andrewducker | Interesting Links for 14-07-2021

andrewducker

What Black Widow's $60 Million Disney+ Haul Actually Means: (tags:business movies streaming Disney marvel )
I believe many of you would subscribe to the Marple Cinematic Universe: (tags:funny satire marvel crime video viaSwampers )
On a scale of 1 - 10, how cute are yawning snakes?: (tags:cute snakes comic )
Lightning-strike selfie lands siblings in hospital: (tags:lightning selfies )
The UK government is breaching human rights commitments under UN racism treaty: (tags:UK racism OhForFucksSake )
British travellers with India-made AZ vaccine turned away by Malta: (tags:vaccine travel Europe India UK )
Commons scraps "English votes for English laws": (tags:UK law Scotland )
Government plans to end prosecutions for Northern Ireland Troubles: (tags:NorthernIreland law )
Prestigious US film schools charge a fortune and don't deliver: (tags:movies Education usa business )
Covid in Scotland: Restrictions to ease but face masks remain: (tags:scotland pandemic )
Reaching people on the internet in 2021: Personally, I use RSS to keep up.
(tags:facebook internet history )
10 ways to befriend a misanthropic cat: (tags:cats )
North's first female Muslim council leader targeted in firebomb attack on car: (tags:islam terrorism uk )
Why don't adults take teenager's problems seriously?: (tags:adult teenagers problems comic )
If your bank calls you, hang up and call them back (on a number you got from them directly): (tags:Banking fraud )

Crossposts: https://andrewducker.livejournal.com/4061292.html

Flat | Top-Level Comments Only

From:

jack

What stands out to me when something goes wrong is that *most* scams are really blatant, so if someone phones you and sounds professional, it's easy to assume that its legit, and it probably is because high-quality scams are rarer, but if you're used to thinking of scams as obvious it's easy to think that you know the difference when you don't. I try to keep in mind (albeit imperfectly) what they've actually told me and if it would check out if someone described it rather than hearing someone authoritative say it

From:

simont

Yes. The analogue in email is that most email spams / scams / virus vehicles fail the Turing test in a really blatant way (either saying things like "the government of your country" without making a commitment to what country, or else straight-up getting it wrong like mailing the whole world in the hope that one of them will be a customer of Obscure US Bank #6316). So when one manages to contain an identifiably correct detail of your own situation, it's easy to put it on the wrong side of the line.

The one of those I came closest to being defeated by was actually formatted as a reply to an email I had genuinely sent the previous year, including the full quoted text of my actual message – but it said something fairly generic in the followup text, and had a Word document attached containing a macro virus. I guess the organisation in question must have been hacked in a way that gave the attackers access to their email archives.

Edited Date: 2021-07-14 12:15 pm (UTC)

From:

jducoeur

Yep. The one time I almost got caught was by a really, really well-designed spearphishing attack. Hackers had broken into one of my vendors, and sent a very legit-looking alert to all of their customers. I literally had typed in my password and had my finger poised to press Submit before I stopped myself and asked, "Why do they need my password for this?"

Fortunately, I had a friend in the company, so I emailed him, described what I was seeing, and about three minutes later got a reply of, "We've been hacked". And about two minutes after that, got a mail blast to the entire customer base telling them what had happened and to ignore the previous email.

From:

toothycat

Note that "hang up and call them back" is not good enough as instructions. In the UK, for landlines, the call lifetime is managed by the calling party; the receiving end hanging up the phone is not enough to terminate the call, the caller must explicitly end it or a timeout (anywhere between 10 seconds and 3 minutes depending on where you are) trigger before the call ends.

This leads to a slightly more sophisticated variation on these scams, where the caller plays a recording of a dial tone down the line in response to you hanging up, then simulates picking up your call when you call back.

Hang up, wait at least three minutes, *then* call the number on your card.

Edited Date: 2021-07-14 11:56 am (UTC)

From:

andrewducker

I'm so used to mobile phones I forgot that landlines did that!

From:

calimac

Important point.

Or use a different phone line.

I don't have caller ID on my landline, so the scammer's blandishments on that wouldn't be relevant to me, but if I did, I hope that the assurances to look at the number on the ID, it's the same as the one on the card, would be enough to make my suspicious.

I got a call on Monday from (they said) a theater company I subscribe to. The call wasn't all focused on getting me to renew my membership, but when they brought it up I said I'd do it on their website. Turned out there is no way to do that on their website, so I phoned them the next day - to find that their box office is currently closed on Monday and Tuesday. That doesn't prove anything, but it's curious.

From:

dewline

1. One thing I don't think the Black Widow article on Wired addresses is accessibility. There are lots of people who still cannot deal with traditional movie theatres for one or more reasons, no matter what we're doing to making them safe and usable. Disney+ gives those people options, but affordability becomes an issue with Premiere Access pricing.

2. My mother might be interested in such a thing. Depending on how quickly it's organized. She is in her 80's. Others of younger vintages can afford to be more patient.

3. Depends on age, doesn't it? :-D