http://www.lupinia.net/writing/tech/scammed.htm
When discussing scams and social engineering attacks, it's easy for security researchers and experts to present information in a way that implies the victims of these attacks should have known better. It's an attitude borne of biases that many engineers have - myself included - but it's unhelpful and counter-productive. And, as much as we may like to think we'd handle these situations so much better, that's just not true. Security experts - even those with professional experience in social engineering - are not immune to scams. As an example of this, I'd like to share the story of a scam I fell for recently.
The Call
In the early afternoon, after starting my day with an extremely tiring 2-hour meeting, I kicked back for a much-needed break before digging into some writing projects. However, my meditation was interrupted by my phone ringing. Which, in and of itself, was noteworthy - I use a complex web of forwarding numbers and obfuscation to avoid giving out a real phone number as much as possible, and the only people who have my real phone number rarely call me, especially during the day. I checked the caller ID, and it was my bank, Wells Fargo (I know, I know; trust me, they were not my first choice).
I answered, the guy said he was calling from Wells Fargo's Fraud Prevention Department, calling to verify some transactions. He verified my name, he had the last four digits of my debit card number, and everything generally seemed to follow the normal script of a transaction verification call. He rattled off three separate transactions, totalling close to a thousand US dollars, all of which were things I didn't recognize, in a city I've never been to, 1300 miles (2100km) from where I live. So, yeah, definitely fraudulent transactions. He said they'd cancel my debit card and send a new one, and verified the address on file - which he also already had, without me needing to provide it. I've had a bunch of these calls over the years, so nothing weird so far. I figured we were about finished with a very routine and normal fraud call, but it turned out we were just getting started.
(Score: 4, Insightful) by DeathMonkey on Friday April 01 2022, @04:15PM (18 children)
Well, if he didn't know it before he definitely knows the most important lesson now: There is no such thing as a secure system. Only a more secure system!
(Score: 3, Touché) by DeathMonkey on Friday April 01 2022, @04:18PM
Or, in Microsoft's case, a LESS secure system!
(Score: 1, Informative) by Anonymous Coward on Friday April 01 2022, @05:49PM (4 children)
Actually, his name is Natasha. Just so you know.
(Score: 1, Funny) by Anonymous Coward on Friday April 01 2022, @05:58PM (2 children)
*If* Natasha wishes to use male pronouns then more power to him!
OTOH, who reads the article? :)
(Score: 2) by maxwell demon on Friday April 01 2022, @06:12PM
Well, I did. But I didn't read the author's name (and even after reading that comment, when actively looking for the name, I had trouble to find it; it's well hidden in the middle of a line of tiny font size).
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by driverless on Saturday April 02 2022, @08:37AM
Actually Natasha sexually identifies as a Suzuki Hayabusa motorcycle, please remember to use the correct pronoun.
(Score: 3, Insightful) by Mojibake Tengu on Friday April 01 2022, @11:28PM
Not just only that. When someone makes herself publicly doxed at Linkedin, thus making self deliberately a very public person, and at the same time uses an email address ending with .gov (list of which is probably obtainable just by legally asking some relevant authorities), it is obvious Natasha's not so secret middle name un-mentioned in TFA shortens as 'K.'
While Linkedin is a total loss of privacy in absolutely fatal way, forever, it seems the triple certified security educator certification at department of education is not a big guarantee of professionality either.
The only tool I just actually used to replicate scammer's sourcing of all her public whereabouts was... single query to DuckDuckGo. Yes, a single query. Nothing else. Every one of you can do that, now. The most funny result was Whitepages tenant screening database, which blows all the family relatives in a single item. Wedding could save some security factor about surname, but it didn't worked well in this very case.
If she really wanted to keep her surname secret (as in 'hidden from public'), the fundamental mistake done by security expert Mrs.Lupiani was naming her website 'Lupinia'. AI embedded in any established public search engine solves that charade trivially. Psychologically, it all looks like her inner wish projection to be exposed.
When dealing with people, always expect your
attackerpartner knows everything about you. Your level of trust should depend only on how much you know about him.This is just fun. Money is a renewable resource. But do not underestimate what real spooks and other criminals know about you. If your life is at stake.
Not only I keep a dedicated phone and a dedicated computer for only banking, those doing nothing else, but also if I have any issue with banking, I just walk into the bank. It's worth the time, always. No phone calls, absolutely. Still, I do not consider the technology completely safe. And commoners have no chance for digital safety at all. The shame is on experts bringing all the technological and social absurdities upon us.
The edge of 太玄 cannot be defined, for it is beyond every aspect of design
(Score: 2) by JoeMerchant on Friday April 01 2022, @06:06PM (6 children)
And, that should have been Game Over for the scammer, thank you, goodbye. At which point you call Wells Fargo directly yourself, and/or check online to see if any of these supposed fraudulent transactions appear on your account.
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end
(Score: 0) by Anonymous Coward on Friday April 01 2022, @06:33PM (1 child)
Ya this was the part of the story where i facepalmed. I DID read the email and it clearly states Wells Fargo, no matter how shitty they are as a bank, will never ask for this number.
(Score: 2) by driverless on Saturday April 02 2022, @09:10AM
Yes they will. Over and over again banks have done the exact things they tell their customers they'd never do. It's easy enough to play Monday morning quarterback after the event, but everything he describes there is in line with a real interaction with a real bank.
(Score: 5, Informative) by Anonymous Coward on Friday April 01 2022, @10:39PM (2 children)
Game over should have been:
(Score: 2, Informative) by Anonymous Coward on Friday April 01 2022, @11:22PM
This right here is the correct response. Cold call claiming to be urgent? Could be legit, but only one way to be sure. I did exactly this when I got one such call. The rep said "sure, no problem" (might have given me a reference number), I called the customer service number on the card, and they connected me back to the fraud department to get it handled.
(Score: 3, Interesting) by JoeMerchant on Saturday April 02 2022, @02:01AM
True enough, but he did the whole "I'm only human, I was tired..." thing before that, and O.K.: humans will go along with what people say to an extent... Jedi Mind tricks for the weak minded and all.
But, if your weak mind smells a rat, it's time to treat it like a rat. Nothing to lose by thanking them for alerting you and doing your own followup. The lazy will feel "oh, let's just let this guy take care of it" and that's the last thing you should be doing with account information.
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end
(Score: 2) by Joe Desertrat on Saturday April 02 2022, @12:17AM
Especially with a bank. At the first hint of something unusual, hang up immediately without comment, check your account online and if the transactions are not there call the bank and alert them of the scam attempt. If the scammer had that much information on you, you might consider getting a new debit card as well, although I might have some concern on getting one mailed to me in case the address is watched.
(Score: 0) by Anonymous Coward on Friday April 01 2022, @07:08PM (4 children)
Well ... I guess if you turn off the computer and don't even use it then it will be secure ...
(Score: 4, Interesting) by bzipitidoo on Friday April 01 2022, @09:00PM (3 children)
I've seen a demonstration in which a PC was infected through its wired LAN connection, even though it was turned off and unplugged.
(Score: 3, Insightful) by krishnoid on Friday April 01 2022, @09:24PM (2 children)
Um, LOL? If you're not being sarcastic, can we get more details? Sounds like a wake-on-LAN and PXE-boot attack, but ... ?
(Score: 4, Informative) by bzipitidoo on Friday April 01 2022, @10:41PM
No fooling, I saw it. Verified that the PC was unplugged, and had been for long enough to discharge all the capacitors. Seems even then there's still enough power in the system to negotiate a small data transfer and storage through the wired LAN connection. It was never fully explained how it worked. Got power from the CMOS battery? Or, maybe some capacitors hung on much longer? I'd guess Wake on LAN shouldn't work if the machine is unplugged.
(Score: 4, Informative) by Anonymous Coward on Friday April 01 2022, @10:54PM
Nope. I remember the same thing. IIRC it was at DEFCON or the cDc conference. What they did is use the fact that the Ethernet is still powered when the computer is off. They used the energy to force a residual charge into the card's memory somewhere. Once unplugged, the slowly-fading charge was maintained by the minimal power leaked by the RTC battery. Once the machine was plugged back in, the computer would power back up from mechanical off to soft off. In soft off, the IME would check the card and _hopefully_ find the still valid command sitting on the Ethernet card, which it then moves to memory and the computer acts on it when powered up. The same attack doesn't quite work today but it was a great example of how dangerous the technology was at the time.
(Score: 3, Interesting) by SomeGuy on Friday April 01 2022, @05:15PM (12 children)
What I don't get is if this person never used Apple Pay (barf, try and make everyone use toy cell phones for everything) then why would they think that they need to do something themselves to "disconnect" from something they never "connected" to in the first place?
Or is opting in to Apple Pay mandatory for all bank accounts because all praise glorious cell phones?
(Score: 2, Interesting) by Anonymous Coward on Friday April 01 2022, @05:44PM (9 children)
I think once he convinced himself that it was a legit call, and dealing with the anxiety building in the back of his head at the thought that fraudulent charges were being made, it wasn't hard to follow the instructions from there.
(Score: 0) by Anonymous Coward on Friday April 01 2022, @05:54PM (1 child)
I had an email recently from a different address than normal for my bill negotiation service. It was a bit of a head scratcher as the last few times it was through a different phone and email, but they had all the information needed to defraud me already if it wasn't legit.
I did pay and I did get what I paid for, but it's not always easy to know if you're being scammed.
(Score: 0) by Anonymous Coward on Friday April 01 2022, @06:06PM
Indeed, it's not always easy to know. What you should do in such a case is to find an email address/phone number you are certain is legitimate and call back/email using that contact information instead.
(Score: 1, Informative) by Anonymous Coward on Friday April 01 2022, @05:59PM (5 children)
I suspect a couple of things that lulled Natasha into falling for this was that (a) the phone number was coming up in caller ID as belonging to Wells Fargo and (b) they already seemed to have most, if not all, of her PII anyway. Of course, in hindsight, she should not have trusted either of these two things as indicating a legitimate fraud alert from the bank. I had to deal with this kind of fraud alert a few months back. When I get such a call from out of the blue, I typically ask for their name and the department that they work in at the bank/credit card company. Then I use the phone number on the back of my credit/debit card to call them back. Yes, it means having to navigate their annoying automated phone tree but it's well worth the added time and hassle to make sure you are actually talking to somebody who legitimately works for the CC company/bank.
(Score: 1, Insightful) by Anonymous Coward on Friday April 01 2022, @06:21PM (3 children)
This, I always assume an inbound call is fraud and call back on any call that involves credit cards, even if i expect the call. They were prepared for this in this case (instant 14 day hold, must go to branch to clear) , but i would have said oh hell no i don't belive that.
(Score: 1, Interesting) by Anonymous Coward on Friday April 01 2022, @06:47PM (2 children)
Beware of the “hang-up delay” scam.
(Score: 0) by Anonymous Coward on Friday April 01 2022, @06:57PM
Interesting, i had never heard of that, it likely only applies to landlines which i have not had for ~10 years. Not sure how they could accomplish it on a cell.
(Score: 0) by Anonymous Coward on Saturday April 02 2022, @04:16AM
When I was ten, everyone would troll each other by doing this.
I am surprised they never fixed it. Seems like the sort of thing the phone companies would address along with phreaking, slamming and the other miscellaneous idiocy that was possible on the old fashioned phone network. But then, they never fixed Caller ID spoofing, and it doesn't cost them money, just their customers, so...
(Score: 2) by bzipitidoo on Friday April 01 2022, @09:06PM
I've received a few messages supposedly from my bank that roused my suspicions. I checked that they did indeed send the messages, then chewed them out for doing such a poor job with their messages. Had a convenient "click here" button to log into your bank account. While DNS could be poisoned, I'd much rather take my chances with that than trust a link in an email message!
(Score: 2) by driverless on Saturday April 02 2022, @09:15AM
Also, their systems really are that crappy. I've been getting email from Paypal about an account someone has signed up for using my email address for months, I immediately notified Paypal about it and got no response so I figure it's now their problem. Just to clarify that, someone else's name, someone else's CC details, only my email address used for Paypal notifications. So obvious fraud (my email address would be pretty difficult to typo), I notified Paypal, and they did nothing. Everything this guy describes is perfectly plausible and reasonable when dealing with online financial outfits, it's all held together with duct tape and string and barely works at the best of times.
(Score: 2, Informative) by vux984 on Saturday April 02 2022, @12:52AM (1 child)
RTFA.
The scammer said the fraud came through an apple pay connection, with the implication that a fraudster had somehow managed to connect the victims account to the fraudsters iphone/Apple Pay.
As the victim didn't use Apple Pay, they were of course inclined to think it was pretty reasonable that they would want to get their bank account disconnected from Apple Pay.
And that it was even pretty reasonable, especially with Apple and how controlling they are, that now he might actually have to do something to confirm to Apple that he wanted his bank account disconnected from Apple Pay.
(Score: 0) by Anonymous Coward on Saturday April 02 2022, @03:39AM
If some company has more power over your money than your bank, it is probably time to get your money out of that bank.
(Score: 1, Insightful) by Anonymous Coward on Friday April 01 2022, @05:18PM (5 children)
Nice click bait cliff hanger there... Is it real? I doubt it. Even the headline sounds spammy...
(Score: 4, Informative) by Anonymous Coward on Friday April 01 2022, @05:38PM (1 child)
Yeah, in this case, I clicked on the bait. It turns out it was well worth the click. Fascinating read , actually. Just my $0.02 worth.
(Score: 2) by bzipitidoo on Friday April 01 2022, @09:08PM
It's that day of the year, you know. Trust nothing! My first thought on seeing this article was that it itself was a trick, a prank.
(Score: 3, Insightful) by Anonymous Coward on Friday April 01 2022, @06:07PM (2 children)
It all boils down to "Never trust an inbound call, hang up and call back". This is my firm policy for anything involving credit cards.
(Score: 1, Insightful) by Anonymous Coward on Friday April 01 2022, @06:21PM (1 child)
Actually, this is a good idea for anything having to do with your financial matters.
(Score: 2, Insightful) by Anonymous Coward on Friday April 01 2022, @06:48PM
Exactly, but that is normally credit cards. The policy applies to providing any information that would be useful in a scam. A story about how seriously i take this. I have a pest control company spray my house, they called me saying my card on files was declined. I say to myself:
1) yup they just sprayed my house a few days ago
2) yup i replaced my card a few months ago for... embarrassing reasons
3) this is totally a legit call
Then i explain i cannot give out my credit card on an inbound call and will call back.
(Score: -1, Redundant) by Anonymous Coward on Friday April 01 2022, @05:33PM (7 children)
fuck click bait
(Score: 5, Informative) by Anonymous Coward on Friday April 01 2022, @06:01PM (6 children)
It's not click bait. It's someone directly copying the first paragraphs of an article instead of summarizing it like summaries are supposed to do. Here's the next couple paragraphs which start right after that paragraph. The site only loads resources from 4 domains.
What an actually summary should have included: Expert on scams gets scammed because scammer talked well, scammer had a bunch of public info and his CC number, expert doesn't use Apple Pay, scammer validates experts' beliefs by saying things like large companies have complex systems that are crazy to work with, expert verifies a 2-factor Apply Pay account setup message because he was too distracted to think what he was doing, scammer gets found out because he gets too greedy instead of only abusing the new Apple Pay account, Wells Fargo still sucks, etc... Summaries are supposed to summarize the entire article, not simply be an intro to an article. The fact that summaries have turned into ads is pretty depressing.
The one thing I learned from this article is the scammer asked the guy to dial in his SSN and date of birth. Never do that while you're talking to someone. That person is recording your phone tones and will play them back into some other automated system when impersonating you.
(Score: 3, Offtopic) by PinkyGigglebrain on Friday April 01 2022, @10:23PM (5 children)
Sadly that seems to be the case for all the submissions now. And the editors are too busy with other things or too lazy to do what the original submitter should have done and write an actual summary when needed. Though this isn't just a Soylent issue, its the common case with many other sites as well.
Submitters and editors need to start putting a little more effort into their respective duties. Otherwise it will probably only get worse as time goes on.
"Beware those who would deny you Knowledge, For in their hearts they dream themselves your Master."
(Score: 4, Informative) by janrinok on Saturday April 02 2022, @08:50AM (4 children)
Duties? I do everything you have a right to expect from someone on my pay. I am a volunteer. You are getting at least 2-3 hours a day of my time for free, and often considerably more. You only see the stories on the front page but there are now lots of jobs that fall to the remaining staff. I am not sat around twiddling my thumbs. I have been here since the very first days - I am not about to give up on the site now.
As I explained to you the other day [soylentnews.org], after the loss of MartyB from the active editorial team, I am doing around 75% of the stories that you are reading. If you consider me unsuitable for the task and want me to go then you would have to accept that you will be getting 2 stories a day, but perhaps not everyday, in the future. You are very free with your criticism - sorry "advice" - but unless someone else steps forward to help out it will stay that way. It may be well intentioned but it is misplaced. Why is this so hard for some people to understand?
Yep too busy with mixing my work here and having a real life away from SN. While some in our community are 'too lazy' to offer to help out. You do not know other people's circumstances - don't judge them based upon your own.
Putting in some well edited subs, as you have pointed out, would help considerably. I think the ball is now in your court.
(Score: 2) by maxwell demon on Saturday April 02 2022, @04:51PM (3 children)
Actually I'd say it is first and foremost the duty of the submitter to select meaningful quotes.
And yes, I know I very rarely submit stories (not the least because this site is my main source of information about topics suitable for this site). But when I do, I do give considerable consideration of what I quote. It may happen that it is the beginning paragraphs, but when that happens, it's because I came to the conclusion that the beginning paragraphs sum it up best.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by janrinok on Saturday April 02 2022, @06:46PM (2 children)
While I would agree with you we are the cause of some of the problem. Many years ago people complained that the process of submitting stories was to cumbersome. The number of submissions dropped off and we had to spend the day both finding, submitting and then processing stories.
We therefore provided bots (MrPlow and upstart) to help make things easier for the community. MrPlow only provides us with a URL. We have to go to whatever site it points to and start processing from there. upstart is quite a bit better; it extracts all the text and the citations/DOI of scientific papers. But essentially it leaves us with the same task - we have to start with a bare story. There are a couple of submitters who do a superb job - takyon, Phoenix666 and others. We much prefer submissions from individuals but we are now faced with a lot more work - and far fewer editors (really 2 at the moment at the moment).
I'm not sure if we owe it to COVID or work picking up again but people are just not as available as they once were.
(Score: 3, Informative) by Joe Desertrat on Sunday April 03 2022, @12:09AM (1 child)
I would like to think I can speak for the majority here on the site, but even if I can't, I myself am very appreciative of the job done by those running the site. I'm in a similar situation at my job, where too many people have left so almost everything falls upon me and one other or it doesn't get done. It is a mental and physical burden. I at least get paid for it, the fact that those running things here are volunteers makes complaints about how things are done seem very petty at best.
(Score: 2) by janrinok on Sunday April 03 2022, @06:11AM
Thank you. I know that a lot of people appreciate what we do, but the effect of even a small vocal minority constantly criticising can still be an unpleasant experience.
(Score: 5, Insightful) by dltaylor on Friday April 01 2022, @06:40PM (3 children)
It has been repeated so often that it is essentially a mantra: "If they call you, it is a scam. Call them back at the number on your card.".
It seems any clown can call themselves a "scam prevention expert".
(Score: 0) by Anonymous Coward on Friday April 01 2022, @07:11PM (1 child)
Particularly if they are human, i have NEVER had a human call me, only a machine asking yes/no questions, in this situation.
(Score: 0) by Anonymous Coward on Saturday April 02 2022, @04:21AM
This is an interesting point. Legitimate banks, if they call you at all, will normally use a robot. But scammers (as opposed to spammers, who also use robots) will normally use a human, in order to build trust.
My bank locks my card for fraud all the time, and while they used to just let me figure it out on my own when my card stopped working, now they usually are kind enough to send a text or email.
(Score: 2) by krishnoid on Friday April 01 2022, @09:27PM
"What's your name?" "Do you have an identifying number at the company that someone else in the fraud department can look up?" "Ok, I'm going to call the fraud department myself and ask them to route me to you. They won't be able to? You're going to have to give me more than that to go on, then."
(Score: 5, Informative) by pTamok on Friday April 01 2022, @07:17PM
If you want to 'do business' with someone, INCLUDING dealing with potential fraud, ALWAYS GET contact details FROM THEM (e.g. their name, staff number, and case number) and call them back on their organisation's OFFICIAL number.
Any organisation that does not accept this is not worth doing business with.
NEVER, EVER, give out personally or financially sensitive information to someone who called you. Always call their organisation back on a number provided by an INDEPENDENT lookup, and preferably on a different device/phone line so the 'dead line' scam* doesn't work.
*What is the 'dead-line' scam? The scammer calls you claiming to be from BIG-CORP, and agrees you can call back on BIG-CORP's number. At the end of the call, they play a recording that sounds like they have disconnected the call. You disconnect and dial BIG-CORP's number, but unbeknowst to you, on land-lines, if the called party hangs up, the line is not dropped, so what the scammer does is play a recording of dial-tone, then continued on the call. You think you are connected to BIG-CORP, when in fact you have been continuously connected to the scammer.
(Score: 5, Insightful) by sjames on Friday April 01 2022, @07:17PM
Often when these scams are reported, there's a long line of unsympathetic people claiming anyone could have detected the scam. Sure. Anyone should catch it assuming they're in a calm environment and are themselves calm. When they're not struggling with a deadline they guess they have about a 40% chance of making, when they don't have screaming kids around (theirs especially) When they're not in crazy traffic, when they weren't almost in a terrible accident, when the boss isn't venting his spleen because the "stupid IT monkeys" can't fix his personal iJesus for free after his kid flushed it down the toilet and "helpfully" put it through the washer and dryer after.
In short, anyone can have a bad day. Anyone can be distracted.
What we really need is the scammers encased in concrete on display in the scammers' hall of shame.
(Score: 3, Informative) by Ken_g6 on Friday April 01 2022, @07:57PM
2FA emails and texts should always include, in big, bold letters, "DO NOT SHARE THIS NUMBER WITH ANYONE!!!" One business I deal with does this every time. I didn't see that instruction anywhere from Wells Fargo.
(Score: 4, Informative) by krishnoid on Friday April 01 2022, @10:03PM (3 children)
This is why I don't trust debit cards:
Debit cards, on the other hand -- instant debit of your bank account, the liability lies with you (rather than with the merchant), don't improve (or ding) your credit score, and no 30-day period to pay charges in a given month.
(Score: 2, Informative) by Anonymous Coward on Saturday April 02 2022, @03:45AM (1 child)
The banks have been fighting to water it down since forever, but legally, credit card fraudsters steal the money from the bank or the merchant. With an authorized charge they add a debt to your card. If it was unauthorized, they couldn't do that. You could say "Not my debt, not my problem. So sad you got swindled."
With the rise of debit cards, the banks didn't make that mistake again. The money the fraudster takes comes out of your account, not from the bank. Now the bank says "Too bad. Scammer took your money. So sad."
(Score: 1, Interesting) by Anonymous Coward on Saturday April 02 2022, @05:03AM
While, legally, you are the one who is liable if your debit card is misused, there is incentive for the merchant and the bank not to leave you holding the bag. If they have too many unhappy customers lining up to complain, that can be a big PR nightmare for them. That is why these days many banks have $0 liability for fraudulent charges. Even so, it may take several days for the fraudulent charges to be reversed on your bank account.
(Score: 2) by krishnoid on Friday April 08 2022, @05:36PM
Another example. If you deposit a check, at least one major bank (in a place that ends with "America") provides this helpful tip:
The tip being:
So money is only available to spend on your debit card after they fully process your deposits, making that part of funds availability *slower* than that of using a paper check, and definitely slower and with higher fraud exposure and personal liability than using a credit card. The fact that it's a similar-looking plastic card that slides into the same payment processing mechanism and advertised as convenience is deceptive, at the very least.
(Score: 2) by Nuke on Saturday April 02 2022, @08:11AM (1 child)
They are very critcal of Wells Fargo, but the bank answered the phone at least within the hour and a half mentioned. That would be better than my bank manages to do.
(Score: 3, Interesting) by driverless on Saturday April 02 2022, @09:22AM
You mean "We are experiencing higher than normal call volumes" isn't the way every financial institution answers the phone?
Ours has a 24/7 hotline, I wondered what would happen if I called them at 3am. Sure, enough, "We are experiencing higher than normal call volumes", although I then immediately got through to an operator, which indicated that this actually was their standard response to all calls at all times.
(Score: 2, Insightful) by mexsudo on Saturday April 02 2022, @12:16PM
first, do Not Provide or _Confirm_ any data, none. Not even your name.
get all of the caller's data... name, case number, etc.
hang up.
call the genuine number from previously published sources.
this is Obviously a fake "security expert" that is just trolling for clicks.