Hacker News new | past | comments | ask | show | jobs | submit login

The part of the chart for "threat level I should have had based on everything I know now" is way off. It should have been at least yellow with "zero cell coverage" (assuming the author normally has reasonable cell coverage at that location), should have been red at "got popups to log back into google", and should have broken out of the page and come knocking on your door at the "password didn't work".

If I get unexpectedly logged out of my email account, even if I can log right back in, this should already be at "something seriously fishy is going on and I need to investigate immediately", such as checking the account for any activity. Not being able to log in to my email is "check my provider's status page to make sure they're not having a widespread outage, and if they're not, get on the horn with support immediately".

As the author says, your email account is the keys to the kingdom for virtually every other account you have. Anything that threatens it is serious business.

I compare this to driving. We all think we are safe drivers who will not drive when tired, not go too fast in thick fog, and pay attention to our surroundings. In practice, it's hard to live by these rules 24/7.

I thought the author did a good job describing how he rationalized away these warning signals as flakiness, and had a bad mental model of the situation ("SIM card is being weird") that prevented him taking timely action. He also mentioned outside factors (needing to sleep, stress at work) that affected his judgement.

It's easy to say this would never happen to you, but even sophisticated people get caught by this stuff, since we are in the end human. Writing this article in the aftermath of losing so much money was a brave and considerate gesture.

This reminds me of Popehat's "Don't judge the victims too harshly" paragraph from Chapter 5 from his "Anatomy of a Scam" (https://www.popehat.com/2011/09/18/anatomy-of-a-scam-investi...):

> Many of you are thinking, "Jesus, I would never fall for the "the check's in the mail, we had trouble with the wire transfer, the money is coming in from our affiliate in New York, I'll get you the tracking number" routine day after day. But sociopaths are very, very good at this. You don't want to believe you've been conned, you don't want to believe you have to go hire a lawyer and file a lawsuit, you don't want to believe someone can do this to you, you want the income that this transaction promises, and often you don't want to go tell your superiors — so you keep hoping that the money is coming any day now. It can happen to you. It's happened to very smart lawyers I know. It's happened to me. And I used to put these people in jail. So don't judge the victims too harshly. When you find yourself in such a situation, you've got to focus — to convince yourself to bail out and cancel the contract, stop providing services, and file suit if necessary.

I'm not complaining about the author's description of their timeline, just taking issue with that bar on the right that is described as the threat level they should have had.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact