Are you building features for phishers?
bradleyjkemp.devNever click the link in an email to access your account, never trust a caller who calls you first, you call them.
And don't use the number from the email.
I do this and have been teaching my family too. Recently, my daughter got her Roblox merchandise emptied after she clicked a link from Discord. I looked and rough math put at close to $1000 worth of Robux (when converted if I have to buy the Robux). This happened after she figured out to turn off all ad-blockers, NextDNS, from the client side. Now, I have migrated the VPN-ish-DNS at the Profile Config level and have told here that the blockers in the browsers are for her safety. She cried the whole day, until I agreed and bought her few Robux to go on.
Phone calls and text messages are the ones I have no control whatsoever, so I try to avoid them at all cost, not just for security but they are irritating most of the times. I stopped voice few years back - https://no.phone.wtf
I worry technology is so easy today's kids are less tech-savvy than their parents, which is a terrifying concept to me.
Today's technology isn't easier: it's just more restricted. The things you can do are pre-programmed and individually specified, rather than emergent from the design of the system, which means there's much less common logic to it.
I think the parent is conflating easiness with lack of complexity. Lack of complexity does make doing things less confusing if you have less options to choose from
Really. This worries me as well
We are seeing young people that can't work around Word/Excel (sure, or their cloud equivalent) to do basic tasks like creating a table or basic formatting
When I was in high school we traded files amongst ourselves using burned CDs and flash drives. My nieces and nephews don't understand what a file format is.
Thank goodness Microsoft hides file extensions by default. We wouldn't want these children learning!
Major /s
I think it's about the same amount of kids are tech savvy now as when I was a kid. Which is also scary, of course, but I don't think it's really less. It's just that non savvy kids are still immersed in tech; when I was growing up, kids could get through k-12 only touching a computer twice a year, if that's what worked for them/their families.
I don't worry much. I'd prefer if they knew more, but somehow kids were always able to learn the sciences or engineering. Just because they don't learn on their own, it doesn't mean they'll never know it.
Did she need to do anything after clicking the link in Discord or was the exploit completely automated?
My kids have just started to get in to Roblox, not bought anything yet but I expect it'll happen soon enough.
From her story, she clicked a link that starts with `wrww-roblox.com` and seems nothing happened. She went about her day, slept, and found out that her account was empty when she wakes up.
The person might have been following her around for a while and some of her rare merchandizes had started attracting unwanted attention. She says she had been playing with the person for a while, and she missed the link that was NOT Roblox.
Why did she want the ad blockers off?
Probably because some things do not work with them.
> Never click the link in an email to access your account
Now that you mention it, I noticed that I do this routinely. How do I handle "reset password" situation? I don't remember if the services I have used offer other means of going to the password reset link.
Defense in depth is a worthy goal though
You'll never get 100% of people remembering that advice 100% of the time. So how do you mitigate the situation when they forget?
You could add to your company emails "we will never call you about this email, if someone is calling you about it you may be being targeted by criminals"
Unfortunately people cognitively decline to the point they can't apply these rules.
You get people calling with "your son is in jail and you must buy these gift cards at Target" and it works some of the time.
Good sentiment but so so tricky to get the wording right. You've got to write a sentence so perfect the fraudster can't pervert it or persuade the victim to ignore it.
For your example, the fraudster could say "yes, your account is being targeted by criminals, that's why I'm calling you". The warning inadvertently backs up their story
It feels like a bit of a stretch "so you are calling me to tell me about criminals after you said you would never call me because that's what criminals do?"
If their intelligence is that low at that point the criminals can skip all these hoops and directly ask them for their credit card numbers saying they are from the bank and they need to verify them.
Low intelligence? That's your only theory?
Mate, I've met lawyers who sent millions to Nigeria. They're not low intelligence. They're very smart people.
Who were very desperate and clung to a highly irrational hope because they really needed one. Also, they often believed that it couldn't be a scam, because they were intelligent, and only dumb people get scammed. Quod Erat Demostrandum...
Now, were they low wisdom? Definitely.
The old joke that "intelligence is knowing that a tomato is a fruit, wisdom is not putting it in a fruit salad", is still very true.
Plenty of intelligent people do very dumb things all the time. Nexium, Scientology, a guru's cult who may or may not commit biological attacks at local salad bars. All have intelligent people involved.
After all, they couldn't have cultured their salmonella if they didn't.
Depending on how you read the sentence, it may mean that they will not call you about that specific email, but they will call you if you're being targeted by criminals. So the caller says "I'm not calling you about a specific email that you're received, but because your account is being targeted by criminals".
It's not about having low intelligence. It's about being caught off guard. Not everyone is in a big city and have constant contact with fraudsters. Some people are in small towns where they trust everyone and when they receive a call from the supermarket or some other place they usually just trust them too. So, they are not attempting to find all the flaws in their reasoning, they may just think that the wording was a bit off, but an understandable mistake and continue the conversation.
> Not everyone is in a big city and have constant contact with fraudsters. Some people are in small towns where they trust everyone and when they receive a call from the supermarket or some other place they usually just trust them too.
Yeah, I grew up in a small town. Guess what? We didn't trust anyone we didn't already know and trust. Strangers are danger until they prove otherwise. That goes triple on the Internet.