Last year I was "sex-torted" on Facebook but not by a ring of French criminals. Instead, it was by someone I had chatted with on the internet years ago (while we were both still teenagers)
She had recently gotten divorced and contacted me after many years away. We spoke about intimate things (I never shared intimate images, though she did) and were getting closer and closer to each other.
She eventually asked me for money to cover an expense for her daughter, but I didn't send it fearing I was being scammed. In exchange, she took screengrabs of the most intimate parts of our conversations and shared them to all of my professional contacts via LinkedIn as well as friends , colleagues and family on Facebook.
The experience haunts me to this day, I discussed consensual kinky stuff with her and she used this to paint me as a freak and deviant. The only people who understood it were those who had been in a similar situation or those who were in the "lifestyle" as well. Strangely, most of the support I received after the fact were women who have been similarly extorted. Men in my entourage just whispered and snickered.
To this day, I still feel shame in certain circles because of what is unsaid. The police have done absolutely nothing even in the face of evidence (reports filed with local police and FBI) but it's simply not a priority. Facebook won't even pull the posts because no intimate images were actually shared and it doesn't technically violate their "guidelines"
Net result: I've deleted my social profiles. Every last one of them (and feel better as a result). However, the damage is done and I'm totally still feeling PTSD as a result of the ordeal.
I consider myself very tech savvy (engineer, infosec background, on the internet since the early 90's) and able to smell a scam. However, it's really really easy to fall victim to something like this. Be careful.
Throwaway to share a valuable perspective. My dad is a chronic target for scammers, and falls for them at a rate where I can only think it intentional on some level. He'll allow fake MSPs to install programs as root, on the same machine he does banking and legal on. He'll call numbers when strange javascript alerts tell him he has a virus. He'll then pay people to "remove" said malware, giving them full access to the machine via teamviewer etc.
I've managed to limit his internet usage to an iPad and a chromebook - but as mentioned above that does little good. He is extremely proud and talking to him is useless. A good chunk of these events come while browsing porn, which he refuses to admit. I feel hopeless and am in the process of separating any financial connections with my mother for fear I'll become a victim. My mother has been saving cash for years to insulate herself (my dad also refuses to write a will - but thats another problem entirely).
I know a major event is coming soon. While I'm fairly certain his porn usage is tame, all it would take is a fake $THAT_ACTRESS_WAS_ACTUALLY_17_WE_WILL_REPORT_TO_FBI email and he could probably be extorted for everything he has. I don't know what to do honestly. This is a real threat to millions of Americans and it seems there is no solution.
Where I work spear-phishing is a real concern, so they have instituted a training program where they send fake phishing emails every now and then. If you fall for it, you are directed to a training page. If you spot it and click the "report" button, you are greeted with a message congratulating you for being on the ball.
Perhaps some training is in order. You may not have the means to simulate a scam from his favorite "adult" website, but perhaps you could do something with a throwaway email account, or maybe simulate collateral damage from a successful scam.
And yes, you need to insulate your respective financial lives from that risk ASAP
Have you considered running OpenWRT / LEDE or a pi-hole (https://pi-hole.net/) to block adverts / known websites where such scams occur at a network level?
(There are publicly available lists of known botnet / scam IP's)
Scammers know the older generation is ripe for exploitation. One of my older relatives, who I'll call Bill, has had a few hacking incidences. Most recently they had their email compromised. The perpetrator must have dug through it quickly because hours later they called up Bill's financial advisor and requested 90k be transferred from his 401k. The financial advisor later told Bill that the reason he didn't do the transfer was because he realized that the voice calling him wasn't Bill's.
This might sound weird, but what about buying him a premium porn account? Maybe don't even tell him about it, let him find it. Ideally one with an app, a good reputation and clean (infosec-wise) content. It would be like a $30/mo insurance policy on your dad's assets!
> my dad also refuses to write a will - but thats another problem entirely
Another problem, yes - but a huge one all the same. Does your mother have a will?
I went thru this with my parents; my dad had a will but my mom did not. My dad passed away; no biggie. But my mom never probated his will. I didn't find this out until after she passed away - without a will.
I ended up spending quite a bit of money with a lawyer, plus more than a few trips between where I live and where my parents lived (thankfully only a few hundred miles away - but still far enough to be annoying), plus gathering documents, and a whole host of other issues.
It was not fun. The only thing that saved my butt was the fact that before my mom passed, I was able to get power of attorney (as well as medical POA), because she ultimately slipped into dementia (my wife and I caught it in the nick of time, while my mother was still coherent enough). Without that, accounts would have been frozen preventing me from taking care of my mother before she passed, and later the estate, afterward (though I had to go thru a short process to be appointed as executor).
But without a will, and my dad's will not probated, things went slowly. There were fortunately no real major assets involved (a house and a couple of old cars were the only things), plus I was an "only child" - but I still had to go thru the process of no one contesting my dad's will (I did worry that something might come up from his past or from his family), or contesting me as sole heir.
Ultimately it worked out - but it could have turned into more of a logistical nightmare than the merely annoying situation it only turned out to be.
So - I implore you to try to fix this, especially if other family or large assets are involved. If not, and you don't care about things otherwise, you might talk with a lawyer about other options. I am not sure if this is possible, but it might be possible to "reverse disown" your immediate family (mother/father). It would be a very harsh thing to do, but it may be the only thing that keeps you from being dragged down into a potential economic morass.
How about you print and show him some horror stories of confessions from people who've been scammed or extorted online, There might even exist whole books with this stuff on Amazon. If he doesn't trust your opinion (sounds like exactly my dad) he might trust someone more authoritative. Even FBI could have stories like that.
I wonder if a router-based solution to limiting his traffic would work. DD-WRT or something else with an online solution for dynamic limiting of sites might help.
I'd start looking for an attorney who's familiar with elder abuse situations and can tell you about your options. If you can gather the right evidence, something can be done.
1. I got told many years ago, that when you get that crazily bad emails, where it claims to be from some official source, but there are spelling mistakes, the return email address is obviously wrong, grammer is terrible, etc. the sort where it is so completely obviously it is a scam - often this is done on purpose, they aren't intereseting >99% of people who can spot a scam, they are interested in the <1% who can't spot it is obviously a problem. Basically they cast a wide net, but when the haul it in, only the whales are found within. At that point, they can use a large amount of resource, per victim, as they know they have a reasonable chance of success.
2. Separately to the above, a reasonable amount of men (perhaps women to? I don't know, I feel like it is more men) will happily look at girls, whether this in a Playboy Magazine in the 50's, looking at girls as the enter a bar in the 90's or whether it is flicking through images of a girl on Facebook/Instagram in the 21st century. Some of these men actually know it is a scam, but don't really care, at the end of the day it's a picture of an attractive girl/woman, they so they look through. Maybe they even add that profile as a friend, as they don't mind having the pictures appearing naturally in their news feed. I don't know whether many (any?) of this group of people end up getting scammed. Perhaps somehow overtime, they get convinced the account isn't fake, or perhaps they still think it is fake but agree to go onto a video chat and then are convinced on there, or perhaps they are trying to catch the scammer out, but end up being caught out themselves.
The danger, or maybe just annoyance, with #2 (with only accepting friend requests without intent to do more) is that they then use the friend connection to further advertise to your friends. I accepted one once - wasn't paying attention to mutual friend count or something - and was immediately spammed on my wall with some site ad and then they deleted their account. So some, rather than the slow scam game, are just playing the spam game.
Another danger is that with the extended access to your profile, they could get enough content to clone you convincingly, and then you get the scam where all your friends receive a duplicate friend request from "you", and the new profile tries to sell them on some scam.
This is ”pre AI world”. Once scammers catch up with tech, things will change. When they learn to automate the scamming they can also afford to target people with low probability of falling into scam. This will lead to scam that is harder to detect and where the amounts are smaller (instead of going for the big fish, you can build on volume).
The opportunities are endless. Just think for example the latest developments on speech synthesis (voice transfer). Improvements in CGI will allow creating believable fake videos. Mobile phones with fancy camera tech will allow 3d scans of people faces.
The second group, whilst they might not be getting scammed themselves, they help social proof that account to other people. Now someone else will be more likely to add the fake account if they see it is friends with other people, even someone you know in real life.
Regarding #1, I have heard this theory a couple times from different sources, but I have some skepticism about how true it is. It's entirely possible that bad grammar, poorly constructed stories and other tells that should be obvious just happened to work out in the scammers' favor, rather than them being intentionally designed that way.
I think the saddest part of this is that they prey on people. Many of the peeps here on HN can look at a profile and say "spam," so it's hard to imagine the people who can't. The 1% return from SPAM that click on those links, or put in their credit card details.
There was a ReplyAll podcast episode where one of the reporters actually tracks down a shop in India; even goes there and talks to people who've worked at a "tech support" places which charges $400 to remove fake viruses they've implanted.
I think this is even more insidious because they're preying on people who may be extremely lonely or desperate. When you really think about that, it's really sad. It's either psychopathic or they justify it to themselves in some horrible way like, "These people are losers anyway," or "If we say the girls are underage, then we're only going after sexual predators." .. The same crazy logic used by the Ashley Madison leakers.
I find it unbelievable that Facebook doesn't have the fake profile situation under control. Facebook builds an incredibly detailed social graph of every user (and non-user) with a big trail of activity, on and off Facebook.
Surely there are signs; surely there are common characteristics, and if this journalist can write such a detailed exposé with only public data, Facebook can do much better.
"One of them said that she made 10,000 euros ($14,800 CDN) in a single month by “sharing links on Facebook.” She also claimed that the network was based in France, Spain and Italy. Both women abruptly ended all communication with us after initially agreeing to an interview."
I'd rather suspect those are false confessions and more an attempt to attract new members in this scheme network who hope to make huge amount of money.
Worth reading despite many from HN likely knowing this existed already.
What I find interesting is that to me and I assumed a lot of people, fake profiles are very obvious and as such I assumed there were, relatively, easy techniques to deal with them.
After working on some twitter marketing campaigns over the years and witnessing the swarming bot networks do their thing I have concluded that they are not dealt with whole heartedly on purpose.
Lately I have been getting contacted by random 'women' on gtalk who 'just want to be friends'. I usually just block them but last week I decided to play along.
Long story short: they wanted me to cam with them and to see my picture. I sent them a link to non-existent page on my domain and logged their IP.
I confronted them with their IP and the fact that they were in Nigeria and not south Carolina. The account was immediately deleted.
I had one contacting me on my Playstation messager account. I didn't even know that was a thing to be honest.... Same story about cam.... "She" wanted to go on cam with me.... sounded more like a bot. I didn't follow through so I don't know what was the final plan.
I deleted my facebook app since half of the posts in my feed were fake anyway. Facebook disguises ads as friend's share and likes, even when it is obvious that a particular friend would never like a corporate page. They even pushed the bad taste by making my deceased father (who's account we didn't think to delete) like things after he passed. So if you add fake profiles to that...
As a note, I hadn't received an email from facebook since pretty much I registered many years ago. Since I deleted the app a few weeks ago, facebook started spamming my email with notifications. And they use this trick that is really a new low, they create a thousand different kinds of mailing list so that every time you unsubscribe from one, you still receive new spam because it's "another" mailing list.
Even worse, Facebook seems to allow people to open an account using someone else's email address. I've never had a FB account yet occasionally I get emails from 'facebookmail.com' addressing me by a woman's name (I'm a man) and pestering me with friend suggestions of people I've never heard of. My email has never been compromised, yet Facebook spams it with the assumption I'm part of their network. I will never join their pile of shit spam den, and have never clicked on anything in the emails they send.
This is why Facebook's new Non Consensual Image Program seems like a really bad idea.
The technical implementation is fine, seems reasonable, only concern is that a human has to screen every image.
The real problem is that internet users have learned "Anything you upload to the internet is as good as public." Facebook is trying to teach people a new precedent: "Images uploaded to facebook in the right way will REMOVE images from the public".
People are going to fail to read the fine print, and thousands will be phished for nudes through facebook with similar schemes.
The 2010 documentary catfish, and subsequent mtv series, offers an interesting look behind the curtain at the type of people who create fake facebook profiles. It covers a wide variety of reasons for creating them spanning from people who suffer from low self-esteem and confidence issues to not being able to reveal that they are homo-sexual out of fear of their friends and family finding out, just out of pure malice or even in one case creating a fake account story to get the show to pay for flights so they could finally meet face to face. Its crazy some of the lengths people go to keep up the charade and how much evidence certain people will ignore to keep the idea that the person is real alive.
You should be aware that this is a very questionable documentary and the makers of the documentary who are now the presenters of the TV show have been credibly accused of faking footage and exploiting the subject.
> Some journalists and film critics have cast doubt on the filmmakers motivations. Kyle Buchanan of MovieLine questions why the filmmakers would begin obsessively documenting Nev's online relationship so early on, and argues that it is highly improbable that media-savvy professionals like the Schulmans and Joost would not use the Internet to research Megan and her family before meeting them. Buchanan and others have suggested that the filmmakers likely discovered the fabrications in Wesselman-Pierce's story earlier than is presented in the film and pretended to be fooled only so that they could exploit her story for the documentary. https://en.wikipedia.org/wiki/Catfish_(film)#Authenticity
All of the problems with fake profiles are fixable if we just use the social graph. It drives me nuts that this a problem. I have a solution, which i'll share here. I'm sharing it because i hope SOMEONE can build this or share it with someone at a high level at FB or twitter.
I have a mortgage in silicon valley and a young child, so i'm not in a position to take the time and risk to do this. But i really desperately want to see it in the world.
All we have to do is use the social graph to verify each other, and follow 'verified' edges to determine trust in a third party. People can just tell fb or twitter 'yes i know this account', and that's all we really need.
If I can't follow any 'yes i know this person edges' to a remote account, don't let me interact with that account. Shadowban them. It's THAT simple. This technique stops bots and it stops trolling by fake remote accounts.
If someone claims "i know all these fake accounts", then we ban that person, for creating all the fake accounts. Fake accounts are easily identified after the fact; when no real person pays any price, they'll keep getting created.
Yes it has the downside of temporarily slowing adoption. That's the main reason imagine twitter and FB haven't done this. They think us being harassed is less important than onboarding new people.
I don’t see this working. Too many people on Facebook accept friend requests from unknown people already for it to work. I guess you could have some kind of “have you actually met this person in real life” test, but that’s an annoying friction, and people seem to enjoy inflating “friends” regardless.
Out-of-band verifications are kinda cumbersome in real life. Let’s say a profile claiming to be your college friend, or a coworker from three jobs ago sends you a friend request on Facebook - will you really go out of your way to email/call/visit them to verify the account is theirs and not an impostor’s?
Facebook recently started sending me notifications that somebody unknown was trying to log into my account, that they'd temporarily blocked it, and later re-enabled it. The emails actually come from Facebook, the problem is that the email address they're contacting me on is one I've never used for Facebook. The email contains a link to log into Facebook to "fix" the situation, but I obviously can't log in. The other link in the email is to unsubscribe from their notifications, but not from Facebook. There is absolutely no way for me to say "yes, this is my email address, and no, it should not be tied to Facebook in any way". There is also no way for me to check what Facebook account is supposedly attached to this email. This feels incredibly underhanded, it's either "join Facebook, or risk having somebody steal an account you never created". So back to the point of the article, Facebook is at the very least passively encouraging this fake profile stuff, and the cynic in me thinks it might not be that passive...
Doesn't this mean that someone at one time had access to your Email account at one time, in order to register a Facebook account with it? I would ask myself how much of my email history might have been compromised.
I find it amusing and sad at the same time when I get targeted with these sorts of things. Amusing because they seem so obviously 'honey traps' of one form or another, and sad because I'm sure there are many people that fall for them (this article just confirms that suspicion).
I had hoped they would have done a bit of work to track the money flow in these scams. Clearly there is an opportunity here to disrupt that cash flow since most use electronic payment providers with at least some level of tracking. I want the electronic equivalent of 'marked bills' which have mandatory reporting requirements at all financial institutions that process them.
I'm glad others are digging into this. It's a fairly common problem. I had to deal with my with my deceased friend's account being hijacked by a 'bait' account a few months ago. Facebook seemed fairly indifferent to the issue.
1. Sextortion scam for personal gain
Back in 2002 i was using MSN Messenger as a teenager, being like 17yo and full of testosterone, I accepted any girl wanting to share intimate details with me. There was one local girl, chatting with me for 2 years, but always had excused for not opening her cam. I was sharing intimate details while being on cam, but finally stopped, as she never wanted to meet me, despite living 20km away. She always had excuses.
Two years later, I was dipping again into script kiddie stuff and trying out some trojan generators, combining it with an exe cryptor to make it undetectable for the early anti-virus tools. I contacted that girl again, and told her I had some new videos of my holidays. Sent it to her (holiday-in-france.avi.exe) and two mins later I was on "her" PC.
Turns out it's a local guy, 5 years older than me, having like 100 folders named after local boys, where he kept videos, screen grabs and photos neatly organized. Most of them underage.
Fortunately I found a word document with his resumee, even with a photo of him.
I reported that guy to the feds the same day.
--
2. Sextortion with the wrong guy
Years later I migrated to an asian country. I now speak the local language and have a second Facebook and Skype profile that I only use for local contacts here, that I barely know and who are not family, friends or business contacts.
Every now and then some fake russian/eastern european girls try to add me on Skype or Facebook randomly. This time those girls are real, they even start a real webcam conversation.
But this time I'm prepared, being interested in infosec and online since the early 90ies and prepared because I was scammed before (see story 1.).
Those girls quickly start skype video calls, where they try to scam guys. Me, knowing this scam for years, had a laugh and continued the video chat, also sharing intimate details with them, and who says no to watch a beautiful girl undress herself and sharing her sexual preferences?
After usually 20-30 minutes of showing off on the camera, asking my sexual preferences and begging to add me on Facebook, they will change the tone of the conversion and try to blackmail me. Since I knew the scam, I was laughing and telling them, that my whole online presence is fake and all the profiles they have from me are filled with fake friends. They swore at me and immediately blocked me on Skype and Facebook.
The article explores sextortion, but doesn't ponder too deeply whats going on the with sharing images of disabled people etc. Perhaps people who respond sympathetically are also easy marks for sob story and pleading for money?
Sex has a strong emotional component. People who are "sexually needy" are often really emotionally needy and emotionally unhealthy. They are attracted to things with a strong emotional component, but low commitment. Liking pics of people who have cancer or whatever fits those criteria. The people gushing at pathetic photos of that sort are (probably) more likely than others to also be vulnerable to sextortion.
I am handicapped and had a lengthy medical crisis. Lots of people wanted me to be their big feels hit for the day while not actually giving a flying fuck about my welfare. Trying to get people to invest two nanoseconds in actually being helpful instead of merely using me as some emotional drug was a huge uphill battle.
A good filter for who to not waste my time on is folks who seek me out because I have a disability (or other sob story) and they have such big feels about it. These are always leeches who cannot respect me as a person and will only ever talk to me to meet their emotional needs. It's really sick stuff.
Sometimes when I warn my friends and family about oversharing online, and the "dangers of social media" (on-the-internet-nobody-knows-you're-a-dog 1993 cartoon) they think I'm paranoid.
This is a very good case study for all social media users to understand.
[+] [-] throwawayfish|8 years ago|reply
Last year I was "sex-torted" on Facebook but not by a ring of French criminals. Instead, it was by someone I had chatted with on the internet years ago (while we were both still teenagers)
She had recently gotten divorced and contacted me after many years away. We spoke about intimate things (I never shared intimate images, though she did) and were getting closer and closer to each other.
She eventually asked me for money to cover an expense for her daughter, but I didn't send it fearing I was being scammed. In exchange, she took screengrabs of the most intimate parts of our conversations and shared them to all of my professional contacts via LinkedIn as well as friends , colleagues and family on Facebook.
The experience haunts me to this day, I discussed consensual kinky stuff with her and she used this to paint me as a freak and deviant. The only people who understood it were those who had been in a similar situation or those who were in the "lifestyle" as well. Strangely, most of the support I received after the fact were women who have been similarly extorted. Men in my entourage just whispered and snickered.
To this day, I still feel shame in certain circles because of what is unsaid. The police have done absolutely nothing even in the face of evidence (reports filed with local police and FBI) but it's simply not a priority. Facebook won't even pull the posts because no intimate images were actually shared and it doesn't technically violate their "guidelines"
Net result: I've deleted my social profiles. Every last one of them (and feel better as a result). However, the damage is done and I'm totally still feeling PTSD as a result of the ordeal.
I consider myself very tech savvy (engineer, infosec background, on the internet since the early 90's) and able to smell a scam. However, it's really really easy to fall victim to something like this. Be careful.
[+] [-] tmpz22|8 years ago|reply
I've managed to limit his internet usage to an iPad and a chromebook - but as mentioned above that does little good. He is extremely proud and talking to him is useless. A good chunk of these events come while browsing porn, which he refuses to admit. I feel hopeless and am in the process of separating any financial connections with my mother for fear I'll become a victim. My mother has been saving cash for years to insulate herself (my dad also refuses to write a will - but thats another problem entirely).
I know a major event is coming soon. While I'm fairly certain his porn usage is tame, all it would take is a fake $THAT_ACTRESS_WAS_ACTUALLY_17_WE_WILL_REPORT_TO_FBI email and he could probably be extorted for everything he has. I don't know what to do honestly. This is a real threat to millions of Americans and it seems there is no solution.
[+] [-] metalliqaz|8 years ago|reply
Perhaps some training is in order. You may not have the means to simulate a scam from his favorite "adult" website, but perhaps you could do something with a throwaway email account, or maybe simulate collateral damage from a successful scam.
And yes, you need to insulate your respective financial lives from that risk ASAP
[+] [-] trifidpaw|8 years ago|reply
(There are publicly available lists of known botnet / scam IP's)
[+] [-] patorjk|8 years ago|reply
[+] [-] javajosh|8 years ago|reply
[+] [-] cr0sh|8 years ago|reply
Another problem, yes - but a huge one all the same. Does your mother have a will?
I went thru this with my parents; my dad had a will but my mom did not. My dad passed away; no biggie. But my mom never probated his will. I didn't find this out until after she passed away - without a will.
I ended up spending quite a bit of money with a lawyer, plus more than a few trips between where I live and where my parents lived (thankfully only a few hundred miles away - but still far enough to be annoying), plus gathering documents, and a whole host of other issues.
It was not fun. The only thing that saved my butt was the fact that before my mom passed, I was able to get power of attorney (as well as medical POA), because she ultimately slipped into dementia (my wife and I caught it in the nick of time, while my mother was still coherent enough). Without that, accounts would have been frozen preventing me from taking care of my mother before she passed, and later the estate, afterward (though I had to go thru a short process to be appointed as executor).
But without a will, and my dad's will not probated, things went slowly. There were fortunately no real major assets involved (a house and a couple of old cars were the only things), plus I was an "only child" - but I still had to go thru the process of no one contesting my dad's will (I did worry that something might come up from his past or from his family), or contesting me as sole heir.
Ultimately it worked out - but it could have turned into more of a logistical nightmare than the merely annoying situation it only turned out to be.
So - I implore you to try to fix this, especially if other family or large assets are involved. If not, and you don't care about things otherwise, you might talk with a lawyer about other options. I am not sure if this is possible, but it might be possible to "reverse disown" your immediate family (mother/father). It would be a very harsh thing to do, but it may be the only thing that keeps you from being dragged down into a potential economic morass.
[+] [-] elorant|8 years ago|reply
[+] [-] Ibethewalrus|8 years ago|reply
Made me think about this stephen king short story: https://en.wikipedia.org/wiki/Quitters,_Inc.
[+] [-] abawany|8 years ago|reply
[+] [-] everybodyknows|8 years ago|reply
[+] [-] pjc50|8 years ago|reply
> extremely proud and talking to him is useless
This is terrible, and I can't think how I'd cope with it :(
[+] [-] jjtheblunt|8 years ago|reply
[+] [-] scraft|8 years ago|reply
2. Separately to the above, a reasonable amount of men (perhaps women to? I don't know, I feel like it is more men) will happily look at girls, whether this in a Playboy Magazine in the 50's, looking at girls as the enter a bar in the 90's or whether it is flicking through images of a girl on Facebook/Instagram in the 21st century. Some of these men actually know it is a scam, but don't really care, at the end of the day it's a picture of an attractive girl/woman, they so they look through. Maybe they even add that profile as a friend, as they don't mind having the pictures appearing naturally in their news feed. I don't know whether many (any?) of this group of people end up getting scammed. Perhaps somehow overtime, they get convinced the account isn't fake, or perhaps they still think it is fake but agree to go onto a video chat and then are convinced on there, or perhaps they are trying to catch the scammer out, but end up being caught out themselves.
[+] [-] astura|8 years ago|reply
[+] [-] manifestsilence|8 years ago|reply
Another danger is that with the extended access to your profile, they could get enough content to clone you convincingly, and then you get the scam where all your friends receive a duplicate friend request from "you", and the new profile tries to sell them on some scam.
[+] [-] jpalomaki|8 years ago|reply
The opportunities are endless. Just think for example the latest developments on speech synthesis (voice transfer). Improvements in CGI will allow creating believable fake videos. Mobile phones with fancy camera tech will allow 3d scans of people faces.
[+] [-] dalore|8 years ago|reply
[+] [-] bootlooped|8 years ago|reply
[+] [-] djsumdog|8 years ago|reply
There was a ReplyAll podcast episode where one of the reporters actually tracks down a shop in India; even goes there and talks to people who've worked at a "tech support" places which charges $400 to remove fake viruses they've implanted.
I think this is even more insidious because they're preying on people who may be extremely lonely or desperate. When you really think about that, it's really sad. It's either psychopathic or they justify it to themselves in some horrible way like, "These people are losers anyway," or "If we say the girls are underage, then we're only going after sexual predators." .. The same crazy logic used by the Ashley Madison leakers.
[+] [-] dannyw|8 years ago|reply
Surely there are signs; surely there are common characteristics, and if this journalist can write such a detailed exposé with only public data, Facebook can do much better.
[+] [-] alexandre_m|8 years ago|reply
I'd rather suspect those are false confessions and more an attempt to attract new members in this scheme network who hope to make huge amount of money.
[+] [-] have_faith|8 years ago|reply
What I find interesting is that to me and I assumed a lot of people, fake profiles are very obvious and as such I assumed there were, relatively, easy techniques to deal with them.
After working on some twitter marketing campaigns over the years and witnessing the swarming bot networks do their thing I have concluded that they are not dealt with whole heartedly on purpose.
[+] [-] mkoryak|8 years ago|reply
Long story short: they wanted me to cam with them and to see my picture. I sent them a link to non-existent page on my domain and logged their IP. I confronted them with their IP and the fact that they were in Nigeria and not south Carolina. The account was immediately deleted.
[+] [-] dudus|8 years ago|reply
[+] [-] mkoryak|8 years ago|reply
[+] [-] cm2187|8 years ago|reply
[+] [-] cm2187|8 years ago|reply
As a note, I hadn't received an email from facebook since pretty much I registered many years ago. Since I deleted the app a few weeks ago, facebook started spamming my email with notifications. And they use this trick that is really a new low, they create a thousand different kinds of mailing list so that every time you unsubscribe from one, you still receive new spam because it's "another" mailing list.
[+] [-] exodust|8 years ago|reply
[+] [-] cwkoss|8 years ago|reply
The technical implementation is fine, seems reasonable, only concern is that a human has to screen every image.
The real problem is that internet users have learned "Anything you upload to the internet is as good as public." Facebook is trying to teach people a new precedent: "Images uploaded to facebook in the right way will REMOVE images from the public".
People are going to fail to read the fine print, and thousands will be phished for nudes through facebook with similar schemes.
[+] [-] irishbro|8 years ago|reply
[+] [-] underwoodley|8 years ago|reply
> Some journalists and film critics have cast doubt on the filmmakers motivations. Kyle Buchanan of MovieLine questions why the filmmakers would begin obsessively documenting Nev's online relationship so early on, and argues that it is highly improbable that media-savvy professionals like the Schulmans and Joost would not use the Internet to research Megan and her family before meeting them. Buchanan and others have suggested that the filmmakers likely discovered the fabrications in Wesselman-Pierce's story earlier than is presented in the film and pretended to be fooled only so that they could exploit her story for the documentary. https://en.wikipedia.org/wiki/Catfish_(film)#Authenticity
[+] [-] srtjstjsj|8 years ago|reply
[+] [-] Harvey-Specter|8 years ago|reply
That's brilliant. I couldn't find anything about this episode on google, but I'm interested to know how the hosts reacted to that.
[+] [-] MarkPNeyer|8 years ago|reply
I have a mortgage in silicon valley and a young child, so i'm not in a position to take the time and risk to do this. But i really desperately want to see it in the world.
All we have to do is use the social graph to verify each other, and follow 'verified' edges to determine trust in a third party. People can just tell fb or twitter 'yes i know this account', and that's all we really need.
If I can't follow any 'yes i know this person edges' to a remote account, don't let me interact with that account. Shadowban them. It's THAT simple. This technique stops bots and it stops trolling by fake remote accounts.
If someone claims "i know all these fake accounts", then we ban that person, for creating all the fake accounts. Fake accounts are easily identified after the fact; when no real person pays any price, they'll keep getting created.
Yes it has the downside of temporarily slowing adoption. That's the main reason imagine twitter and FB haven't done this. They think us being harassed is less important than onboarding new people.
https://s3.neyer.me/respect-matrix-slides.pdf
[+] [-] wepple|8 years ago|reply
[+] [-] prostoalex|8 years ago|reply
[+] [-] unknown|8 years ago|reply
[deleted]
[+] [-] grownseed|8 years ago|reply
[+] [-] everybodyknows|8 years ago|reply
[+] [-] cwkoss|8 years ago|reply
[+] [-] ChuckMcM|8 years ago|reply
I had hoped they would have done a bit of work to track the money flow in these scams. Clearly there is an opportunity here to disrupt that cash flow since most use electronic payment providers with at least some level of tracking. I want the electronic equivalent of 'marked bills' which have mandatory reporting requirements at all financial institutions that process them.
[+] [-] rvkn|8 years ago|reply
Wrote about the process here: https://medium.com/@vonkunesnewton/facebook-parasite-the-sec...
[+] [-] dd36|8 years ago|reply
[+] [-] underlines|8 years ago|reply
1. Sextortion scam for personal gain Back in 2002 i was using MSN Messenger as a teenager, being like 17yo and full of testosterone, I accepted any girl wanting to share intimate details with me. There was one local girl, chatting with me for 2 years, but always had excused for not opening her cam. I was sharing intimate details while being on cam, but finally stopped, as she never wanted to meet me, despite living 20km away. She always had excuses. Two years later, I was dipping again into script kiddie stuff and trying out some trojan generators, combining it with an exe cryptor to make it undetectable for the early anti-virus tools. I contacted that girl again, and told her I had some new videos of my holidays. Sent it to her (holiday-in-france.avi.exe) and two mins later I was on "her" PC. Turns out it's a local guy, 5 years older than me, having like 100 folders named after local boys, where he kept videos, screen grabs and photos neatly organized. Most of them underage. Fortunately I found a word document with his resumee, even with a photo of him. I reported that guy to the feds the same day.
--
2. Sextortion with the wrong guy
Years later I migrated to an asian country. I now speak the local language and have a second Facebook and Skype profile that I only use for local contacts here, that I barely know and who are not family, friends or business contacts.
Every now and then some fake russian/eastern european girls try to add me on Skype or Facebook randomly. This time those girls are real, they even start a real webcam conversation.
But this time I'm prepared, being interested in infosec and online since the early 90ies and prepared because I was scammed before (see story 1.).
Those girls quickly start skype video calls, where they try to scam guys. Me, knowing this scam for years, had a laugh and continued the video chat, also sharing intimate details with them, and who says no to watch a beautiful girl undress herself and sharing her sexual preferences?
After usually 20-30 minutes of showing off on the camera, asking my sexual preferences and begging to add me on Facebook, they will change the tone of the conversion and try to blackmail me. Since I knew the scam, I was laughing and telling them, that my whole online presence is fake and all the profiles they have from me are filled with fake friends. They swore at me and immediately blocked me on Skype and Facebook.
Happened several times.
[+] [-] willvarfar|8 years ago|reply
[+] [-] Mz|8 years ago|reply
Sex has a strong emotional component. People who are "sexually needy" are often really emotionally needy and emotionally unhealthy. They are attracted to things with a strong emotional component, but low commitment. Liking pics of people who have cancer or whatever fits those criteria. The people gushing at pathetic photos of that sort are (probably) more likely than others to also be vulnerable to sextortion.
I am handicapped and had a lengthy medical crisis. Lots of people wanted me to be their big feels hit for the day while not actually giving a flying fuck about my welfare. Trying to get people to invest two nanoseconds in actually being helpful instead of merely using me as some emotional drug was a huge uphill battle.
A good filter for who to not waste my time on is folks who seek me out because I have a disability (or other sob story) and they have such big feels about it. These are always leeches who cannot respect me as a person and will only ever talk to me to meet their emotional needs. It's really sick stuff.
[+] [-] unknown|8 years ago|reply
[deleted]
[+] [-] jotadambalakiri|8 years ago|reply
[+] [-] HenryBemis|8 years ago|reply
Sometimes when I warn my friends and family about oversharing online, and the "dangers of social media" (on-the-internet-nobody-knows-you're-a-dog 1993 cartoon) they think I'm paranoid.
This is a very good case study for all social media users to understand.