
High value transfers should be subject to additional scrutiny to confirm it’s legitimate.
The hard part is making sure you balance that well enough so that you’re protecting against malaise without the bank then becoming a consumer problem themselves.
It will be interesting to see how well this works.
In fact the last thing you want to do is give criminals warning that you’re going to freeze their accounts. I’d imagine that would be extremely counterproductive for everyone bar those criminals.
They did a crackdown where if the name associated with the phone number on the account didn't match the name on the bank account then they froze it
Also they froze most accounts owned by foreigners with specific visas
It really had nothing at all to do with mule activity, they were using blanket heuristics
But that doesn’t mean that freezing an account suspected of fraud isn’t the right course of action.
Yeah there’s going to be false positives. However that’s precisely why you freeze the account: to allow you time to follow due process and investigation. If you assumed the process was infallible then you wouldn’t need to freeze the account; you would just skip straight to the punishment and remediation stages ;)
> However that’s precisely why you freeze the account: to allow you time to follow due process
Due process comes before the actions.
If two people accounts were unjustly frozen (and they have to do some work to unlock them), and at the same time two hundred people life savings were saved, would that be OK with you?
I don't know about them, but there are plenty of ways for law enforcement to get mule account numbers. After all that's the whole point - actual criminals don't have to reveal their own identity, instead they convince a "mule" to (knowingly or not) participate in a crime.
Couldn't find anything that indicated there was a mass freezing of legitimate accounts, or a singular complaint of an incident of that happening.
* Can't copy paste...is the article an image!?
I can't check right now, but I'm guessing they set `user-select: none` in CSS.
A browser is a 'User agent', as in it is supposed to act on MY behalf, and things in my intent and benefit. Similar agents are real estate agents, or attorneys as my agent.
So... For something that is MY agent, why are browsers creating, and instituting anti-agent choices against my will?
Barring excuses of "following the spec", I should be able to easily disable my user-agent's execution of said onerous code.
(I'm ignoring this for Google chrome. They're an adtech company, and they won in court as a monopoly. Fuck them.)
It's supposed to implement the spec. Why are you and many other people on this site so attached over the wording of "user agent"? It is supposed to mean the software making the request, it doesn't mean anything more than that.
As it happens, the relevant standard actually includes a response to this argument (https://www.w3.org/TR/css-ui-4/#valdef-user-select-none):
"As user-select is a UI convenience mechanism, not a copy protection mechanism, the UA may provide an alternative way for the user to explicitly select the text even when user-select is none.
Note: none is not a copy protection mechanism, and using it as such is ineffective: User Agents are allowed to provide ways to bypass it, it will have no effect on legacy User Agents that do not support it, and the user can disable it through the user style sheet or equivalent mechanisms on UAs that do anyway. Instead, none is meant to make it easier for the user to select the content they want, by letting the author disable selection on UI elements that are not useful to select. Tools such as CSS validators, linters or in-browser developer tools are encouraged to use heuristics to detect and warn against incorrect or abusive usage that would hamper usability or violate common user expectations."
Not neccessarily. For example, piracy is so harmful that it could still outway the cost to a user even with a multiplier given to the user's cost. For example the user's cost is 10 and the author's cost is 100. Even with a 5x priority for the user, the needs of the author outweigh it.
Which to me seems entirely reasonable limit. Such transactions are relatively rare.
That means unusual payments like home purchases can be approved. But fraud is significantly harder…at least in theory.
That’s mostly annoying for inter accounts movement if you move money around a bit but I think you would get higher capacity if you are concerned.
A scam network takes over phones, tricks people on friends lists to follow directions so their phone can be remotely controlled (Apple and Android). Then the cycle repeats and they try to drain bank accounts in the process.
Thailand is placing 50k maximums for digital transfers then adjusting over time based on … 50k baht = $1,575 USD
https://support.apple.com/guide/iphone/request-give-remote-c...
> Transactions that are computationally impractical to reverse would protect sellers from fraud, and routine escrow mechanisms could easily be implemented to protect buyers.
Emphasis added.
It is conceptually possible to create a crypto "credit card". But given that existing transactions are already slow, expensive, and complicated to integrate - I can't see it being attractive.
There's also the issue of trust. Escrow merchants need to be highly-trusted by both sides. They also need regulation and insurance. Those things are all in short-supply in cryptoland.
[0] Goharshady, A. K. (2021). Irrationality, Extortion, or Trusted Third-parties: Why it is Impossible to Buy and Sell Physical Goods Securely on the Blockchain (arXiv:2110.09857). http://arxiv.org/abs/2110.09857
Also kinda pointless though.
> Bank of Thailand (BOT) will meet with commercial banks and the Anti-Online Scam Operations Centre (AOC) on Monday to address growing complaints about the wrongful freezing of bank accounts.. after small retailers and individuals reported being abruptly cut off from their funds without warning or recourse.. Assistant BOT Governor.. acknowledged that current procedures for identifying and freezing suspected “mule accounts” need refinement to prevent harming innocent customers. Many account holders have taken to social media to express frustration over being unable to access their money or conduct business after transfers from unknown sources triggered automated freezes.
Good name for an AI agent orchestration framework.