My wife was taken by a very elaborate and well-crafted scam in November. In retrospect, it all sounds ridiculous... but in the moment, with kids in tow, it was very convincing. It was so traumatizing that when it was over and she finally realized it was a scam, she was relieved! They had convinced her she was going to jail and that was terrifying. Losing the money was less bad than going to jail.
It was also EXTREMELY well scripted with a TON of psychology and clever moments that were well rehearsed. They also had a background track playing with 'police station like' audio and had spoofed the Orange County Sheriff's phone number.
One psychological trick that they employed was a very 'stepped' approach to the scam.
If you say it all out loud, it is obvious, but if you go step by step, each one was somewhat plausible. Lastly, by posing as law enforcement, they tugged on a natural tendency to follow orders and avoid being in trouble. My stomach drops when I think I am getting pulled over... being told you have an outstanding warrant was quite a gut punch for her.
Things to remember:
* ALWAYS hang up and call people on a phone number you enter yourself.
* If someone tells you to check the number by looking it up, they are very likely spoofing it. Hang up and call the police.
* The police don't call you if they are trying to serve a warrant, they show up.
* A judge's 'gag order' does not mean you can't talk to a family member or legal counsel.
* NEVER pull money out of an account for someone you don't know without talking to a friend or spouse.
* ANY change in the situation is a red flag
- bring the money to the courthouse.
- its getting late, we use an after hours processor
- you are running out of time, just wire it
This scam is pretty active right now. My brother in law was called 2 days prior and they called my wife again 2 days later…
Rough scam script:
- <background audio of police station>
- hello, is this XYZ?
- this is Officer Z, do you agree to abide by Judge ABC’s orders?
- we have been trying to reach you by mail about this case. It has to do with a minor.
- the judge has issued a gag order, do not talk with anyone about this
- look up the number from the phone, see I am really calling from the courthouse
== keep you on the phone, my wife actually didn’t pick up when I called in the midst of the scam and followed with a text ==
- someone committed a crime using your name, we don’t think it was you but because you didn’t respond to mail, there is a warrant for your arrest
- you need to post bail
- go withdraw money from the bank and bring it to the courthouse
- where are you? The courthouse is closing
- it’s getting late, use a 3rd party processor setup during Covid
- go to grocery store, use a CoinStar machine
- send money to phone number (using XLM currency)
Just a small thing if it helps someone; you don't pay bail to avoid pretrial detention, you're paying to get out of it. I.e. you can't bail out if you aren't in jail.
Even if you do bail out, you still have to be processed, get your fingerprints done, mugshots, whatever.
This may change if you're someone notable, but for us run of the mill people, the police won't call to say "pay bail or well arrest you". You get arrested and then pay bail, in that order.
That is the beauty of the scam… plausibility, isolation and sunk cost. They had my wife on the phone for 90 minutes! It was so exhausting and nerve wracking that by the time the crypto request comes, you are too drained to think straight.
It was quite traumatizing… I am very thankful the money (while significant) wasn’t make or break for us.
I am sure for lots of people it can mean missing some payment or something. My 8yo was worried we wouldn’t be able to pay the mortgage. (Thankfully not a concern)
I don't know the technical details, but as I understand it with today's infrastructure "caller's phone number" might as well be a free field where you can enter anything you like. There is no authentication or verification going on there
The sibling comment is correct, but to be a little more specific, when a carrier transmits a call into the phone system, one of the metadata fields in that transaction is the Caller ID of the calling party. It may sound asinine, but the infrastructure we've built for the PSTN basically requires it.
If you're interested in what's being done about it and the history of how it got this way, the STIR/SHAKEN wiki article has good details: https://en.wikipedia.org/wiki/STIR/SHAKEN
I don't trust anyone to be a police officer unless there's another police officer present certifying that they are in fact a police officer, and another police officer present certifying that that person is a police officer, and so on, up to a piece of paper listing hundreds of "root" police officers around the world that was prepared in an unspecified way by an unknown programmer involved in making whichever browser I happen to be using, and which I have not even glanced at.
Funny, but to be clear, the actual practical advice is to call the police department and verify it. That's what the woman in the article did, and it most likely saved her life.
When you're looking at the disk, do you use a handheld magnifying glass and go by sight, or are you running your fingers over the disk to feel the position of each electron?
I convert my root certs from digital to proteomic storage and inject it directly into my veins. I've programmed my immune system to go into total systemic shock if the certs have been compromised.
If you ask to see their badge and they show you a metal one it's probably a scammer, most real cops these days carry the plastic ones you can get at a Halloween store because budget cuts. IANAL etc etc
I have absolutely gotten legitimate phone calls from a sheriff/marshal in the stats of texas to let me know I had two warrants out for my arrest (failure to pay wrong left turn ticket, failure to show up at court for said ticket).
I called him back at the published phone number for his division. He let me know he wasn't going to be bothered driving 45 minutes across the metro area to find me and arrest me, and if I just stopped by court and got it taken care of in next three months that would be great.
You get arrested for simple traffic ticket? That doesn't sound right. Usually you would just be unable to renew your car registration the following year until you pay said ticket.
I grew up in a different state, and was very surprised that nearly everything in Texas is an actual crime (misdemeanor). So yes, you get arrested for them here, because you committed a misdemeanor. Other differences that surprised me: It's legal to drive through a red light as long as you entered the intersection before the light turned red. Pedestrians don't automatically have the right of way. It's legal to change lanes in the middle of an intersection, even while turning.
I've had to re-learn a lot of legal things since moving here.
Hmmm, when living in California I got a speeding ticket late night in Kingman, AZ, sent in a personal check, they only took money orders, I never followed up. It's been thirty years.
I visit family in Arizona frequently. I wonder whether statute of limitations has run out. I've been fortunate to not get pulled over so far. Maybe I do see gitmo in my near future after all.
An uncle who lived in the Kansas City suburbs was careless about parking and did not pay his parking tickets. Then one day he was pulled over by the police. They checked his information and took him to jail. My aunt showed up to pay his tickets, and discovered that the city did not take checks. A grocer kindly cashed a check for her.
I really wish there was a certificate authority run by the government. In the past we didn't have the capacity to do a lot of these things but now we can make many improvements, even if incomplete.
Can we not have something like a CA but for, at minimum, officials? Or something like keybase for identity proofs? This seems quite invaluable. Couldn't this even be done within the phone, mail, and email systems? I don't think this should be for everyone, because we should have some anonymity existing, but at least for government officials? What's preventing us from having public/private keys that are verifiable by general citizens? Even if it was as bad as PGP used to be (before tools to make it easier developed) there would be at least some form of verification. But right now it's far too easy to spoof and honestly I don't even know how one would perform verification other than hanging up and calling back. But that doesn't solve your example.
You can call 911 or your local police station and they can verify if there is a law enforcement officer at your front door.
I guess someone could run a Stingray and re-route your 911 call to a hostile party but at that point, I don't think a CA would help you given that they are right outside your front door.
My fear would be that that would piss off the police officer and motivate them to make up some reason to injure me, plant evidence, or destroy my property.
I don't really feel this is an option. And it still is a weak signal. Who knows their local police phone number? Do you know that for the area you're traveling through? 911 is flooded enough. Can I get an image of the officer's face to verify?
What the hell are you talking about? If there's a stranger at your door claiming to be a cop, and there is cause for suspicion, just fucking call 911.
If it's neither safe nor convenient to look up the non-emergency number, it's an emergency. Any armed stranger at your door will only wait so long before forcing escalation.
The alternative is: while you're ringing the non-emergency line, he sticks a gun in your face, "arrests" you, and helpfully hangs up the phone. You didn't transmit E911 data-- and nobody will come check on you.
If your iPhone is allowed to call 911 over bogus telemetry, it's good faith enough for two humans to use it to verify officer credentials.
What I'm talking about is that you haven't solved the verification problem by calling 911. They likely aren't aware of all dispatched units, especially in your district. Supposing they did, it also doesn't let me know that the person I'm taking to is an officer, but just that there is an officer dispatched. How do I verify that these are the same?
The system I want is basically something simple citizens can use and can become common practice. Such as cop shows up and you scan their badge with your phone. Why? Because such procedure can kill police impersonation before it starts. It creates a high level of difficulty to perform that impersonation. Honestly, this should even be possible without an Internet connection. There is also an added benefit for both parties. The scanning of the badge logs an interaction and can make both parties accountable.
That's the alternative. The alternative isn't do nothing when I'm literally asking for something else. Get the context of the thread before replying. It's like you're pretending my original cert question doesn't exist.
Hello judge, sorry for calling you at 2am, but there's a police officer at my door. Can you verify their badge number and then describe to me what they look like so I can verify that this is indeed the person they say they are? K thx bye
I think the common thread with all such scams is creating a sense of urgency and high stakes. I'd generalize what you said though: if something involves a legal process or supposed pre-existing correspondence, anything crucial will happen in writing or in person and they'll be able to specifically provide you with the dates and details of anything they claim to have on you.
Personally I haven't had fake police calls yet (well, except for one Eastern European lady in a call center using a fake mobile number while pretending in broken English to be from INTERPOL, whom I immediately hung up on) but I have had calls about contracts I supposedly agreed to over the phone and was going to have to pay for either way but could now immediately agree to a compromise so I wouldn't have to pay the full amount owed but order (this time for real) something else or some contrivance like that. Of course calling back was not an option because this was already about to hit collections and they had recorded my previous (non-existant) call but couldn't play it back to me right now. It was all a bit ridiculous but I still felt a bit unnerved until I called my lawyer and learned that even if everything they said were true the contract as described would be invalid and any claims would have to be sent in writing before anything actionable even happened on my end.
From one of my family members: if the bank transaction doesn't go through, and you call the bank and they tell you it's probably a scam, don't overrule them.
Also if you're in the EU make sure to check the actual SEPA/IBAN code. The first two letters are the country code and if this is supposed to be an organization/institution in your country then those should match most transactions you've done before. Don't be fooled just because the country code letter combination happens to also be the initialism of something else or a state/city/etc involved.
I've had an accountant fall for a company registration scam and while the letterhead was plausible, the bank account was in an entirely different country, which should have given pause.
A trick I started using was asking the scammer for a challenge code to prove they where who they said they were (from my bank). The scammer was dumbfounded and hung up.
I agree it is always better to just hang up and call the bank yourself but it was pretty humorous.
I don’t get many calls, but a LOT of whatsapp messages. What i usually do is ask them if they know how to trade crypto and if they want to 10x their money - they quit immediately.
Related, a close friend of mine was looking for jobs and in a moment of desperation he got prayed on by someone asking all their personal information. No follow up. Not sure what the end game is there, however it might turn ugly.
I find your strategy - putting them off foot - is a very good deterrent and an effective way to get rid of most scammers quickly.
I am incredibly fascinated by how scammers work and their inventive - many of them would be very successful in a corporate environment, they are clearly very smart and capable, you wonder why they end up doing this for a living.
I’ve received so many of these scam calls from fake authorities that I used to just hang up (now I don’t answer calls ever). One time I didn’t hang up because something felt weird. Turned out it was legit and I owed a $20 traffic ticket from years ago. I’m pretty certain it wasn’t a scam, maybe it was.
Since it's so stepped, the main counter is to break the first step (so hanging up right away is indeed right), but then for the same reasons other pieces won't help (they'll come up with some excuse re. why they call instead of showing up or you won't contact anyone because of the "gag" order)
Because otherwise we wouldn't feel the need to drill it to our kids in school.
Like potty training, obviously if it wasn't for parents teaching basic human stuff our kids would just shit and piss everywhere casually.
/s
We tend to overestimate how much substance we're teaching to other humans, while what we are often doing is passing down "form". And "form" is very important because that's what our social instinct forces us to do, to create differences between us (with the right manners) and them (with the wrong manners)
> Because otherwise we wouldn't feel the need to drill it to our kids in school.
That's pure tautology. It's also the case that no professional agrees with you that these emotions are "intrinsic."
> We tend to overestimate how much substance we're teaching to other humans
What are you basing these assertions on? Personal feeling or are you drawing from some resource that I could also study, because so far, I can't find anything that backs up your points.
My wife was taken by a very elaborate and well-crafted scam in November. In retrospect, it all sounds ridiculous... but in the moment, with kids in tow, it was very convincing. It was so traumatizing that when it was over and she finally realized it was a scam, she was relieved! They had convinced her she was going to jail and that was terrifying. Losing the money was less bad than going to jail.
It was also EXTREMELY well scripted with a TON of psychology and clever moments that were well rehearsed. They also had a background track playing with 'police station like' audio and had spoofed the Orange County Sheriff's phone number. One psychological trick that they employed was a very 'stepped' approach to the scam.
If you say it all out loud, it is obvious, but if you go step by step, each one was somewhat plausible. Lastly, by posing as law enforcement, they tugged on a natural tendency to follow orders and avoid being in trouble. My stomach drops when I think I am getting pulled over... being told you have an outstanding warrant was quite a gut punch for her.
Things to remember:
* ALWAYS hang up and call people on a phone number you enter yourself.
* If someone tells you to check the number by looking it up, they are very likely spoofing it. Hang up and call the police.
* The police don't call you if they are trying to serve a warrant, they show up.
* A judge's 'gag order' does not mean you can't talk to a family member or legal counsel.
* NEVER pull money out of an account for someone you don't know without talking to a friend or spouse.
* ANY change in the situation is a red flag - bring the money to the courthouse. - its getting late, we use an after hours processor - you are running out of time, just wire it