|
Slime posted:If I was doing it I'd make up small transactions of things that nobody will notice aren't there either because they already use up a lot of them or they're small enough not to notice. Printer supplies, shipping crates, mice and keyboards for their computers, that sorta thing. Once you are in a position of trust fraud and embezzlement are relatively simple
|
# ? Jul 20, 2017 15:30 |
|
|
# ? Oct 11, 2024 07:04 |
|
Yay finally caught up. Funny enough, I got 'scammed' yesterday while reading this thread. It's more of a technical exploit, but still. I was downloading some free apps from the google play store through referral links to get points in a stupid app I was just messing around with. You know, the typical 'watch a video for 50 points, download this app for 100 points...'. Through some API, either one of the downloaded apps or one of the referral links someone grabbed my phone number and charged a subscription for a completely unrelated service to it (We have phone bill subscription services here for some reason). So now I got a 4,99 € per week subscription on my phone bill without ever agreeing to anything or registering anywhere. They even sent me a fairly well written contract, it even contains a spiel about how I agreed to waive my 14 day cancellation rights. Anyway, cancelled the subscription via my provider, locked any future subscriptions and asked them to remove the charge. By the sound of their support that doesn't really work out and I was told to make a claim with them after I get the bill. All in all, it's a scam I was fairly familiar with, I didn't know the charge could be placed so easily tho. Obviously they bank on users eating the first charge even if they cancel immediately.
|
# ? Jul 21, 2017 08:50 |
|
Weird, I was reading this thread thinking about how I've never had a dodgy phonecall or had someone approach me in the street trying to sell or give me something, and the phone rings with a number I don't recognise. I decided to answer it, it's a text-to-speech voice saying something like "this is the HMRC (UK tax authority,) and we are investigating you for tax discrepancies under penal code yadda yadda yadda, call this number immediately." Then it stated the number to call back 3 times. Funniest thing about this is the UK doesn't even have a penal code system, so the scammers haven't done much research. It does piss me off though, when I googled the number there were messages from various people, some who were genuinely worried HMRC were going to bust their door down, some who had called the number and got an indian guy claiming to be an officer demanding payment. I know some people are going to be falling for this and giving out their banking details or buying loving gift cards, whatever the method is.
|
# ? Jul 21, 2017 11:34 |
|
SEKCobra posted:Yay finally caught up. I guess I'm just paranoid in that I'm very careful about what apps I put on my phone, and can't imagine randomly downloading apps for referral points. My phone has financial information, location information, and my phone number isn't something that's easy to change, either in a technical sense or a practical sense (it's been my phone number for ten years), so if it gets onto a bunch of telemarketing lists, I'm fairly hosed.
|
# ? Jul 21, 2017 19:31 |
|
Thanatosian posted:I guess I'm just paranoid in that I'm very careful about what apps I put on my phone, and can't imagine randomly downloading apps for referral points. My phone has financial information, location information, and my phone number isn't something that's easy to change, either in a technical sense or a practical sense (it's been my phone number for ten years), so if it gets onto a bunch of telemarketing lists, I'm fairly hosed. Well, android permissions are very clear and there's no real risk if you know what permissions you are approving. I'm not sure if there's some way to get the device phone number without phone permissions on android or if the number was leaked through the browser anyway. But there's no risk of leaking financial credentials through an app without special permissions.
|
# ? Jul 22, 2017 20:25 |
|
A lot of android apps require blanket permission to access just about everything on your phone or they simply won't install. You can relinquish control over all your private information, or not install anything. Your choice.
|
# ? Jul 22, 2017 20:29 |
|
Those are terrible apps, don't install them.
|
# ? Jul 22, 2017 20:42 |
|
cakesmith handyman posted:Those are terrible apps, don't install them. Apps asking for blanket permission should be a red flag. The lack of heavy lockdown options is the thing I hate most about iOS.
|
# ? Jul 23, 2017 01:27 |
|
teh winnar! posted:Apps asking for blanket permission should be a red flag. The lack of heavy lockdown options is the thing I hate most about iOS. I guess I don't understand? The above was talking about Android and how easy it is to open the doors. On the other hand iOS goes entirely in the other direction and walls off each app (you're allowed to SEND data into the app via a file or clipboard) and you have to explicitly allow apps access to each OS level service like contacts, dialer, location, etc... What do you want locked down more?
|
# ? Jul 23, 2017 03:13 |
|
HerStuddMuffin posted:A lot of android apps require blanket permission to access just about everything on your phone or they simply won't install. You can relinquish control over all your private information, or not install anything. Your choice. It's stupid as gently caress users can't do item-by-item permission revoking in android by default.
|
# ? Jul 23, 2017 06:18 |
|
Tunicate posted:It's stupid as gently caress users can't do item-by-item permission revoking in android by default. It's been a thing for like a year now. It took way too long to implement it, but apps now need line by line permissions, with a prompt the first time the app tried to access that particular thing. Re: companies not checking before approving funds: I've worked for several shops and whenever I have to go to a supplier to pick stuff up, I've been asked for a PO#, but they never check in the store if it's legit. Combine that with the fact that a lot of smaller shops, hell, even bigger ones, don't have a real system for issuing them (ie they can just be a word, or a random number, or the work order number, or customer name, or whatever), and it occurs to me that I could walk into any NAPA auto parts store, buy several hundreds of dollars worth of stuff, claim it's for United Rentals and make up a PO number. It would take weeks for the invoice to land on someone's desk in accounts payable, and longer still as they chase down a packing slip that was never turned in. It's so easy that I'm legit surprised it isn't way more common.
|
# ? Jul 23, 2017 07:04 |
|
Last night I parked at a parking garage. Normally it’s a self‐serve affair where I take a ticket at the entrance and pay at a machine just before leaving. This time, there was an attendant taking cash at the entrance. Not in a booth, just sitting there by the self‐serve machine. It occurred to me that this could be a version of the “out of order bank deposit” scam. In the end it wasn’t, but a well‐run scam would have been indistinguishable from weekend operating procedure at this garage.
|
# ? Jul 23, 2017 09:38 |
|
It will only work if the scammers can somehow control the boom gates though.
|
# ? Jul 23, 2017 10:51 |
|
starkebn posted:It will only work if the scammers can somehow control the boom gates though. and at that point, who really cares
|
# ? Jul 23, 2017 10:59 |
|
starkebn posted:It will only work if the scammers can somehow control the boom gates though. The attendant sat right there and pushed the button on the self‐serve machine. It would have opened and dispensed a ticket whether or not she wore a ten‐dollar uniform. At that point, there was no way to know if it was a scam. I half expected to return to an unmanned exit and only be able to raise the barrier by paying again, to the right people. But there was a guy at the exit who raised the barrier for my ticket and no further payment, so if it was a scam, they weren’t scamming me.
|
# ? Jul 23, 2017 11:27 |
|
EKDS5k posted:It's been a thing for like a year now. It took way too long to implement it, but apps now need line by line permissions, with a prompt the first time the app tried to access that particular thing. Yea, it is crazy to me that I can wander into a Fastenal anywhere in the country and charge a grand worth of stuff just by saying the name of a company I (sometimes) work for. It's even better as buying that much stuff is a sure sign that my day is going down in flames so I am gonna going to be a twitchy stressed out mess in the store. But they never question it and just give me the tools.
|
# ? Jul 23, 2017 12:49 |
|
SEKCobra posted:Well, android permissions are very clear and there's no real risk if you know what permissions you are approving. I'm not sure if there's some way to get the device phone number without phone permissions on android or if the number was leaked through the browser anyway. But there's no risk of leaking financial credentials through an app without special permissions. sadly this isn't true to the extent you're saying. android has several permission groups which don't require user consent and they can be used by shady apps to do shady things. the way android implements accessibility features has been used for this purpose, where the shady app is able to use the accessibility services to screenshot the user's device and spoof user input. spoofing input (I've seen it called "clickjacking") is one way apps can install extra, even shadier apps without user knowledge
|
# ? Jul 23, 2017 16:23 |
|
EKDS5k posted:It's been a thing for like a year now. It took way too long to implement it, but apps now need line by line permissions, with a prompt the first time the app tried to access that particular thing. I work for a company that builds mining machinery and sells parts for that machinery, and I'm familiar enough with the formatting of the POs that the major underground coal companies in the US use that fake POs would be hard to get away with. I'm not saying it's impossible, just that there are several things that would make it harder for you to do that. A: you'd have to give a mine name that has a current account in good standing. That can be more difficult than looking in your phone book, as different mines have a tendency to test how late they can get away with paying us. B: you'll have to give a PO in the format that company uses. Some companies use a format of 6 digits, some use a format that's two letters+6 digits, some use 8 letters. I'm the only guy answering phones at night, in the US, so I've seen them all, and, over the last 11 years, have seen them all with enough frequency that I know what feels right with the mine names. C: if you give me a PO that's already in use, my computer pops up a notice that it is, and tells me what order number has it already. If we're in orders numbering 532xxxx, and the number you give me is in use on order 321xxxx, I'm not keying the order. D: I'm not selling you poo poo if you don't have our part number for the part, as my company's system sucks for searching for parts by description, and we have a lot of parts that use similar descriptions but are different measurements or shapes. If I go by description and send you the wrong one, I'm the one getting yelled at when the machine is down for 6 extra hours. Granted, our stuff is a lot more specialized than Rural King or Lowes, so I'm not as likely to get a scammer call, and my customer list only has around 350 names, but every industry has its own quirks. You might be more or less successful depending on where you go.
|
# ? Jul 23, 2017 17:01 |
|
The Sexual Shiite posted:I work for a company that builds mining machinery and sells parts for that machinery, and I'm familiar enough with the formatting of the POs that the major underground coal companies in the US use that fake POs would be hard to get away with. so basically they have to fish something out of the garbage and tweak it a little.
|
# ? Jul 23, 2017 21:00 |
|
The Sexual Shiite posted:I work for a company that builds mining machinery and sells parts for that machinery, and I'm familiar enough with the formatting of the POs that the major underground coal companies in the US use that fake POs would be hard to get away with. Yeah, but I also am going to have a hard time selling mining equipment parts on craigslist. Local one-stop suppliers are much more relaxed, and I've walked out with hundreds of dollars of stuff, using PO numbers like my name, or today's date. I could buy all kinds of shop supplies, hand tools, automotive fluids, safety gear, etc, and then have it sold on craigslist for 50 cents on the dollar by the end of the day. If I was really determined I could do this several times a day, at different locations and different suppliers, probably for weeks before any accounts even got put on hold.
|
# ? Jul 24, 2017 06:39 |
|
Lutha Mahtin posted:sadly this isn't true to the extent you're saying. android has several permission groups which don't require user consent and they can be used by shady apps to do shady things. the way android implements accessibility features has been used for this purpose, where the shady app is able to use the accessibility services to screenshot the user's device and spoof user input. spoofing input (I've seen it called "clickjacking") is one way apps can install extra, even shadier apps without user knowledge Are you sure? As far as I can tell anything that interacts with user input is part of explicit permission groups you have to approve.
|
# ? Jul 24, 2017 06:55 |
|
My inlaws got new phones. Fat smart phones with hard-push screens for olds. They got a tiny discount if they installed a free trial of a phone concierge app for two months. After two months the service would go back to the normal $15/month but they could cancel without penalty after the two month trial. There's still a useless concierge sheep walking around on my father-in-law's screen. At least they asked me before they said yes to a $20 monthly support package for 24 hour internet help...
|
# ? Jul 24, 2017 13:38 |
|
Yeah apps that want a load of permissions without any reason should be avoided. If you boot up the inlaws' desktop pc I'm optimistic there's going to a Bonzi Buddy in there somewhere. Really appreciate my tech savvy dad more whenever I read things like that, I'd have no idea where to even start instilling digital common sense into people who don't have any.
|
# ? Jul 24, 2017 14:53 |
|
Here's one I've been wondering about for a while. I travel a lot for work, and often find myself eating breakfast/dinner (or grabbing a drink) at the hotel restaurant. When the bill comes, you have two options: 1. Put down a credit card/cash for your waiter to pick up (then bring back the receipt or change so you can leave a tip). Exactly the same as you would at a typical restaurant. 2. Just pick up the pen and write your room number/name, along with the tip--and then walk out the door. How is this not abused constantly by people who aren't staying in the hotel? It would be one thing if you had to show your room key to come in or be seated, but I've never been asked to. What's to stop someone from walking in, having dinner and drinks, then signing a fake name & room number and walking out the door?
|
# ? Jul 24, 2017 15:22 |
|
Snowdog79 posted:Here's one I've been wondering about for a while.
|
# ? Jul 24, 2017 15:33 |
|
Common courtesy is pretty weird. A good con man can use it that to put you on the wrong foot, so you instinctively make wrong decisions that he can exploit but a couple bucks for a breakfast is just not worth getting into trouble over probably. Botching a dine and dash may or may not be something you can explain away depending on how smooth you are. But deliberately putting a room number other than your own down on the bill that's quite hard to weasel out of and probably not something people take to very kindly. Also, that the hotel might lose what you owe for breakfast sucks for them and you, but probably a bit more troublesome is attempting to put that charge on some random room number, since your attempt at simply stealing food now involves a third party you're also defrauding.
|
# ? Jul 24, 2017 15:50 |
|
I will guarantee that it happens and that they just eat whatever the annual losses are comfortable in the knowledge (probably backed up by someone doing research on this) that the ease of charging to your room encourages enough extra dining to more than compensate. Plus, the sort of places that let you sign to your room tend also to be slightly nicer. The Holiday Inn Express next to the strip mall isn't going to bother, while the Hilton downtown probably sees a lot fewer of the sort of people who are going to duck a dinner tab.
|
# ? Jul 24, 2017 17:43 |
|
Snowdog79 posted:Here's one I've been wondering about for a while. "You're Abe Froman, in room 4233?" "That's right, I'm Abe Froman." "The Sausage King of Chicago?"
|
# ? Jul 24, 2017 17:49 |
|
I travel for work all the time and I have never hear a coworker complain about a random meal charge, so I idk if it is really common, but I do agree only the nicer places will let you do it.
|
# ? Jul 24, 2017 23:39 |
|
When I went to a friend's wedding, the hotel we stayed at had valet parking. We didn't rent a car, and just used Lyft/taxis, but someone charged their parking to our room somehow. It was kind of a mess to sort out, although we did offer to pay the valet if they let us take the car (the car was already gone unfortunately). We're still not sure what happened, since they claimed that the people who left the car gave them our names, specifically (and not the room number). So, either a wedding guest tried to screw us over, or it was a mixup since my wife's name is pretty common. It was a bizarre situation, because the way they ran the valet sounded so easy to exploit, I don't understand how they collect any money at all for it. I literally don't know what they do if two people have the same name. I'm guessing that someone (everyone?) along the chain of people we talked to had no idea how it was actually supposed to be done, and just didn't collect the right info.
|
# ? Jul 25, 2017 00:28 |
|
I think I've had a couple of unexpected charges to my room in my many years of travel, usually it's a very easy thing to dispute and they never tried to accuse me of anything. I suppose it would make sense to not make a big deal of it and potentially anger the customer, especially if they're a business traveler. In the movie Brokedown Palace one of the characters tries to charge something to a different room and it turns out that the person staying in the room is already in the venue, I suppose that that's always a risk.
|
# ? Jul 25, 2017 11:17 |
|
I worked at an upscale hotel for a long while as a cook and bartender and we did the "sign your room # and tip" billing. If someone tried to game the system, it was pretty easy to spot because we knew all of hotel guests personally, or at the very least had a list of names and room numbers at the POS computer. If something didn't line up, we were taught to politely ignore it and move on. It's not worth loving the name of the hotel and it's management group by causing a scene over something that can be accounted later. We would also allow guests to dispute charges without an argument. Incidentally, I saw that sort of scam happen once a week or so but I never saw anyone catch poo poo for it. Hotel bars and restaurants run on much different margins than regular eateries. Easier to just let the weirdo that wanted a free brunch walk. fizzymercury fucked around with this message at 13:40 on Jul 25, 2017 |
# ? Jul 25, 2017 13:37 |
|
If you're extremely paranoid, even nice hotels will let you use a debit card at check-in. They don't want to do it, they'll put a big hold on your bank account which could last for weeks after you check out, and you won't be able to charge anything to your room, but, hey, nobody else will either.
|
# ? Jul 26, 2017 06:23 |
|
Probably the biggest loss hotels have to deal with is people booking rooms online with stolen cards. Topical, because my card was stolen recently! The two guys who nabbed the card were pretty smooth. I had forgotten it at the counter of a store. The cashier noticed, at which point, the two men offered to bring it out to me. They did catch me outside the store, and told me that cashier wanted to talk to me as there was a problem with the purchase. I go back in the store and by the time I could have figured it out, they were gone. Apparently similiar incidents have been happening a lot in my area lately, probably preying on tourists and drunks. (I fall into the drunk and just worked 12 hours category). Fruits of the sea fucked around with this message at 14:01 on Jul 26, 2017 |
# ? Jul 26, 2017 13:59 |
|
Woo, metropcs has incorporated the caller ID for scams from T-Mobile as of today. Made me laugh when a number called with 'Scam Likely' on my screen. I get so many of these it's unreal.
|
# ? Jul 26, 2017 15:17 |
|
At least now you can be aware of what's happening pretty much instantly with credit cards. I get an app notication when mine is used. Back in the day you would be oblivious until you realised the card was gone, the statement came or they maxed it and bank called you at work.
|
# ? Jul 27, 2017 15:01 |
|
Teriyaki Hairpiece posted:If you're extremely paranoid, even nice hotels will let you use a debit card at check-in. They don't want to do it, they'll put a big hold on your bank account which could last for weeks after you check out, and you won't be able to charge anything to your room, but, hey, nobody else will either. Totally untrue, it happened to me dozens and dozens of times touring with small lovely companies. If there is an issue with the card that the room is supposed to be on they just take the card I put down for incidentals and charged the room(s) to that. I actually got a CC again just to use for hotel check ins so I didn't lose access to my money while it got sorted out.
|
# ? Jul 27, 2017 15:04 |
|
I've had my credit card stolen twice , and in neither of those instances did it actually involve the physical theft of the card. Of course I can never be exactly sure, but they both coincided with me handing my card off to a drive through worker while driving through Florida to visit with family in the southern end of the state. I have to assume someone just took a couple quick pictures of the card, handed it back, and then went shopping after their shift. I didn't pay gently caress all in either of those cases, either. Once I noticed bullshit charges the card companies were really good about canceling the card, issuing a new one, and blowing out anything I flagged as bogus.
|
# ? Jul 27, 2017 22:17 |
|
Teriyaki Hairpiece posted:If you're extremely paranoid, even nice hotels will let you use a debit card at check-in. They don't want to do it, they'll put a big hold on your bank account which could last for weeks after you check out, and you won't be able to charge anything to your room, but, hey, nobody else will either. I don't understand how that would protect you from anything. Generally speaking, if your credit card has a bunch of fraudulent charges on it, your credit card company has a problem. If your debit card has a bunch of fraudulent charges on it, YOU have a problem.
|
# ? Jul 28, 2017 00:14 |
|
|
# ? Oct 11, 2024 07:04 |
|
Thanatosian posted:I don't understand how that would protect you from anything. That used to be true back in the day, but nowadays debit and credit card protections are virtually the same: https://money.usnews.com/money/blogs/alpha-consumer/2009/08/18/fraud-protection-debit-versus-credit-cards The only real difference is that fraud pulls YOUR money out so you're broke, while CC fraud charges usually get taken care of by the time you get your bill, so it's no big deal. That said, I had a couple fraudulent debit charges a few months ago and the bank had my $$$ back within 48 hrs. Of course, each bank is different.
|
# ? Jul 28, 2017 03:37 |