Anyone posted this yet?
Here’s the problem with POA, nobody cares. Financial institutions don’t honor them when it matters unless it’s on their exact form with a medallion signature or whatever bullshit. If the account owner wants to get scammed the money is almost always going to disappear.
NIST may be un- or even anti-glamorous, but they are heroes.
3 Likes
This would be a little too broad, my father still does some freelance work on the side, and I removed all the financial institutions from his contacts in case they changed any of his contacts info. But that’s basically what I’m looking to do, is that a default possibility on an Android?
If I could do that and forward them to a Google Phone number I maintained, it would be super annoying on my end but I could deal with it for a while til everything is 100% locked down.
OK you’re the guy who can probably give me some good advice here then on any holes in this plan.
- I get POA
- I use the POA to move their money to accounts that they don’t know about - they don’t know the brokerage, they don’t know the account number, they don’t know the logins.
- When they want some of that money, I send it to their checking account that only has a small amount in it.
No matter how hard they try to get scammed at that point, they can’t get to that money right? I guess if the scammer managed to get their personal info off the dark web and told them to call the financial institution, but they still don’t have the account number, and the contact info on the account is going to direct to me.
I mean, if nothing else, I have a pretty slam dunk lawsuit if the financial institution sends that money out without the proper authorized signature, right?
I agree with all of that, except that adding other characters seems pretty good.
It’s good if you are limited on length, but long passwords with simple characters and words easily dominate shorter passwords with fancy characters. At the same time, sure, all else being equal, more characters is better than fewer. If you’ve got a long, memorable password that isn’t just a riff on a dictionary word (one dictionary word is pretty easy, but multiple dictionary words that aren’t a sentence gets very hard quickly), then the use of special characters is a plus.
1 Like
I’ve actually been to NIST because my company was collaborating with them on a project, and when we were sitting down in an auditorium for a presentation, we couldn’t help but notice the unnecessarily bright blue digital clock (in stark contrast from the usual red digital clock of middling intensity seen in most places) on the wall behind the speaker’s podium. One of my coworkers quipped, “Hey, you think that clock is accurate?” I don’t think any of us were willing bet on our cell phones over that clock, even with the uncertainty about whether it was actually connected to anything central.
Trying to find an app that will send me a text when they’re on a call over a certain amount of time, and show me their call log. Anyone know of anything?
I grew up next to NIST and went to a lot of science classes for kids they did on the weekends. I still remember their clock display in the lobby that was tied into their official cesium clock. I’d sync my watch to it every Saturday. I think you made a good bet.
1 Like
dude NIST has been a fucking disaster for cybersecurity this year, don’t even get me started
https://bsky.app/profile/brendelbored.bsky.social/post/3k4wn4ar47j2g
idk does bluesky embedding work?
3 Likes
Some profiles set themselves to private so they aren’t visible to logged out users; skeets from those users won’t embed. If you click the share button on bsky (on mobile, not sure about web) it will warn you if that’s the case:
1 Like
Had a post-doc with NIST ages ago, those guys know their shit, really impressive agency.
NIST 800 is great.
Want it? Here’s a 500 page PDF to shove up your ass.
FU FU FU
So after ~100 hours of work from Friday night through this Thursday afternoon, I think I have them as safe as it was possible to accomplish in a week. Probably another 40 hours of work to do in the next 2 weeks from across the country, but I think it will be doable. Computer should be locked down almost completely and they don’t currently know their logins to the major stuff, got them new phones and new numbers and new emails. Set my mom’s phone to screen anything outside the address book, and my Dad’s to the highest level of screening below that.
Drilled it into my father that if anyone tells him not to call me, they’re scamming and he should immediately call me.
Been so overwhelmed with handling this and so sleep deprived that I haven’t even begun to process it. I went to the smoke shop with the Bitcoin ATM to take pictures and it was just sickening to think of how confused he must have been and how badly they violated every aspect of his life. Also pretty tough to hear all the details as I played the role of detective asking him a million questions for the FBI IC3 report. He was warned by no fewer than 3 bank employees across two locations, and the Bitcoin ATM itself, although the Bitcoin ATM disclaimer is almost designed to look unofficial and fake.
I still can’t believe he fell for that.
7 Likes
hahahah yeah but I’m specifically upset about the bullshit that went on (and is still to a degree going on) with NVD, just abysmal fumbling
Man this just sucks, I got no advice but I feel for you here.
1 Like
This is the part that would bother me. Well all of it would bother me. But my parents falling for this, which I worry about constantly, after all of the anti-scam drilling I’ve done to their heads for years, would suck so much. My dad still insists on answering his phone every time it rings, regardless of if he recognizes the number or not. Literally no good can come from that, but he still does it. It frustrates the hell out of me.
The fact that your dad was warned multiple times and still fell for it is indicative of just how good these scammers are, and/or how vulnerable boomers are. Not sure how you went to the smoke shop and didn’t want to murder the owner there. Just insane that this is even a thing.
2 Likes
Yeah my Dad is the same way. He tells us he never answers, but I’ve never seen him reject a call from an unknown number.
I don’t know if it’s how good the scammers are. I mean, they’re very good at psychological manipulation. Technologically, meh, and there were so many red flags. I think they just managed, early on by random variance, and later by skillful manipulation, to push all his buttons.
When he can’t fix something that isn’t working, he gets frustrated and he tilts hard. He has too much pride/ego and probably didn’t want to ask anyone else for help. So he called the tech support number.
He has too much respect for authority and isn’t one who questions it. So when they condescended to him when he asked questions of the “fraud department” he fell for it.
And he’s fearful. Fearful of caravans of immigrants, of cat-eating Haitians, and of losing his money.
Last but not least, he’s got a temper but it’s always about blowing off steam not about taking action. So when they absorbed it and yelled back, he followed the directions of the “authority” figure.
I had him prepared for this kind of stuff in terms of knowledge, but I never thought to prepare him to be on raging tilt and have to hang up on an authority figure.
I don’t know if they saw me taking pictures of their outside cameras and/or recognized my Dad, but any employees stayed in back when we came through. I probably would have lost my temper if it was the person he had described.
2 Likes