|
|
Musings Report 2024-8 2-24-24 It's Never Been Easier to Be Scammed: Deception in the Era of AI
You are receiving this email/post because you are a subscriber/patron of Of Two Minds / Charles Hugh Smith.
It's Never Been Easier to Be Scammed: Deception in the Era of AI
Once a technology becomes ubiquitous, it becomes fertile ground for inventive scammers.
Telephones have been around a long time, but their value to scammers went parabolic when credit cards became ubiquitous: now a scammer could con us into giving them instant access to our credit and cash.
Robocalls have ruined telephony, but that's a separate subject: our topic today is the ease of being conned.
Once email became ubiquitous, spam went parabolic for the same reason: an imposter / counterfeit / phishing email could con us into giving up passwords and credit card numbers or download worms by clicking the offered link.
Once SMS texts became ubiquitous, spam texts (a.k.a. phishing texts or SMS spam or smishing) went parabolic for the same reason: the unwary could be conned into clicking a link, to the financial benefit of the spammer.
Now a variety of AI tools are on the way to becoming ubiquitous, and the potential for creating new kinds of compelling cons will soon go parabolic.
Let's consider the emotional foundations of cons.
1) Urgency: the con demands our immediate attention: your credit card has been compromised, click this link now.
2) Too good to be true, but plausible: click now to collect your free gift.
3) Exploiting our trust: this is your credit union fraud detection service.
4) Preying on our vulnerabilities and desires for love, wealth, recognition, success: a Hollywood producer wants to option your novel.
5) Fear: we've kidnaped your spouse.
6) A benefit we should have: don't you want to protect your loved ones?
7) Social trust: most of us still have a default setting of trusting people and institutions.
The goal of any con is to get money out of us by exploiting our vulnerabilities and trust, and exploiting us when our guard is down.
Cons can be personal--individuals who gain and then exploit our trust in person or on the phone--or impersonal: emails, texts, warning windows on our computers, etc.
The foundational mechanism of any con is deception: the scam mimics legitimate situations, institutions and emotions. The goal is to trick us into believing the deception is real.
We're inherently trusting within our own group and distrustful of outsiders. This inherent distrust presents a barrier to scammers, and so the most common cons spoof legitimate institutions that we've been trained to trust, as these institutions manage the systems we rely on for daily life: banking, technology, education, healthcare, government.
It's getting easier to spoof the signs of legitimacy: logos and other visual markers of legitimacy are easily copied, and phone numbers can be spoofed: this must be my credit union because the phone number is correct.
AI tools now enable deep-fake videos that put people in compromising situations, and voice mimicry will soon be ubiquitous: sample someone's voice, run the samples through a processor and then change a scammer's voice to that of a trusted person.
The erosion of social trust is already severe, but it may spiral toward collapse as these tools eradicate the last vestiges of trust.
Let's consider a few examples of actual scams / cons.
My wife received a call purportedly from the local hospital saying her Mom's medical bill hadn't been paid and asking for a credit card. The scammer had her Mom's name and phone number, and knew that she'd recently been a patient. So clearly, all this data had been compromised. (It's fair to say we must now assume all personal data has been compromised as the default.)
My wife knew not to give credit card numbers over the phone, and this is a good example of some basic rules we can follow to avoid getting conned:
1. Never give passwords, credit card numbers or payment information over the phone, ever.
2. Never assume a caller / emailer claiming to represent an institution or trusted person is legitimate. Always hang up and call / email the institution or person directly.
This is hard to do if we're trusting, distracted or distraught. But the reality is our personal data is constantly being hacked from institutions and distributed on the dark web.
Anecdotally, I've read accounts of fake kidnaping, where someone receives a call from the purported kidnaper using the supposedly kidnapped person's phone number. With voice spoofing, this could include some plea from the supposedly kidnapped person. The panicked recipient pays the ransom and then calls the kidnapped person and finds they're fine, the kidnaping was all faked.
The proper response is to hang up and call the supposedly kidnapped person's phone. Appearing to lose cell service might be useful to avoid being threatened. "Hello, hello, I can't hear you," click.
A similar scam features an email or call from some trusted person supposedly stuck somewhere whose purse / wallet was stolen, so please send money.
Author Cory Doctorow recently shared his experience in being scammed by a counterfeit call from his credit union's fraud detection unit. Would you trust a call from your credit union's fraud detection unit? I would. The idea that it was itself a fraud would not occur to me.
How I got scammed, And why AI will make it worse.
Doctorow explains that many of these cons rely on circumstances aligning just right. In his case, he had just used dodgy ATMs and was exhausted from travel. He wrote: "There's a name for this in security circles: 'Swiss-cheese security.'" The analogy is numerous slices of Swiss cheese which are in constant rotation: occasionally, the holes align and a security breach slips through.
This is why institutions such as the IRS, Social Security and Medicare now have warnings on their websites saying "we will never call you and ask for personal information."
I recently experienced a con that worked because the con artist created a reasonably elaborate mise en scene of authenticity.
Writers get a lot of pitches for various services, but it's rare to get a pitch from an agent in an established New York literary agency. So when I received an email from an agent expressing interest in one of my books, I looked up the agency online, saw it was legit and found this fellow on the staff roster.
The agent sent me legit-looking submissions guidelines from a big publishing house and a sample contract and we arranged a call. We spoke for over an hour about various aspects of the business, including me asking how he became a literary agent. He sketched out his backstory including his university studies in film, and agencies he'd worked for previously. He then went on to discuss specifics such as advances on royalties.
Only at the end of the call did he introduce the con: we needed to outsource the submission preparation and split the costs.
I'd had an agent back in the day who'd pitched my novel but couldn't sell it, and I eventually sold my first novel to a small publishing house myself. From these experiences I knew that legit agencies never ask for money from authors, so the red flag went up and my wife went online and found that imposters claiming to be agents were scamming unpublished (and therefore desperate for a publishing contract) authors.
Publishing Scam Alerts (Authors Guild)
So this fellow had been an imposter. When I described this to my friend S.T., he said it sounded like an insider had gone rogue.
I was chagrined that I hadn't followed the standard advice: "Always contact an agent or agency directly to verify authenticity before responding with a manuscript or any personal or financial information."
I'd glanced at the agency website, and been conned by the authenticity of the documents and the con artist's insider knowledge of the industry. The superficial authenticity had been sufficiently plausible to ease my skepticism. Frankly, the idea that someone would pose as an agent hadn't occur to me as a possibility.
I'd overlooked clues: the imposter's email used a URL with a dash between words, while the legit agency's URL had no dash, and the phone number on the agency logo and the agent's photo was different from the phone number posted on the agency website.
I emailed the real agent and he confirmed he had an imposter.
This is how a good con works: there's a legitimate or plausible backstory, documents and evidence that build trust or overcome skepticism are provided, insider knowledge or use of insider terminology are deployed, and once these are established, the money transfer is introduced as a necessary step for good things to happen.
I'm still gobsmacked by the trouble the imposter went to in mastering the real agent's backstory. But then most professional biographies contain some career / professional narrative, so it's not that hard to assemble a plausible familiarity with someone's backstory.
Add in the potential to create deep-fake videos of a real person and mimic their voice, and the ease of generating plausible legitimacy in cons increases geometrically: the digitally generated imposter will look and sound just like the real person.
Virtually all these scams and cons can be avoided by following these simple rules:
1. Never give passwords, credit card numbers or payment information over the phone, ever.
2. Never assume a caller / emailer claiming to represent an institution or trusted person is legitimate. Always hang up and call / email the institution or person directly.
Theoretically, there should be legal protections against scams and cons, but whatever legal protections are in place are inadequate. One might imagine that the NSA has all the resources necessary to track down scammers and provide sufficient evidence to convict them, but it's clear our society and governance structures have little interest in stemming the tide of cons and scams.
It's up to us, and unfortunately the only realistic assumptions we can make are 1) all our personal data has been compromised and 2) every call, text, video and email we receive is potentially fraudulent, regardless of source.
Highlights of the Blog
How the Economy Changed: There's No Bargains Left Anywhere 2/23/24
The Pitfalls of Central Planning 2/21/24
Finding, Creating (and Keeping) a Job in the Era of AI 2/19/24
Best Thing That Happened To Me This Week
I received a free master class in imposters and cons.
From Left Field
NOTE TO NEW READERS: This list is not comprised of articles I agree with or that I judge to be correct or of the highest quality. It is representative of the content I find interesting as reflections of the current zeitgeist. The list is intended to be perused with an open, critical, occasionally amused mind.
Many links are behind paywalls. Most paywalled sites allow a few free articles per month if you register. It's the New Normal.
Tyler Perry Halts $800 Million Expansion of Atlanta Studio After Seeing Sora’s ‘Shocking’ Text-to-Video Model (via Richard M.)
AI Generated Videos Just Changed Forever (12 min) (via Tom D.)
Is Lip Balm Making My Chapped Lips Worse?
How I got scammed, And why AI will make it worse.
Inside the plan to diagnose Alzheimer’s in people with no memory problems — and who stands to benefit
Lessons from Bernard Rudofsky
Rudofsky's Home in Spain ( Hidden Architecture) (via Cindy F.)
The Ancient City of Sybaris, Italy
Why Americans Do Not See a Strong Economy (via Cheryl A.)
Playing God Unplugged (3:27 min) Tim Henson (12,792 Comments)(via S.T.)
Polyphia - Playing God (Official Music Video)(3:23)
The Tim Henson Documentary | Becoming A Modern Day Guitar Icon (35 min)
"Failure is the condiment that gives success its flavor." Truman Capote
Thanks for reading--
charles |
|
|
|
|
|
