All electronic communications can be tampered with or be faked, including phone calls and videos. Below you will find some related general information that is good for anyone to know.
Are you aware that Dutch Rijkmuseum Twenthe was scammed out of 2.66 million euros when criminals hijacked an e-mail communication with a British art dealer? E-mail hijacking is a very common occurrence, according to this January 2020 article in Dutch major newspaper TROUW:
Bloomberg and other media had this news too:
https://www.bloomberg.com/news/articles/2020-01-30/fraudsters-posing-as-art-dealer-got-gallery-to-transfer-millions
Many more cases have hit the news since, usually involving major companies transferring a large sum to a scammer’s bank account.
Here is another explanation of how it can be done, but what is not often mentioned is involvement of staff at providers:
https://www.investec.com/en_gb/focus/fraud/latest-fraud-scam.html
Phone line interference
Another example of how communications can be interfered with in the digital age. In this case, police officers pounced on two innocent bystanders, at least one of which they should have been able to recognize. It alerted the criminals of the police’s presence. That the officers who bungled this case consider phone line interference “sophisticated” indicates how far behind these self-proclaimed “experts” are:
https://www.theguardian.com/money/2020/feb/08/bank-couple-lose-43000-but-cant-get-a-refund
By contrast, put your hands together for these girly swots, dorks, dweebs and geeks in the Netherlands who hacked into the cameras in the office of the Russians who had earlier hacked into the Democratic National Committee (DNC) in the US:
Voice cloning, anyone?
If you’re on YouTube or TikTok, anyone can sample your voice and start making phone calls posing as you.
https://www.veritone.com/blog/what-is-voice-cloning-and-how-does-it-work/
Lack of security at utility companies etc
The security on most utility accounts etc is still as good as non-existent. They ask you to “prove” it’s you with information that is often publicly available and stored in so many accounts, such as your local council’s. It means that anyone who is determined enough can call your electricity company and for example get your account closed, telling them that you’re moving house. Almost none of these companies ask you a “secret” question to which the answer is or should not be publicly available on the internet.
What is my address? What’s the last part of my post code? Those are not security questions at all!
My YOB is available on the internet (part of legal requirements to protect you against me scamming you). Yours may be out there on the web too. Many social media companies alert your connections that it’s your birthday, usually without revealing your YOB. This is just one example of how people can end up with someone’s full DOB.
(Check your privacy settings regularly because social media companies change them often and sometimes reset them or add something that makes you broadcast private information into the world.)
Another problem is that these social media companies insist on having your DOB these days when you open an account, yes, but you can put in any date you want. If you put in a fake date, that’s not good for if your account gets hacked and you need to submit ID to get it back. If your social media content is not crucially important to you, then it does not matter what kind of DOB you enter, but entering a fake DOB can help protect you.
Two-factor authorization (2FA)
Phone cloning can enable someone else to receive your texted login codes. Texted login codes can also simply be intercepted.
Two-factor authorization (2FA) apps, however, carry the risk that you lose access to your account and may be unable to regain access if your phone suddenly dies on you. The backup process for 2FA apps is not only a little too complicated for many people, it can also be hard to remember where you’ve kept the damn json file or the 12-word or 24-word recovery phrase because you so rarely need those things. Hardware login gadgets carry the risk that you lose or misplace them.
That said, 2FA apps are likely your best bet. If you have trouble backing them up or restoring them, ask your nephew, sister, best friend or granddaughter.
I tend to use a number of different phones for different tasks so that I can keep my communications separated. It may make me look a little suspicious when I go through security when I travel but hey, I get that. Using lots of phones, that’s what criminals do, right?
(Here’s another tip: Never buy a used or ridiculously cheap phone online.)
Trust but verify
Some years ago, a number of people here where I live received postal mail telling tenants to start paying rent to someone else. This is something that people tend to fall for pretty easily. If you point this out, people may call your paranoid and delusional, but I too can whip up official-looking stationery, send letters in which I tell people to send me copies of their documentation and to start paying me from now on.
Be aware of confirmation bias
When you are focused on verifying one thing, you tend to overlook anything else that may be off.
I learned that from Petter Hörnfeldt (Mentour Pilot). Two examples follow.
After my hacker changed the bank account data in one of my outgoing invoices, when I was correcting that, I was so focused on checking the account data that I did not notice that the dollar and euro amounts were incorrect (about 50 pounds’ worth too low) but the pound values were the right ones. Guess which bank account my client paid into?
Yesterday when I was looking for matches at the supermarket, I actually completely overlooked them on the shelf.
That’s because I was looking for something like this:
However, this was on the shelf, neatly tucked away next to the barbecue products in matching colors:
PS
We’ve become so obsessed with keeping information private – while handing it all out to Google, Apple and Amazon – that it’s become harder for us to verify information and that enables scammers to get us to pay them. Voices have recently started up for bank number verification when you pay someone. We already had that in the past but privacy concerns put a stop to most of it. People became too worried about scammers taking money from their accounts so crime now focuses on getting people to pay money into the scammers’ accounts.
My own IT security pretty much sucks these days because after I got targeted by persistent hacking and even lock-picking, all my horses had already bolted and the stables were empty. Any new horses I bought kept being released too, so to speak (partly because the locks were getting picked and continue to get picked). After that, making all sorts of information public became part of my protection.
