This was common advice for parents in the 80s and 90s. If someone had to pick me up from school unexpectedly my parents gave them a code word to tell me to let me know it wasn't a child abduction
Right now deepfakes doesn't work well when the face is viewed from extreme angles, so you can ask them to slowly turn their face to the side or up/down as far as they can until the face is not visible. It also doesn't work well when something obstruct the face, so ask them to put their hand in their face. It also can't seem to render mouth right if you open it too wide, or stick out your tongue.
I base this from a deepfake app I tried: https://github.com/s0md3v/roop . But as the tech improves, it might be able to handle those cases in the future.
Edit: chance that the scammer use a live deepfake app like this one: https://github.com/iperov/DeepFaceLive . It also supports using the Insight model which only need a single well lit photo to impersonate someone.
Right now deepfakes doesn’t work well when the face is viewed from extreme angles, so you can ask them to slowly turn their face to the side or up/down as far as they can until the face is not visible.
or, you know, you can just pickup the phone and call them.
You might not be aware of it, but in India (and SEA), using whatsapp video call is a lot more common than calling using your carrier's phone service. No one would think twice when receiving a whatsapp video calls there.
I had this attack tried on me. It was a video call from my friend's Facebook account. If I didn't know enough to be suspicious, I wouldn't have answered. Luckily I have that friend on Signal, so I knew they wouldn't have called me on Facebook asking for money. I tried calling on Signal, but they didn't answer. They must've not had their phone on them. Calling their home phone worked, though, which is kind of a weird thought.
Fortunately, I hate videocalls and have no reason to use them, so if my friend videocalled me I'd ask what the fuck they were doing and immediately be suspicious.
I'm in the US and have a well off friend who had his Facebook hacked. The bad actors sent messages to his friends asking to borrow $500 until tomorrow because his bank accounts were locked and he needed the cash. Someone who was messaged by the bad actors posted a screenshot of a deepfaked video call he received that caused him to fall for it. Wild times we live in!
I routinely get emails from the owner of the company I work for asking me to kindly purchase several large gift cards and forward them and the receipt to him for prompt reimbursement.
You're not wrong but it's going to take a long time for "that relative that is calling could be someone else" to be something that people actually think about. Simple to execute your solution but 99% of the people out there won't even consider the possibility.
"HI we are chased bank and we sent you 40k please give us the codes to Amazon gift cards to pay it back" still works on the elderly. This trick is going to wreak havok among old people.
I was so hoping the crappy "hey, a text thing I want to share, let me take a fucking attributionless accessibility-poisoning screenshot and upload it like a psychopath instead of just copy/pasting the link to the text or the text itself like a decent human being" routine would die with Reddit. We should be better than that here.
Is it a user problem or platform problem that more services don't implement some sort of OpenPGP solution? I mean to say, I absolutely agree this is a good idea, but is the obstacle the users or the services? I can see people getting really confused and not knowing to treat their private keys properly, etc. So are services afraid it'll drive users away or are services afraid of it for some other reason?
I feel like it's kind of a mix of both. It's definitely a hassle to use and check as a user, but I think part of the reason it is is because sites just treat it as an extra thing rather than integrate it into their service
When you're 77 your eyes (and hearing and brain) don't work as well as they use to. There's a reason why old people are targeted for these kinds of scams.
I got one of these a few months ago. I could tell it was fake before I even answered, but I was curious so I pointed my own camera at a blank wall and answered. It was creepy to see my friend's face (albeit one that was obviously fake if you knew what to look for) when I answered.
At the start of COVID, I was in Hanoi, but wanted to go to India before going home (it was super cheap). Before that, 2 things had happened:
The stupid airline blocked the money (in the credit card) for our flight back and on top also transferred it, which left me without money in Vietnam. Super big pile of shit already.
Due to COVID there was zero chance of reaching anyone for support. It took, at the end, another week when we where back for that money to be unblocked.
Then something else happened: They didn't let us on our flight to India (and thus to our flight home). Despite the Indian government saying no restrictions untill 2 days later. I had the website if the Indian ministry right there to show them. (guess how long it took to get that money back, despite the person saying they refund right now: about a year!)
So now we were stuck in Hanoi, without money for a flight back. So I had to call my family for credit card details to pay for a flight. There was essentially no other option. I don't plan to have 3x the amount of money "just in case". I don't travel much, so I assume parts of that are not too rare.
Signal for example, will warn you when the person you are talking to is using a new device.
As long as the user heeds the warning, it is an effective stop, and at the very least gives the user pause.
If the signal safety number changes, but the communication stays on track, as in, the context of the conversation is the same, it's unlikely to be a problem. But if the safety number changes and the next message is asking for money, that is a very simple and easy to process situation.
Gr. It's not the technology that pisses me off. It's people forgetting the fundamental rule that everything on the internet is fake until definitively proven otherwise.
Even after proven, nothing digital should ever rise to 100% trust. Under any circumstances whatsoever. 99% is fine. 100% is never.
Hell, even real life inputs from your eyes don't get 100% trust. People are well aware their eyes can play tricks. But somehow go digital and people start trusting, even though digital is easier to corrupt than irl information in every possible way.
I think it's pretty unreasonable to expect someone in 2023 to not trust a video call from someone they know. We are entering that period now, but I could have easily been fooled the same way. I bet you could have too.
Perhaps its because I pre-date most internet technology, but I am extremely distrustful in all digital spaces. Everyone should've started being extremely distrustful years ago, if they weren't already. Not today.
You don't wait for a big problem to smack you in the face. That's how you lose 40k like our elderly friend. You just get to be in the first wave of potential victims that way.
You have to establish a shared password that only you two know, this should be done in person, face to face. Someone needs to make an app for storing passwords for people as opposed to websites. I suppose contact lists could store the password field.
Why don't people use "Threema". They can provide lifetime secure communication with a one-time payment. Also, you don't need a phone number. If your phone number is captured, it will not be a problem because Threema provides communication with personal codes, not phone numbers.