On a Tuesday evening this past October, I put $50,000 in cash in a shoe box, taped it shut as instructed, and carried it to the sidewalk in front of my apartment, my phone clasped to my ear.
I’m sorry, but this type of scam has been reported on for enough time that you’re a fucking moron for falling for it. How much time can pass between scams becoming what should be common knowledge and people still getting suckered without reading about them? I’m exagerating, but this is like falling for the Nigerean prince emails at this point.
The man on the phone knew my home address, my Social Security number, the names of my family members, and that my 2-year-old son was playing in our living room
idk - when somebody knows all your personal information, says they’re monitoring you and is actively telling you that you and your family are in danger - being rational is very difficult - it may not seem that way in hindsight but everyone thinks only a moron falls for scams until you’re the one that gets suckered
I read that self-laceration is typical; half of victims blame themselves for being gullible, and most experience serious anxiety, depression, or other stress-related health problems afterward. I heard about victim support groups. I went to therapy.
“Everyone was so patronizing,” she told me. “The response was basically ‘It’s your fault that this happened.’”
I’ve sent out a fake scam message at work and always have at least two or three clicks. No matter how many times you tell people there’s always a few that just can’t get it through their skulls.
Even if I make it super obvious, spelling errors, poor grammar, and write “do the needful” at the end. They still click the god damn link. Some people just need to have their internet access restricted for their own good.
Sounds more like bad browser programming if it can’t handle all content safely. Any risky action should pop up an administrator password query to activate.
… admins and/or CISOs (ie employees) send such emails to other employees regularly as an additional form of cyber security education. It’s a controlled environment. (And you can’t really proof against social engineering irl anyway, you just gotta educate folk.)
Regularly educating employees is often even mandated by law directly (financial, public, etc sectors), or by any normal risk officer.
This usually includes lectures/vids/slideshows, questionnaires (mandatory for all), and irl testing/running scenarios.
Much like how to deal with anything regarding personal data.
I’m sorry, but this type of scam has been reported on for enough time that you’re a fucking moron for falling for it. How much time can pass between scams becoming what should be common knowledge and people still getting suckered without reading about them? I’m exagerating, but this is like falling for the Nigerean prince emails at this point.
idk - when somebody knows all your personal information, says they’re monitoring you and is actively telling you that you and your family are in danger - being rational is very difficult - it may not seem that way in hindsight but everyone thinks only a moron falls for scams until you’re the one that gets suckered
Also yeah blaming victims sure is helpful…
I’ve sent out a fake scam message at work and always have at least two or three clicks. No matter how many times you tell people there’s always a few that just can’t get it through their skulls.
Even if I make it super obvious, spelling errors, poor grammar, and write “do the needful” at the end. They still click the god damn link. Some people just need to have their internet access restricted for their own good.
Sounds more like bad browser programming if it can’t handle all content safely. Any risky action should pop up an administrator password query to activate.
… admins and/or CISOs (ie employees) send such emails to other employees regularly as an additional form of cyber security education. It’s a controlled environment. (And you can’t really proof against social engineering irl anyway, you just gotta educate folk.)
Regularly educating employees is often even mandated by law directly (financial, public, etc sectors), or by any normal risk officer.
This usually includes lectures/vids/slideshows, questionnaires (mandatory for all), and irl testing/running scenarios.
Much like how to deal with anything regarding personal data.