Hacker News new | past | comments | ask | show | jobs | submit
It's very, very hard for untrained people to be strict about verifying any secret phrase. The attacker can make all kinds of excuses, while creating urgency, and many people quickly abandon verifying the phrase. A scene in One Battle After Another comes to mind.
Scammers can also trick the victim into reversing the roles and telling password to scammer. Even banks ocassionaly get this wrong. I have had my bank call me and ask me to read numbers from number card. If a trained bank employee following a script designed by (hopefully) an expert cant get it right, the chance of elderly relative spotting mistakes in protocol is close to 0.
loading story #48923664
At some point, the scam evolves to a live video of a gagged loved one being tortured. "Stop wasting my time or they lose another finger."

People aren't prepared for this shit.

loading story #48924036
Oh, man. That does seem likely. What a world. I wonder if eventually there won’t be a human in the loop, just a model trained to make money with a strategy like that, automatedly selecting victims and a person to be impersonated for each. Pre-render a few videos, place multiple calls in parallel. Basically a turnkey Docker container that takes a bitcoin address as a parameter and fills it with stolen money.
loading story #48922459
loading story #48922921
loading story #48924043