The time has come for us to make passwords for identifying each other..
This was common advice for parents in the 80s and 90s. If someone had to pick me up from school unexpectedly my parents gave them a code word to tell me to let me know it wasn't a child abduction
according to the TV, child adoption is just an anti-semitic Qanon-adjacent conspiracy theory. No need for passwords! yay!
Right now deepfakes doesn't work well when the face is viewed from extreme angles, so you can ask them to slowly turn their face to the side or up/down as far as they can until the face is not visible. It also doesn't work well when something obstruct the face, so ask them to put their hand in their face. It also can't seem to render mouth right if you open it too wide, or stick out your tongue.
I base this from a deepfake app I tried: https://github.com/s0md3v/roop . But as the tech improves, it might be able to handle those cases in the future.
Edit: chance that the scammer use a live deepfake app like this one: https://github.com/iperov/DeepFaceLive . It also supports using the Insight model which only need a single well lit photo to impersonate someone.
Right now deepfakes doesn’t work well when the face is viewed from extreme angles, so you can ask them to slowly turn their face to the side or up/down as far as they can until the face is not visible.
or, you know, you can just pickup the phone and call them.
You might not be aware of it, but in India (and SEA), using whatsapp video call is a lot more common than calling using your carrier's phone service. No one would think twice when receiving a whatsapp video calls there.
i am not aware of that, no, but my point is not that the video call itself is suspicious. it is that if you have have a suspicion for whatever reason, normal cell call for a verification is far easier than doing some strange gymnastics the person above suggested (which may or may not work).
I guess that also allows for some 'benefit of the doubt' from the point of view of the victim, it's probably harder to spot artifacts that would be obvious on a TV or monitor screen when the image is v small, and any glitches could be due to the video stream / compression
I had this attack tried on me. It was a video call from my friend's Facebook account. If I didn't know enough to be suspicious, I wouldn't have answered. Luckily I have that friend on Signal, so I knew they wouldn't have called me on Facebook asking for money. I tried calling on Signal, but they didn't answer. They must've not had their phone on them. Calling their home phone worked, though, which is kind of a weird thought.
Their phone was probably offline at the moment.
Nah, they just leave it in another room sometimes and don't care if they miss a call or notification.
Remember, if it’s truly life threatening, the hospital is going to do the surgery and gouge you for it later.
The time pressure is meant to prevent you from looking into it.
Hang up, call them…. Don’t just hand money over the phone.use an excuse like calling your bank or something
Fortunately, I hate videocalls and have no reason to use them, so if my friend videocalled me I'd ask what the fuck they were doing and immediately be suspicious.
Especially if they were suddenly asking you for money.
My first thought would be "wtf? How did WhatsApp get installed" followed by throwing my phone in a lake.
I'm in the US and have a well off friend who had his Facebook hacked. The bad actors sent messages to his friends asking to borrow $500 until tomorrow because his bank accounts were locked and he needed the cash. Someone who was messaged by the bad actors posted a screenshot of a deepfaked video call he received that caused him to fall for it. Wild times we live in!
I know someone who fell for a similar scam but it involved purchasing gift cards.
I routinely get emails from the owner of the company I work for asking me to kindly purchase several large gift cards and forward them and the receipt to him for prompt reimbursement.
asking me to kindly purchase several large gift cards
kindly give me your money, thanks
40,000 Indian rupees = $487 USD.
Wow that’s a cheap surgery! Definitely not US.
Yeah them paying in rupees might have been a hint to where it happened.
Indiana?
Hyrule
"Come back when you're a little... mmm... richer."
If you'd lend them money you'll have their contact info. Go get a different phone and call them.
You're not wrong but it's going to take a long time for "that relative that is calling could be someone else" to be something that people actually think about. Simple to execute your solution but 99% of the people out there won't even consider the possibility.
"HI we are chased bank and we sent you 40k please give us the codes to Amazon gift cards to pay it back" still works on the elderly. This trick is going to wreak havok among old people.
Guy who scammed his friend out of $500: oh, no it totally wasn't me man. There was a video? Weird it must have been a Randeep Fake
Source on the image? Seems to be a snippet of a longer article.
as the source. I get images get more engagement than links, but it's important to have the source handy.
I was so hoping the crappy "hey, a text thing I want to share, let me take a fucking attributionless accessibility-poisoning screenshot and upload it like a psychopath instead of just copy/pasting the link to the text or the text itself like a decent human being" routine would die with Reddit. We should be better than that here.
I even get why, images inherently get more eyes on them than articles through links, but the least we can do is include the source in the post body.
Isn't that what we've already been using gpg for? More communication sites should implement it
Is it a user problem or platform problem that more services don't implement some sort of OpenPGP solution? I mean to say, I absolutely agree this is a good idea, but is the obstacle the users or the services? I can see people getting really confused and not knowing to treat their private keys properly, etc. So are services afraid it'll drive users away or are services afraid of it for some other reason?
I feel like it's kind of a mix of both. It's definitely a hassle to use and check as a user, but I think part of the reason it is is because sites just treat it as an extra thing rather than integrate it into their service
I thought linking to the original would be more useful than an implementation, you're right though
Don't deep fakes always look a little clunky?
Yeah until they don't anymore lol.
They could blame a bad connection.
When you're 77 your eyes (and hearing and brain) don't work as well as they use to. There's a reason why old people are targeted for these kinds of scams.
Jokes on you scammers. Can't deepfake me with a friend's face if I don't got any friends to deepfake.
I got one of these a few months ago. I could tell it was fake before I even answered, but I was curious so I pointed my own camera at a blank wall and answered. It was creepy to see my friend's face (albeit one that was obviously fake if you knew what to look for) when I answered.
How do these scamers know who our friends are? Also how are they able to get pictures or video from said friend to create the fake?
From social media presumably
What about the voice? How it sounds like etc? Maybe from videos people post. Shits getting weird. Glad I deleted everything from FB long time ago. Actually looking back its crazy thay had all that info on my profile, pics and videos. Makes no sense now. Lots of people still dont care and have a lot of infro freely available online.
In my case, the friend's facebook account was compromised. So they were able to get his pictures and call me from his account.
"I'm not a cat."
You certainly look like a cat.
"Hey, what's wrong with Woofie?"
Your friend is dead
What's my kid code?
Easy solution: Never give money that’s requested like this. Give the money in person or not at all.
If the friend doesn’t like it they can go to the bank. If they don’t like my terms they can pay interest to them.
Sorry people, I’m not your fuckin loan officer and scams are just too easy.
At the start of COVID, I was in Hanoi, but wanted to go to India before going home (it was super cheap). Before that, 2 things had happened:
The stupid airline blocked the money (in the credit card) for our flight back and on top also transferred it, which left me without money in Vietnam. Super big pile of shit already.
Due to COVID there was zero chance of reaching anyone for support. It took, at the end, another week when we where back for that money to be unblocked.
Then something else happened: They didn't let us on our flight to India (and thus to our flight home). Despite the Indian government saying no restrictions untill 2 days later. I had the website if the Indian ministry right there to show them. (guess how long it took to get that money back, despite the person saying they refund right now: about a year!)
So now we were stuck in Hanoi, without money for a flight back. So I had to call my family for credit card details to pay for a flight. There was essentially no other option. I don't plan to have 3x the amount of money "just in case". I don't travel much, so I assume parts of that are not too rare.
Here’s hoping for popularising secure communication protocols. It’s gonna become a must at some point.
WhatsApp video calls are end-to-end encrypted. A secure protocol means nothing in this context.
But key exchanges work.
Signal for example, will warn you when the person you are talking to is using a new device.
As long as the user heeds the warning, it is an effective stop, and at the very least gives the user pause.
If the signal safety number changes, but the communication stays on track, as in, the context of the conversation is the same, it's unlikely to be a problem. But if the safety number changes and the next message is asking for money, that is a very simple and easy to process situation.
Gr. It's not the technology that pisses me off. It's people forgetting the fundamental rule that everything on the internet is fake until definitively proven otherwise.
Even after proven, nothing digital should ever rise to 100% trust. Under any circumstances whatsoever. 99% is fine. 100% is never.
Hell, even real life inputs from your eyes don't get 100% trust. People are well aware their eyes can play tricks. But somehow go digital and people start trusting, even though digital is easier to corrupt than irl information in every possible way.
I think it's pretty unreasonable to expect someone in 2023 to not trust a video call from someone they know. We are entering that period now, but I could have easily been fooled the same way. I bet you could have too.
Perhaps its because I pre-date most internet technology, but I am extremely distrustful in all digital spaces. Everyone should've started being extremely distrustful years ago, if they weren't already. Not today.
You don't wait for a big problem to smack you in the face. That's how you lose 40k like our elderly friend. You just get to be in the first wave of potential victims that way.
I grew up before the internet myself. I can't say I'm on high alert for fake video calls lol I will be moving forward, however, now that it's a credible threat.
I'm not saying I don't make video calls, mind you. I just don't trust them 100%. Haven't on that specific one for awhile now.
Thus, if someone asked me for 40k via one, I would say no, and to contact me in person.
40,000 rupees is like $400. Would you ask your friend to meet you in person for that amount, especially if they live quite far away?
I did not consider that kind of conversion rate. No, I probably would not.
India had a purchase power parity compared to the US$ of > 24 in 2022, i.e., while you can exchange only ~400–500 US $ for ₹ 40,000, this amount of money will buy goods within India that would be worth $ 9,600–12,000 within the US. Exchange rates can be pretty misleading.
The problem is with senior citizens, even if we tell them to not believe things on internet and tell them to not trust any calls, they will eventually do the opposite once the scammer pretends to be someone close to them.
They cant even tell if a normal video is fake or real then how can they tell of someone on a video call is real pr fake, chances are once they see someone dear to them in danger and asking money they will forget everything you've told them about the internet and get scammed ....
"Hello dear, it's your mother. Haven't heard from you in a while."
"Nice try scammer, go to hell!!"
With deepfake technology being so advanced nowadays, how will we ever know if the person we are talking with on the internet is who they say they are?
You have to establish a shared password that only you two know, this should be done in person, face to face. Someone needs to make an app for storing passwords for people as opposed to websites. I suppose contact lists could store the password field.
Dude had too much money. Simple.
Why don't people use "Threema". They can provide lifetime secure communication with a one-time payment. Also, you don't need a phone number. If your phone number is captured, it will not be a problem because Threema provides communication with personal codes, not phone numbers.
Why don't people send "SD cards" with their video on it?
This was common advice for parents in the 80s and 90s. If someone had to pick me up from school unexpectedly my parents gave them a code word to tell me to let me know it wasn't a child abduction
according to the TV, child adoption is just an anti-semitic Qanon-adjacent conspiracy theory. No need for passwords! yay!
Right now deepfakes doesn't work well when the face is viewed from extreme angles, so you can ask them to slowly turn their face to the side or up/down as far as they can until the face is not visible. It also doesn't work well when something obstruct the face, so ask them to put their hand in their face. It also can't seem to render mouth right if you open it too wide, or stick out your tongue.
I base this from a deepfake app I tried: https://github.com/s0md3v/roop . But as the tech improves, it might be able to handle those cases in the future.
Edit: chance that the scammer use a live deepfake app like this one: https://github.com/iperov/DeepFaceLive . It also supports using the Insight model which only need a single well lit photo to impersonate someone.
or, you know, you can just pickup the phone and call them.
You might not be aware of it, but in India (and SEA), using whatsapp video call is a lot more common than calling using your carrier's phone service. No one would think twice when receiving a whatsapp video calls there.
i am not aware of that, no, but my point is not that the video call itself is suspicious. it is that if you have have a suspicion for whatever reason, normal cell call for a verification is far easier than doing some strange gymnastics the person above suggested (which may or may not work).
I guess that also allows for some 'benefit of the doubt' from the point of view of the victim, it's probably harder to spot artifacts that would be obvious on a TV or monitor screen when the image is v small, and any glitches could be due to the video stream / compression
I had this attack tried on me. It was a video call from my friend's Facebook account. If I didn't know enough to be suspicious, I wouldn't have answered. Luckily I have that friend on Signal, so I knew they wouldn't have called me on Facebook asking for money. I tried calling on Signal, but they didn't answer. They must've not had their phone on them. Calling their home phone worked, though, which is kind of a weird thought.
Their phone was probably offline at the moment.
Nah, they just leave it in another room sometimes and don't care if they miss a call or notification.
Remember, if it’s truly life threatening, the hospital is going to do the surgery and gouge you for it later.
The time pressure is meant to prevent you from looking into it.
Hang up, call them…. Don’t just hand money over the phone.use an excuse like calling your bank or something
Fortunately, I hate videocalls and have no reason to use them, so if my friend videocalled me I'd ask what the fuck they were doing and immediately be suspicious.
Especially if they were suddenly asking you for money.
My first thought would be "wtf? How did WhatsApp get installed" followed by throwing my phone in a lake.
I'm in the US and have a well off friend who had his Facebook hacked. The bad actors sent messages to his friends asking to borrow $500 until tomorrow because his bank accounts were locked and he needed the cash. Someone who was messaged by the bad actors posted a screenshot of a deepfaked video call he received that caused him to fall for it. Wild times we live in!
I know someone who fell for a similar scam but it involved purchasing gift cards.
I routinely get emails from the owner of the company I work for asking me to kindly purchase several large gift cards and forward them and the receipt to him for prompt reimbursement.
kindly give me your money, thanks
40,000 Indian rupees = $487 USD.
Wow that’s a cheap surgery! Definitely not US.
Yeah them paying in rupees might have been a hint to where it happened.
Indiana?
Hyrule
"Come back when you're a little... mmm... richer."
Here is an alternative Piped link(s): https://piped.video/RC8ksHG6FhQ
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I'm open-source, check me out at GitHub.
Hi. I'm calling you about your korok insurance.
This comment made me laugh really hard, nice
No. This is how you avoid the problem.
"Lemme call you back in 5 because <some excuse>"
If you'd lend them money you'll have their contact info. Go get a different phone and call them.
You're not wrong but it's going to take a long time for "that relative that is calling could be someone else" to be something that people actually think about. Simple to execute your solution but 99% of the people out there won't even consider the possibility.
"HI we are chased bank and we sent you 40k please give us the codes to Amazon gift cards to pay it back" still works on the elderly. This trick is going to wreak havok among old people.
Guy who scammed his friend out of $500: oh, no it totally wasn't me man. There was a video? Weird it must have been a Randeep Fake
Source on the image? Seems to be a snippet of a longer article.
EDIT: looking up the text of the image gives me https://inshorts.com/m/en/news/kerala-man-loses-%E2%82%B940000-as-video-call-from-friend-turns-out-to-be-deepfake-1689663557129, which is just the snipped text, but points at
https://www.hindustantimes.com/india-news/deepfake-scammers-trick-indian-man-into-transferring-money-police-investigating-multi-million-rupee-scam-101689622291654-amp.html
as the source. I get images get more engagement than links, but it's important to have the source handy.
I was so hoping the crappy "hey, a text thing I want to share, let me take a fucking attributionless accessibility-poisoning screenshot and upload it like a psychopath instead of just copy/pasting the link to the text or the text itself like a decent human being" routine would die with Reddit. We should be better than that here.
I even get why, images inherently get more eyes on them than articles through links, but the least we can do is include the source in the post body.
Isn't that what we've already been using gpg for? More communication sites should implement it
Is it a user problem or platform problem that more services don't implement some sort of OpenPGP solution? I mean to say, I absolutely agree this is a good idea, but is the obstacle the users or the services? I can see people getting really confused and not knowing to treat their private keys properly, etc. So are services afraid it'll drive users away or are services afraid of it for some other reason?
I feel like it's kind of a mix of both. It's definitely a hassle to use and check as a user, but I think part of the reason it is is because sites just treat it as an extra thing rather than integrate it into their service
Using what?
Pretty Good Privacy - Wikipedia
GPG is GNU Privacy Guard, but same thing.
I thought linking to the original would be more useful than an implementation, you're right though
Don't deep fakes always look a little clunky?
Yeah until they don't anymore lol.
They could blame a bad connection.
When you're 77 your eyes (and hearing and brain) don't work as well as they use to. There's a reason why old people are targeted for these kinds of scams.
Jokes on you scammers. Can't deepfake me with a friend's face if I don't got any friends to deepfake.
I got one of these a few months ago. I could tell it was fake before I even answered, but I was curious so I pointed my own camera at a blank wall and answered. It was creepy to see my friend's face (albeit one that was obviously fake if you knew what to look for) when I answered.
How do these scamers know who our friends are? Also how are they able to get pictures or video from said friend to create the fake?
From social media presumably
What about the voice? How it sounds like etc? Maybe from videos people post. Shits getting weird. Glad I deleted everything from FB long time ago. Actually looking back its crazy thay had all that info on my profile, pics and videos. Makes no sense now. Lots of people still dont care and have a lot of infro freely available online.
In my case, the friend's facebook account was compromised. So they were able to get his pictures and call me from his account.
"I'm not a cat."
You certainly look like a cat.
"Hey, what's wrong with Woofie?"
Your friend is dead
What's my kid code?
Easy solution: Never give money that’s requested like this. Give the money in person or not at all.
If the friend doesn’t like it they can go to the bank. If they don’t like my terms they can pay interest to them.
Sorry people, I’m not your fuckin loan officer and scams are just too easy.
At the start of COVID, I was in Hanoi, but wanted to go to India before going home (it was super cheap). Before that, 2 things had happened:
Then something else happened: They didn't let us on our flight to India (and thus to our flight home). Despite the Indian government saying no restrictions untill 2 days later. I had the website if the Indian ministry right there to show them. (guess how long it took to get that money back, despite the person saying they refund right now: about a year!)
So now we were stuck in Hanoi, without money for a flight back. So I had to call my family for credit card details to pay for a flight. There was essentially no other option. I don't plan to have 3x the amount of money "just in case". I don't travel much, so I assume parts of that are not too rare.
Here’s hoping for popularising secure communication protocols. It’s gonna become a must at some point.
WhatsApp video calls are end-to-end encrypted. A secure protocol means nothing in this context.
But key exchanges work.
Signal for example, will warn you when the person you are talking to is using a new device.
As long as the user heeds the warning, it is an effective stop, and at the very least gives the user pause.
If the signal safety number changes, but the communication stays on track, as in, the context of the conversation is the same, it's unlikely to be a problem. But if the safety number changes and the next message is asking for money, that is a very simple and easy to process situation.
Gr. It's not the technology that pisses me off. It's people forgetting the fundamental rule that everything on the internet is fake until definitively proven otherwise.
Even after proven, nothing digital should ever rise to 100% trust. Under any circumstances whatsoever. 99% is fine. 100% is never.
Hell, even real life inputs from your eyes don't get 100% trust. People are well aware their eyes can play tricks. But somehow go digital and people start trusting, even though digital is easier to corrupt than irl information in every possible way.
I think it's pretty unreasonable to expect someone in 2023 to not trust a video call from someone they know. We are entering that period now, but I could have easily been fooled the same way. I bet you could have too.
Perhaps its because I pre-date most internet technology, but I am extremely distrustful in all digital spaces. Everyone should've started being extremely distrustful years ago, if they weren't already. Not today.
You don't wait for a big problem to smack you in the face. That's how you lose 40k like our elderly friend. You just get to be in the first wave of potential victims that way.
I grew up before the internet myself. I can't say I'm on high alert for fake video calls lol I will be moving forward, however, now that it's a credible threat.
I'm not saying I don't make video calls, mind you. I just don't trust them 100%. Haven't on that specific one for awhile now.
Thus, if someone asked me for 40k via one, I would say no, and to contact me in person.
40,000 rupees is like $400. Would you ask your friend to meet you in person for that amount, especially if they live quite far away?
I did not consider that kind of conversion rate. No, I probably would not.
India had a purchase power parity compared to the US$ of > 24 in 2022, i.e., while you can exchange only ~400–500 US $ for ₹ 40,000, this amount of money will buy goods within India that would be worth $ 9,600–12,000 within the US. Exchange rates can be pretty misleading.
https://data.oecd.org/conversion/purchasing-power-parities-ppp.htm
The problem is with senior citizens, even if we tell them to not believe things on internet and tell them to not trust any calls, they will eventually do the opposite once the scammer pretends to be someone close to them. They cant even tell if a normal video is fake or real then how can they tell of someone on a video call is real pr fake, chances are once they see someone dear to them in danger and asking money they will forget everything you've told them about the internet and get scammed ....
"Hello dear, it's your mother. Haven't heard from you in a while."
"Nice try scammer, go to hell!!"
With deepfake technology being so advanced nowadays, how will we ever know if the person we are talking with on the internet is who they say they are?
You have to establish a shared password that only you two know, this should be done in person, face to face. Someone needs to make an app for storing passwords for people as opposed to websites. I suppose contact lists could store the password field.
Dude had too much money. Simple.
Why don't people use "Threema". They can provide lifetime secure communication with a one-time payment. Also, you don't need a phone number. If your phone number is captured, it will not be a problem because Threema provides communication with personal codes, not phone numbers.
Why don't people send "SD cards" with their video on it?
I guess for the same reason.