Tumgik
Visit Blog
Explore Tumblr blogs with no restrictions, modern design and the best experience.
Fun Fact
Kazakhstan’s Minister of Communications and Informatics has blocked the Tumblr site because it contained 60 sites of terrorism, extremism, and pornography in 2015.
#this applies to the US in that they impersonated US gov agencies
sunatsubu · 6 months
Text
PSA ABOUT PHONE SCAMS FROM GOVERNMENT OFFICIAL IMPERSONATORS So. I almost fell victim to a really elaborate phone scam. Now that I've had time to process it, it's deeply unsettling how convincing the scammers were, and I don't know how far they might've gotten if it hadn't been for a tumblr post that I'd read recently, warning about these strategies. For the life of me I can't find that post now which is a shame because it explained the strategies very well, but I'll try to reiterate the main points I remember that helped me realize in time that I was being scammed. Hopefully no one else has to go through this but in case they do, may this help you recognize the red flags MUCH earlier than I did. (if anyone knows of the post I'm talking about please let me know! It went into a lot of good detail of what to watch out for)
I'll try to summarize how it went down first. I was called by someone claiming to be from the FTC. They gave me a badge number and a case number. They said a package being shipped to me from Mexico was intercepted, and contained illegal drugs and huge amounts of money, that my name was used to open accounts at multiple banks, and that my name was also used to try and claim some property in some random city/state I'd never been to. Of course this was immediately alarming to me and I start freaking out, but they then reassured me that after a background check they determined this is most likely a case of identity theft.
The convincing part was how much effort they seemed to put into asking if I could remember any instance where my identity might've been compromised; like they were legit trying to investigate the case in order to catch the actual culprit. So of course I'm trying to be as helpful as I can. They haven't asked me anything specific like bank accounts or SSN, so no obvious red flags.
Then they go into the steps I needed to take in order to establish I'm not the actual criminal who tried to ship drugs across the border, that it really is a case of identity theft. They describe to me ADR (alternate dispute resolution), which I quickly looked up and seems like is an actual legal thing. Basically they were saying that if I chose this option I don't have to hire my own lawyer/show up in court/etc, that the US Marshal will on my behalf establish to the court this was a case of identity theft.
They transfer me to someone supposedly at the Department of Justice, who also gives me a badge number. This person goes into more detail about the steps I need to take, that because my identity has been used to open up all these bank accounts and shipping drugs to multiple countries, etc - that I would need to be assigned a new SSN. And to do that, they needed to know which accounts were actually mine; so they asked me to verify exact amounts in my bank accounts, and anything else that was directly tied to my SSN such as credit cards.
They kept reiterating that I needed this new SSN so that they can monitor my old one and be able to catch whoever is using it for all these illegal activities. They emphasized I should stay on the line, and to also not tell anyone about this ongoing investigation because the identity thief could be anyone I know. I'm still not getting suspicious at this point because they keep emphasizing they don't want to know any specific bank account #s or my actual SSN, because that would be illegal to ask for.
I then get transferred to the supposed US Marshal, again gives me a badge number. Again going into more detail on how to secure my actual accounts so they can close out/track the fake accounts. He starts getting more into detail about securing my bank account and how I needed to go to the bank in person. He emphasized that I shouldn't tell the bank teller what was going on because they could be involved in the crime, or something about money laundering, I don't remember exactly what the explanation was.
This is the point I started getting suspicious; I remembered specifically from that tumblr post that the scammers will want to keep you from revealing anything to bank employees because they are trained to recognize scams like this. I continue the conversation though, and the 'US Marshal' goes on to say, in order for me to secure/establish this account as truly mine, that I need to withdraw 50% of my funds from it in cash, and not a cashier's check. THIS is the point I realize what's going on, and I stammer out something about wanting to verify the badge numbers they gave me, and quickly hang up.
Things they did that made it believable: - Giving me badge numbers and a case number - Reassuring me they don't want to know sensitive information like SSN, bank account numbers, etc. - Seeming genuine in investigating how my identity might've been compromised - Citing actual legal pathways like ADR - The way they slowly ramped up the urgency so as not to come off as suspicious too suddenly. They worked up my fear from a more believable scenario (that my identity was stolen and being used for criminal activities including opening a bunch of bank accounts) and used that to justify the steps I needed to take to secure my own actual accounts.
Things that should have been red flags: - I was too panicked in the moment to notice right away but I'm fairly certain all 3 people I talked with had the same accent. What are the chances of that for 3 different employees at supposedly 3 different government organizations? (these were things that thank god I remembered reading from that previous tumblr post) - they kept me isolated by claiming anyone I know could be the actual culprit who stole my identity. - They urged me to stay on the line as they continued to transfer me to the next person, keeping me from calling anyone else. - they said not to let the bank teller find out what was going on
Things I did not know but learned, either from looking up myself or from the FTC when I called to report the incident: - Different departments don't actually communicate very closely. So they'd never transfer me from department to department the way the scammers did. The FTC for example wouldn't be able to ask the Social security department to issue me a new number. - Nobody from the FTC will give you a badge number or ask you how much money you have in your accounts.
Steps I took afterwards, because I'm fairly certain I never gave actual sensitive information, but in my ramblings to try and be helpful with their 'investigation' I might've said something compromising. - Called the US Marshal office just to triple check; they almost immediately said it was a scam as soon as I mentioned 'badge number.' - Called the FTC to file a fraud report - Called one of the credit bureaus (Experian I think) and placed a fraud alert on my credit activity. This automatically applies to all 3 bureaus, and lasts for a year - Changed my bank acct passwords
I feel pretty stupid in retrospect at how panicked I got, but I do feel like they were very good at manipulating my emotions to believe them for as long as I did. So as embarrassed as I am to admit I almost fell for this, again hopefully this might help even 1 other person spot the red flags early enough.
#psa#this applies to the US in that they impersonated US gov agencies#but I imagine this similar strategy can be used in other countries#mypost#scams
72 notes · View notes
beardedmrbean · 10 months
Text
LANSING, Mich. -- Michigan is joining an effort to curb deceptive uses of artificial intelligence and manipulated media through state-level policies as Congress and the Federal Elections Commission continue to debate more sweeping regulations ahead of the 2024 elections.
Campaigns on the state and federal level will be required to clearly say which political advertisements airing in Michigan were created using artificial intelligence under legislation expected to be signed in the coming days by Gov. Gretchen Whitmer, a Democrat. It also would prohibit use of AI-generated deepfakes within 90 days of an election without a separate disclosure identifying the media as manipulated.
Deepfakes are fake media that misrepresent someone as doing or saying something they didn't. They're created using generative artificial intelligence, a type of AI that can create convincing images, videos or audio clips in seconds.
There are increasing concerns that generative AI will be used in the 2024 presidential race to mislead voters, impersonate candidates and undermine elections on a scale and at a speed not yet seen.
Candidates and committees in the race already are experimenting with the rapidly advancing technology, which in recent years has become cheaper, faster and easier for the public to use.
The Republican National Committee in April released an entirely AI-generated ad meant to show the future of the United States if President Joe Biden is reelected. Disclosing in small print that it was made with AI, it featured fake but realistic photos showing boarded-up storefronts, armored military patrols in the streets, and huge increases in immigration creating panic.
In July, Never Back Down, a super PAC supporting Republican Florida Gov. Ron DeSantis, used an AI voice cloning tool to imitate former President Donald Trump’s voice, making it seem like he narrated a social media post he made despite never saying the statement aloud.
Experts say these are just glimpses of what could ensue if campaigns or outside actors decide to use AI deepfakes in more malicious ways.
So far, states including California, Minnesota, Texas and Washington have passed laws regulating deepfakes in political advertising. Similar legislation has been introduced in Illinois, New Jersey and New York, according to the nonprofit advocacy group Public Citizen.
Under Michigan's legislation, any person, committee or other entity that distributes an advertisement for a candidate would be required to clearly state if it uses generative AI. The disclosure would need to be in the same font size as the majority of the text in print ads, and would need to appear “for at least four seconds in letters that are as large as the majority of any text" in television ads, according to a legislative analysis from the state House Fiscal Agency. Deepfakes used within 90 days of the election would require a separate disclaimer informing the viewer that the content is manipulated to depict speech or conduct that did not occur. If the media is a video, the disclaimer would need to be clearly visible and appear throughout the video's entirety.
Campaigns could face a misdemeanor punishable by up to 93 days in prison, a fine of up to $1,000, or both for the first violation of the proposed laws. The attorney general or the candidate harmed by the deceptive media could apply to the appropriate circuit court for relief.
Federal lawmakers on both sides have stressed the importance of legislating deepfakes in political advertising, and held meetings to discuss it, but Congress has not yet passed anything.
A recent bipartisan Senate bill, co-sponsored by Democratic Sen. Amy Klobuchar of Minnesota, Republican Sen. Josh Hawley of Missouri and others, would ban “materially deceptive” deepfakes relating to federal candidates, with exceptions for parody and satire.
Michigan Secretary of State Jocelyn Benson flew to Washington, D.C. in early November to participate in a bipartisan discussion on AI and elections and called on senators to pass Klobuchar and Hawley's federal Deceptive AI Act. Benson said she also encouraged senators to return home and lobby their state lawmakers to pass similar legislation that makes sense for their states.
Federal law is limited in its ability to regulate AI at the state and local levels, Benson said in an interview, adding that states also need federal funds to tackle the challenges posed by AI.
“All of this is made real if the federal government gave us money to hire someone to just handle AI in our states, and similarly educate voters about how to spot deepfakes and what to do when you find them,” Benson said. “That solves a lot of the problems. We can’t do it on our own.”
In August, the Federal Election Commission took a procedural step toward potentially regulating AI-generated deepfakes in political ads under its existing rules against “fraudulent misrepresentation.” Though the commission held a public comment period on the petition, brought by Public Citizen, it hasn’t yet made any ruling.
Social media companies also have announced some guidelines meant to mitigate the spread of harmful deepfakes. Meta, which owns Facebook and Instagram, announced earlier this month that it will require political ads running on the platforms to disclose if they were created using AI. Google unveiled a similar AI labeling policy in September for political ads that play on YouTube or other Google platforms.
#nunyas news#i think I'm ok with this plan
2 notes · View notes
asoenews · 4 years
Text
0 notes
amberdscott2 · 7 years
Text
Registered at SSA.GOV? Good for You, But Keep Your Guard Up
KrebsOnSecurity has long warned readers to plant your own flag at the my Social Security online portal of the U.S. Social Security Administration (SSA) — even if you are not yet drawing benefits from the agency — because identity thieves have been registering accounts in peoples’ names and siphoning retirement and/or disability funds. This is the story of a Midwest couple that took all the right precautions and still got hit by ID thieves who impersonated them to the SSA directly over the phone.
In mid-December 2017 this author heard from Ed Eckenstein, a longtime reader in Oklahoma whose wife Ruth had just received a snail mail letter from the SSA about successfully applying to withdraw benefits. The letter confirmed she’d requested a one-time transfer of more than $11,000 from her SSA account. The couple said they were perplexed because both previously had taken my advice and registered accounts with MySocialSecurity, even though Ruth had not yet chosen to start receiving SSA benefits.
The fraudulent one-time payment that scammers tried to siphon from Ruth Eckenstein’s Social Security account.
Sure enough, when Ruth logged into her MySocialSecurity account online, there was a pending $11,665 withdrawal destined to be deposited into a Green Dot prepaid debit card account (funds deposited onto a Green Dot card can be spent like cash at any store that accepts credit or debit cards). The $11,655 amount was available for a one-time transfer because it was intended to retroactively cover monthly retirement payments back to her 65th birthday.
The letter the Eckensteins received from the SSA indicated that the benefits had been requested over the phone, meaning the crook(s) had called the SSA pretending to be Ruth and supplied them with enough information about her to enroll her to begin receiving benefits. Ed said he and his wife immediately called the SSA to notify them of fraudulent enrollment and pending withdrawal, and they were instructed to appear in person at an SSA office in Oklahoma City.
The SSA ultimately put a hold on the fraudulent $11,665 transfer, but Ed said it took more than four hours at the SSA office to sort it all out. Mr. Eckenstein said the agency also informed them that the thieves had signed his wife up for disability payments. In addition, her profile at the SSA had been changed to include a phone number in the 786 area code (Miami, Fla.).
“They didn’t change the physical address perhaps thinking that would trigger a letter to be sent to us,” Ed explained.
Thankfully, the SSA sent a letter anyway. Ed said many additional hours spent researching the matter with SSA personnel revealed that in order to open the claim on Ruth’s retirement benefits, the thieves had to supply the SSA with a short list of static identifiers about her, including her birthday, place of birth, mother’s maiden name, current address and phone number.
Unfortunately, most (if not all) of this data is available on a broad swath of the American populace for free online (think Zillow, Ancestry.com, Facebook, etc.) or else for sale in the cybercrime underground for about the cost of a latte at Starbucks.
The Eckensteins thought the matter had been resolved until Jan. 14, when Ruth received a 1099 form from the SSA indicating they’d reported to the IRS that she had in fact received an $11,665 payment.
“We’ve emailed our tax guy for guidance on how to deal with this on our taxes,” Mr. Eckenstein wrote in an email to KrebsOnSecurity. “My wife logged into SSA portal and there was a note indicating that corrected/updated 1099s would be available at the end of the month. She’s not sure whether that message was specific to her or whether everyone’s seeing that.”
NOT SMALL IF IT HAPPENS TO YOU
Identity thieves have been exploiting authentication weaknesses to divert retirement account funds almost since the SSA launched its portal eight years ago. But the crime really picked up in 2013, around the same time KrebsOnSecurity first began warning readers to register their own accounts at the MySSA portal. That uptick coincided with a move by the U.S. Treasury to start requiring that all beneficiaries receive payments through direct deposit (though the SSA says paper checks are still available to some beneficiaries under limited circumstances).
More than 34 million Americans now conduct business with the Social Security Administration (SSA) online. A story this week from Reuters says the SSA doesn’t track data on the prevalence of identity theft. Nevertheless, the agency assured the news outlet that its anti-fraud efforts have made the problem “very rare.”
But Reuters notes that a 2015 investigation by the SSA’s Office of Inspector General investigation identified more than 30,000 suspicious MySSA registrations, and more than 58,000 allegations of fraud related to MySSA accounts from February 2013 to February 2016.
“Those figures are small in the context of overall MySSA activity – but it will not seem small if it happens to you,” writes Mark Miller for Reuters.
The SSA has not yet responded to a request for comment.
Ed and Ruth’s experience notwithstanding, it’s still a good idea to set up a MySSA account — particularly if you or your spouse will be eligible to withdraw benefits soon. The agency has been trying to beef up online authentication for citizens logging into its MySSA portal. Last summer the SSA began requiring all users to enter a username and password in addition to a one-time security code sent their email or phone, although as previously reported here that authentication process could be far more robust.
The Reuters story reminds readers to periodically use the MySSA portal to check and make sure that your personal information – such as date of birth and mailing address – are correct. “For current beneficiaries, if you notice that a monthly payment has not arrived, you should notify the SSA immediately via the agency’s toll-free line (1-800-772-1213) or at your local field office,” Miller advised. “In most cases, the SSA will make you whole if the theft is reported quickly.”
Another option is to use the SSA’s “Block Electronic Access” feature, which blocks any automatic telephone or online access to your Social Security record – including by you (although it’s unclear if blocking access this way would have stopped ID thieves who manage to speak with a live SSA representative). To restore electronic access, you’ll need to contact the Social Security Administration and provide proof of your identity.
from Amber Scott Technology News https://krebsonsecurity.com/2018/01/registered-at-ssa-gov-good-for-you-but-keep-your-guard-up/
0 notes
Last Seen Blogs
afleru
Afleru
botvisions-blog
Understanding Media Art
the-river-north
The Dear Hunter
thedeathoftruespirit-blog
Taxi from Bangalore to Mantralayam
mallenolfe-blog
Allen Grant