I was pretty suspicious but thought I would get them to authenticate their identity as someone really from Amazon by telling me the last thing I had really ordered was...
I must have stayed on the call for 20 minutes, eventually they ended up swearing at me - all the time I could hear other people in the same room trying the same lines on different people. I have no idea why I stayed on for so long....
I do not answer calls
Maybe 3 or 4 of these a day <sigh>
Then because of the leak side channel effect they can further future target calls such as coming from google about your problem with "your pixel 9 or 10?"
I assumed this was normal.
What a shit show.
They're saying that the least likely part of the cover story is that Google would proactively reach out to you in order to help you personally with the service you are (most likely) paying zero dollars for, and assign one of their most expensive employees to the case.
They have the scammers working off phone queues, it takes a little bit of time to get the call to the scammer, who has to start off with a script, so there's a delay.
Remember, the scammer, also likely not a native english speaker, also probably bored out of their mind, has to spin up, they have to read the name, understand how to say it and then say it out loud. Their is a mental startup time that a normal conversation doesn't have.
If someone calls you and isn't ready to immediately respond to "hello" it's a scammer.
Personally, I would utter a confused "hello?" if I was calling somone, the ringing stopped, and no one said anything, but I guess not everyone would.
Getting a procative call for my benefit would make me very suspicious about the authenticity of that call!
I certainly don't. Every call I get from the school seems to come from a different number. And the camp she was at when she hurt her leg and had to be taken for immediate medical attention.
I get it, in your world, in your experience, it all works out. But in mine, it just doesn't. From experience, I _know_ this is true.
The attacker had access to the Google account which includes passwords from Chrome and also the 2fa codes stored in Google Authenticator, because those were synced to Google without the author noticing it.
So with passwords and 2fa the attacker could login to Coinbase too.
Friend’s mother got scammed. She’d contacted tech support and they said they’d call back. Then a scammer just happened to call her within that next hour…
In my experience most authenticators cloud sync automatically, at least on iOS. For most people, this is a benefit. Otherwise, lose your phone and you're stuck, I doubt most people secure recovery codes properly either.
The answer is almost certainly greater than 0.
Never, ever, use a cloud password manager, that's just dumb. Combining these things together in some sort of master account -- be it Google, Apple, Microsoft -- is also terrible. It's like leaving all of your savings accounts, checking, and investments at a single bank.
All of this stuff is going to get way worse because of AI. You'll be talking to real people you know personally who are 100% not AI but were tricked in to asking you to do something by other AI enabled scammers. However aggressive I've suggested people be in the past probably isn't going to be enough for 5 years from now.
These things have always been possible, and have been done, but now they can be done at scale, with advanced testing to figure out what works on who, whereas before it was targeting the guy who kept posting pictures of expensive watches on his public Instagram.
Great advice for someone who doesn't have children or family members with health conditions.
Do people actually downvote this? Seriously???
I wonder sometimes how many scams I've avoided simply by pretty much never answering my phone when someone calls unless I'm expecting a call or it's someone I know.
> The attacker already had access to my Gmail, Drive, Photos — and my Google Authenticator codes, because Google had cloud-synced my codes.
Ugh, google