Getting to the point where we’re going to need phone, email, and SMS to be deny all by default. Can’t reach me unless you’re information is already in my contacts.
My phone number (and some other details) were part of Nano Ledger's database that got stolen last year. So, some entrepreneurial scammer started calling me on a daily basis a few months ago. Really annoying. I'm well aware my phone number and email addresses are pretty much public information at this point. I actually put that on my web site even. But stuff like this makes me even less likely to answer unknown numbers. Hilariously, the scammer actually called me while I was giving a security briefing to our company about enabling 2FA. I put him on speaker and we had a good laugh while the guy insisted in broken English laced with expletives that he "had my money".
A few months ago some criminals social engineered themselves past my bank's security as well. The first I learned about this was a funny conversation (by phone!) from an actual Deutsche Bank employee asking me if I recently changed my address and phone number and whether I opened ten new accounts. "eh no?!..." Basically their fraud detection system kicked in before these people did any damage. I made a point of not doing anything else than confirming information they already knew (like my old address, email address) and asked for an on site meeting to discuss things in more detail. I realized instantly I had no way of verifying anything I was being told on the phone and might very well be talking to a scammer. As it turns out this was for real and the person actually managed to find my "old phone number" in some archive. Otherwise all my contact information had already been changed by the scammers. Thankfully I answered that call. Apparently, this happened to several people.
Basically, what happened was some persons just called the bank's help desk, asked them to reset my online banking access codes, and then somehow intercepted the pin codes (thanks Deutsche Post) before they reached me. The theory is that somehow the security of the distribution system was compromised. As far as I an tell, nobody broke into my building or mailbox. Then started they using them to change my address, etc. They got caught only when they created sub accounts and started transferring money.
I've been called twice by my bank to warn me of possible fraudulent activity. Both times I hung up on them and called back at the bank's own public customer service line and asked them if that was really them calling. Once it was and once it was not, so I'm glad I was that careful.
Possibly, but we can't do that either. What we need is some balance of both worlds. OOH, we do actually need to be contactable. OTOH, being too contactable means spam. I doubt there's a perfect balance, but either extreme come with too many problems.
Email has decent spam filtering, and I think that kind of cat-mouse system will persist. That said, there's "room" for more whitelisting.
"I doubt there's a perfect balance, but either extreme come with too many problems."
In principle, "pay me a small fee if you're not on my list, if I put you on my list now it's free" would work well (optionally refund someone who contacts you out of the blue that you approve of), but there's a lot of both engineering and social details between where we are now and such a system.
It doesn't take much cost friction to deter mass spamming. I don't think much problem would be left behind from the handful of overconfident spammers who think that they can bust the odds and it's worth 25 cents a message or something.
I found a novel solution by accident to this. I moved to a new area but kept my old number. 99% of my spam calls are from my phone’s area code. If you are not a contact and a number comes up from that area code, it is spam. If it is my new area code, it is a person or business trying to reach me.
As do I. This is a difficult problem to solve especially as the signal to noise becomes worse as abuse becomes more common.
Ive had to wildcard block my area code (since I don't live there anymore) which captures 95% of my daily spam calls - but people can still leave a message to break through my wall if it's truly urgent. I don't see how this could work with SMS.
Even message requests on facebook/messenger have problems where you are unlikely to even see the request unless you check regularly.
It's a hard problem to crack. Some legitimate places need to be able to call you without you knowing them ahead of time. Say your sibling was mugged in Mexico and the local little police station let them borrow the landline to call the only number they still remember without having to check their contacts in their phone. Are you not going to pick up?
There are a lot of these little edge-cases. Journalists, lawyers representing class action suits, government id expiring, and so on.
> Say your sibling was mugged in Mexico and the local little police station let them borrow the landline to call the only number they still remember without having to check their contacts in their phone. Are you not going to pick up?
Just wait for the deepfaked voice call scammers. Their best bet is to work up the hierarchy; a tiny local police station knows how to get in touch with a bigger police station that can contact an embassy, etc.
> There are a lot of these little edge-cases. Journalists, lawyers representing class action suits, government id expiring, and so on.
All of these use-cases allow someone to spend the time to contact you via your preferred contact method, whatever that might be.
I'm in my 30s and I can't think of a single time I have ever received a phone call that I didn't expect. I get several spam calls every day. I would make the trade (and recently have, I block all unknown numbers now).
My iPhone is set to "Silence Unknown Callers." It's the perfect compromise. If a call is legitimate they'll leave a voicemail and I just call them back.
jillesvangurp|4 years ago
A few months ago some criminals social engineered themselves past my bank's security as well. The first I learned about this was a funny conversation (by phone!) from an actual Deutsche Bank employee asking me if I recently changed my address and phone number and whether I opened ten new accounts. "eh no?!..." Basically their fraud detection system kicked in before these people did any damage. I made a point of not doing anything else than confirming information they already knew (like my old address, email address) and asked for an on site meeting to discuss things in more detail. I realized instantly I had no way of verifying anything I was being told on the phone and might very well be talking to a scammer. As it turns out this was for real and the person actually managed to find my "old phone number" in some archive. Otherwise all my contact information had already been changed by the scammers. Thankfully I answered that call. Apparently, this happened to several people.
Basically, what happened was some persons just called the bank's help desk, asked them to reset my online banking access codes, and then somehow intercepted the pin codes (thanks Deutsche Post) before they reached me. The theory is that somehow the security of the distribution system was compromised. As far as I an tell, nobody broke into my building or mailbox. Then started they using them to change my address, etc. They got caught only when they created sub accounts and started transferring money.
nonameiguess|4 years ago
ricardobayes|4 years ago
dalbasal|4 years ago
Email has decent spam filtering, and I think that kind of cat-mouse system will persist. That said, there's "room" for more whitelisting.
jerf|4 years ago
In principle, "pay me a small fee if you're not on my list, if I put you on my list now it's free" would work well (optionally refund someone who contacts you out of the blue that you approve of), but there's a lot of both engineering and social details between where we are now and such a system.
It doesn't take much cost friction to deter mass spamming. I don't think much problem would be left behind from the handful of overconfident spammers who think that they can bust the odds and it's worth 25 cents a message or something.
cwhiz|4 years ago
mcculley|4 years ago
sethammons|4 years ago
You could likely get a far off area coded number.
gh123man|4 years ago
Ive had to wildcard block my area code (since I don't live there anymore) which captures 95% of my daily spam calls - but people can still leave a message to break through my wall if it's truly urgent. I don't see how this could work with SMS.
Even message requests on facebook/messenger have problems where you are unlikely to even see the request unless you check regularly.
panzagl|4 years ago
cwhiz|4 years ago
3pt14159|4 years ago
There are a lot of these little edge-cases. Journalists, lawyers representing class action suits, government id expiring, and so on.
benlivengood|4 years ago
Just wait for the deepfaked voice call scammers. Their best bet is to work up the hierarchy; a tiny local police station knows how to get in touch with a bigger police station that can contact an embassy, etc.
> There are a lot of these little edge-cases. Journalists, lawyers representing class action suits, government id expiring, and so on.
All of these use-cases allow someone to spend the time to contact you via your preferred contact method, whatever that might be.
coldpie|4 years ago
duffyjp|4 years ago
bitL|4 years ago
baby|4 years ago