#How do you use a credit card | Explore Tumblr Posts and Blogs

alex51324 · 17 days

Text

Everyplate unboxing

I did the Everyplate offer again! Seriously, guys--I'm not trying to be, like, a corporate shill here, but if you do their introductory offer and then immediately cancel, they will beg to give you the introductory offer again. And again. And again. I've done it like six times, all with the same credit card/address/etc. They've even started adding bonus offers--this time I got an extra meal and a packet of steak for $1.

If you live in the US, have a credit card, and like cooking, you should probably do it, is what I'm saying. All you have to do is remember to cancel it when the box arrives.

Here's the box:

It's a nice box, with a corrugated/reflective lining for temperature regulation. It's sturdy enough that you can re-use it (and the ice-packs that you get) as a little picnic cooler several times.

Here's inside the box:

Everything's just kind of jumbled in there, so you have to unpack it and sort out what goes with each meal. I've been doing the 6 meals/2 servings plan the last few times (the first few times I did 3 meals/4 servings), and with the extra meal offer this time I got 2 servings each of 7 meals. (You can get a smaller number of meals, but the shipping is a flat $11 no matter how many you get. If you pay attention when you're choosing which recipes you want, you can easily stretch the box out over 2 weeks--pick some things with vegetables that keep well, like carrots and so forth, and put the meat component in the freezer.)

Chicken stir-fry and dijon mustard steak:

With their stir-fries, I like to add some extra vegetables; I made this one last night and put in carrots and some more peppers, and it ended up being more like 3 servings than 2. The other one is originally a pork-chops recipe, but I'm going to do it with my free steak instead; I'm planning to have it tomorrow.

Shepherd's pie and linguine:

These two I'm putting aside for next week--I put the ground beef in the freezer, and everything else should be OK.

Sweet-potato hash and sausage flatbreads:

The sweet potato hash is also for next week. I made the flatbreads today. It was a little more complicated than I thought--they have you making a white sauce from scratch; I had to go out and buy milk--but it was really good!

Cherry pork chops/chicken:

They do a lot of recipes that are chicken or pork chops with some sort of fruit jam--I've done apricot and fig ones; this one has cherry jam. Since I ordered two meals that came with pork chops (this one and the dijon mushroom one) I swapped one set of pork chops for chicken, but then I also got the $1 steak, so I have an extra packet of meat; once I decide which one I want to have, I'll put the other one in the freezer.

I paid, like, $35 for all this food. I don't really understand why it's worth it to them to keep sending me this introductory offer when I have never bought a single full-price box, but they keep sending me emails asking me to please consider letting them send me a big box of food that they cannot possibly be making any money on, so ¯\_(ツ)_/¯ . I will oblige them.

#food #groceries #this can't possibly go on forever #but if you have a US address and a credit card you can get in on it while it lasts #back in the day they used to advertise this thing where you could get 8 cassettes/CDs for a penny “just pay shipping”#but then they would automatically send you stuff every month unless you told them not to #and you had to buy several items at full price before you were allowed to cancel it #this is not like that #you can do the introductory offer and just cancel right away #you do not ever have to buy a full-price box #they do keep emailing you periodically but just to keep offering you discounted boxes with no obligation to ever buy a full price one #I'm guessing it's some kind of enshittification cycle thing where it makes them look good to investors if people cancel and come back?#just spitballing #but anyway it's pretty good stuff and I cannot stress enough how very much they do not try to stop you #from taking advantage of the introductory offer over and over again #they positively encourage it

8 notes · View notes

razzek · 2 months

Text

Haha my bad, I have $30 for the rest of the month. 8)

#for real you don't know how bad it is living on social security #and at this time I don't even have the skills to apply for part time work #which I will be immediately rejected for because algorithms hate disabled people #not that I can do the heavy lifting or man the cash register that is the bare bones requirement of entry level work #boy this BA in special education and most of an MA sure were worth the time huh?#anyway let me know how you're surviving on $950 a month if you're about to say I'm just bad at money #you have to have money to be bad at it first 8)#razz rambles #trying to pay down $2.5k credit debt when you have to keep using your credit card to live really sucks

8 notes · View notes

mildmayfoxe · 8 months

Text

hahaha hey you guys guess what. you'll never believe it. got the guy who's in charge of my fraud case on the phone and he was like "who'd you give one-time security codes to yesterday" and i was like "the guy who called me from the fraud department after they noticed a weird login in florida??" and he was like "that was the fuckin hacker. you got got. IDIOT!!!!!!!!!!" i handed my entire savings over to a fucking guy on the phone on a silver platter. like some kind of fuckin rube. bro

#IT IS OK THOUGH I HAVE BEEN SORTING IT OUT #account is LOCKED DOWN! card is DELETED! fraud paperwork has been FILED! i have requested a fraud alert AND credit freeze #from the NATIONAL CREDIT BUREAU!#a friend of mine is taking me to MAINE next saturday to go to the BANK! i sent an email to my landlord asking if i can pay rent by CHECK!#i went to my other bank and deposited my BONDS! so i have some MONEY! to pay RENT!#i also got a new debit card from them. and made sure i could use my old checks.#i also bought some STAMPS while i was out and a BIRTHDAY PRESENT for a FRIEND #now i am going to start switching over some auto deposits #so when i get my paycheck on tuesday i will actually get it.#i feel so STUPID but i think i have done all i can to fix this. i am feeling better about it #by next weekend i will have my money again. it's all fine #and hopefully next time i will not get got so easily. lol.#anyway dont get got by people pretending to be your bank i guess. i did think it was weird how many questions they asked but..#they ALWAYS ask lots of questions at the bank!!!!!#i got a text message FROM the bank saying they would be calling me soon and then the next call was from the scammer #and then like a half hour later got one from the bank and was confused bc they'd just 'called me'#anyway. it'll be fine. scary for a while but at least i have things i can do to make it better. it's all good #genuinely feeling like i ought to take out like a thousand bucks cash and keep it in my desk to replace my bonds tho tbh hahah #just in case something like this happens again. you never know. what would i have done if i DIDNT have those yknow #ok thank u all for being along on this journey with me

21 notes · View notes

pebblezone · 1 year

Text

succumbing to the illness. becoming a hater. anyway look at this building they’re fucking destroying

#talkingcore #they’ve been hosing her down everyday but it’s so windy she just blows onto people. not ideal #she used to be the rec building but she felt like tunnels she was stuffy and evil and the weights were separated in a mean way #not a fan but she’s dead now!!!!!!#every day can be destroy. build. destroy when you’re living the dream life #thinking about how like December 2021 I was doing my first run through of the bb discography and making my ratings #(had a lovely grid and rating system) but one of my biggest flaws was how low I rated love you #yeah the vocals are kinda trash but that’s what happens when you go from singing to critical acclaim to doing coke daily there are effects #like sure Mona is obnoxiously repetitive but dammit it’s a Little fun. we can ignore what the actual meaning of I wanna pick you up is #ignoring the actual meaning it’s a really nice and sweet song. once agai. 1970s Brian should not have been allowed to touch a pen #anyway this is a roundabout way of saying I caved in and put Johnny Carson on the 2023 playlist and I think it’s yelling in a not good way #I’d share it but I got Apple Music and I kinda like not doxxing myself 💔 sorry lads #maybe one day I’ll be ready to doxx myself #that way my employer can see all my really great takes and creations!!!#Twas sounding like i had been able to achieve the sweet sweet affects of t this morning but now I am Less ill and sound more normal #sad but good I kinda need to sound normal as long as I have to speak in class #yknow what’s a good album? make it big by wham that shit is sooooo good #you CAN have my credit card baby 🥰🦅🦅🦅🫡🦅🦅🦅

8 notes · View notes

h3rmitsunited · 1 year

Text

How I normally buy shit on Amazon

Add stuff to cart

Click purchase

Stuff gets sent to me

Success

How I just had to buy shit on Amazon

Add stuff to cart

Click purchase

Card gets declined

Double check all the card details are correct (they are).

Attempt to purchase again.

Card gets declined.

Double check my card is not frozen and I have money (I do).

Attempt to purchase again.

Card gets declined

Pause for scream break.

Google furiously

Discover that some people have had issues because Amazon doesn't take the CVV code for cards and some banks have security measure that won't allow purchases without the code

Waffle over trying to call my bank to confirm or just finding some work around

Decide not to call because I don't want to talk to a person

Discover you can set up Venmo as a payment option on Amazon

Connect Venmo to my account

Attempt to revise payment option to Venmo on my order (it doesn't come up as an option)

Pause for second scream break

Google furiously

Attempt to purchase the amount I need for my order in Amazon gift card money using Venmo

It works

Praise the capitalist gods

Wait for 10 minutes until Amazon lets the gift card balance update in my account

Go back to the initial order and apply the new gift card balance

Stuff actually finally gets ordered

Cry and wait for my package

Success?

#i dont use Amazon as much these days but theres some stuff thay i just cant get at the stores nearby #and jesus this was frustrating #still dont know if the cvv thing was actually the issue but i managed to workaround this stupid crap so...#at least until i get a new credit card i guess ill just do this #Amazon #online shopping #the agony of stuff not working how you want it to

5 notes · View notes

kakusu-shipping · 1 year

Photo

I am once again making a long annoying post but after posting my Overwatch S/I references I kept rattling the timeline of events for them around until I finally sat down and made it

This is the most bare bones way I could write out the current string of events I have, To Be Continued due to current lack of actual in-game story events

#Long post #Oh boy I don't want to put this in any tags it's so long and annoying I am SO sorry dfjkjfdk #I filled in some blanks of Overwatch story and probably got a few things and the general timeline wrong #but whatever there's no official ages for the OW characters on their page anymore so what's it matter #I apologize for how long Maximillien's section is I really REALLY like Talon and spent a lot more mental energy on that one #Ignore how little Zenyatta romance timeline there is I love him great it's just #MOST OF the actual dating part takes place after he's joined Overwatch #And we doesn't have the PvE modes yet that tell us those stories so #I'm left to my own devices for the time being #Talon Bad ending is a new with Ramattra kind of story line I'm working on just as like #Usually my S/I is a support character if he's even playable at all #I like NPCs a lot more and would be fine just being a Guy who gets Mentioned #But the Talon Bad ending is an attempt to make him more DPS still in the support role but like Moira you know can also kick ass #I'm working more on the moveset than the plot atm and I am. Very bad at game design skgjksgjkf #I can't make a fun playable system but I sure can make a backstory at least #I don't think I'll ever edit this the program I used is a 30 day free trial that asked for my credit card despite it being a FREE trial #So this is just gonna have to be It gamers #Asks are welcome for this if anyone wants to know more I do probably have more

9 notes · View notes

justonefeather · 1 year

Text

I get packing underwear for myself so I feel better at work mostly. I don't go to a job where i wear sweatpants anymore but it just makes me more comfortable since i see these people nearly every day. But uhh they're a little expensive, relatively, or at least for me. But I'm finally both paying off debt and saving a little money every check, so I bought a 3-pack, since some of the underwear i have are getting holes around the waistband and the.. leg bands? The end bits. Idk i haven't bought myself new underwear in years because it's something I've thought of as kind of frivolous, what i have still lives so I should use it and not waste money on buying something new. But doing laundry today i was like hmm ok yeah i need to replace some of these (to be fair most of the ones in bad shape are not the packing underwear, i will rep this brand forever, $20 a pair is rough but if you can spare it they're great)

#I just hope they fit because they changed their sizing chart and it's confusing #And since buying their products I've lost about 4 inches off my waist so idk what will fit me i think I'm on the line of small and med #It will REALLY suck if i got a wrong size but.. idk that would just be life i guess #Also i don't actually think buying new underwear is like. A silly thing to do. I just am afraid of spending money #Like if it's not a desperate need then it's kind of a waste - like what if i need that money later for something that's bigger?#I'm always thinking about how to use the least amount of money and that often just means going without something #Like i quit tobacco to save money and that helped me cut down on weed. Now i don't even smoke weed and I'm saving so much #Like at my heaviest usage i was smoking an oz a week - which at cheapest i could get for like $100 but I gotta go out of state #Around here legal bud would run me more like $200-300 for an oz depending on if i got mini buds or not #I was spending 125 a WEEK on weed. 500 a month!!! Like bro what are you doing!!!#Now i can pay off my $3500 credit card debt while i pay my half of rent/food/bills instead of choosing groceries or minimum payments #Fucked that the world we live in is like this to begin with but I'm just happy that I'm not quite as strapped as i was before

2 notes · View notes

autistic-shaiapouf · 2 years

Text

GOING to start biting and killing

#thank you mr landlord for not telling me about the rent increase so i had to use my credit card bc i was $10 short in my checking!!!!#love the incompetence of the people around me!!! my docs my bank why are you all so useless!!!#bank switched me to paperless so to not send anything else to my house i fucking fled bc sending my credit card statements #wasn't very pog; doc told me i was anxious and hormonal and dismissed me and.#yall im just feeling really angry about how no one seems capable of doing the absolute bare minimum their job demands of them #i try to be understanding i really really do but how does this keep happening. that is all im asking. how. how. just tell me how.#AUGHHH #hoatm rants

5 notes · View notes

foldingfittedsheets · 3 months

Text

Since everyone seems to love my sex shop stories, here’s another one.

Phone calls were literally a game for us. Not all phone calls, but there was a specific brand of call where guys would creep on us. 90% of the workforce at the sex shops was women. So we’d get dudes calling jacking off or trying to get their jollies from us.

The game: make them hang up. We could have hung up. On a few occasions I did, but for the most part we made a sport out of getting creeps to go flaccid. It really depended on a caller.

You couldn’t just go in for belittling them straight off- some guys wanted that. You had to tailor your strategy to the perv. Overall it was pretty fun and it turned an aspect of the job that could’ve become a major bummer into a fun sport. We’d get excited when the phones rang.

So one day the phone rings. I pick up and it was very clearly a young teen who was putting on a deep voice. I was utterly delighted, I’d never had a crank call before. He said, “I have a dildo emergency! Can you deliver 5 boxes of dildos to my home?!”

It took everything in me not to crack in that moment. It was so funny. It was like three kids had walked through the door in a trench coat and the phrase “dildo emergency” was one of the funniest things I’d ever heard.

But I kept it together. In smooth customer service tones I replied, “Oh, I’m sorry to hear you’re having an emergency, but due to the nature of our product we do require people to come pick it up themselves.”

The caller audibly deflated. Some of the deep voice he was putting on bled away when he said plaintively, “But it’s an emergency…”

“I’m sorry, sir, rules are rules.”

He hung up. I burst out laughing and told my coworker what had happened. She said, “I will buy you lunch if you call back and pretend you can deliver something.”

This sounded like an all around win for me, and the kid hadn’t used anything to block his number. So I called back.

“Hello!” This was before caller ID was common for home phones and so he picked up in his totally normal voice, several octaves higher than before.

“Hello, I’m calling regarding your dildo emergency?”

“Oh! Hem hem,” he coughed, getting his voice back into character for me. “Yes! The emergency!”

“Well I’ve spoken to my manager and it’s your lucky day. We’ll be able to make a delivery after all. Five boxes you said? We can swing it by later, we’ll just need your name, address, and credit card number.”

He was thrown by needing to provide info and was silent for a moment then said, “Well how much is it for five boxes?”

“About five hundred dollars, sir.”

He slipped out of his character voice to exclaim, “Five hundred dollars?! What kind of dildos are they?!”

“Just standard six inches with balls, sir.”

This was his breaking point. He started wheezing with laughter trying to repeat the phrase “six inches with balls” incoherently.

“So your address and card info?”

He hung up and I broke down laughing too. We both got a kick out of it, and I won the game twice in one day.

#ramblies #ffs foibles #sex shop #retail #story #funny story #storytime #writing

14K notes · View notes

gwgaccountant · 2 months

Text

The stereotype of a Bad Tax Client is probably the self-employed individual who brings you a bag of loose receipts. Now, those can be frustrating, but I find the ones who just hand you a bank/credit card statement to be so much worse.

It's usually safe to assume that any receipt the client stuffed in their bag is relevant, and easy to figure out why they made that business transaction. There's an itemized list of everything cash was spent on, after all! (And a lot of the receipt folks stick different categories of receipt into different bags.) It's just data entry.

Bank statements, though? You have to squint at the business name, maybe do some googling, and then guess why the business owner might have spent money there. Was he renting the space? Buying tickets? Purchasing an unusually large quantity of merchandise? Was it actually a business transaction at all, or did the client put personal purchases on a business credit card?

#income tax return #business #I wrote this post because of a specific egregious example #he has two (related) businesses employing close to a dozen people with 6-digit revenue #but apparently doesn't care enough to hire an accountant to track expenses month by month #or even make a basic-ass spreadsheet to keep track of his expenses #which I know he *can* do because he does that for his rental properties!#ugh #I don't know if he even looks at the spreadsheets we make for him #also he either tries to pass off checks he writes to himself from his business account off as a salary expense #that or he just. does not understand how sole proprietorships work.#I don't want to complain too much but I don't like the data divination he makes me do #bonus: he uses the same credit card for both businesses #yeah thanks I'll just allocate all of that to the more-established business #dunno why you made two LLCs in the first place

0 notes

mykeyames · 4 months

Text

How Do You Redeem a Roblox Gift Card Code/Pin

Roblox is an online 3D gaming platform featuring a number of players from all over the world who can play simultaneously, share their experiences and imagination and create their own games. Roblox helps aspiring developers to monetize their games, including those for children. While most Roblox games are free to play, some games must be purchased with Robux which is Roblox’s virtual…

View On WordPress

0 notes

mostlysignssomeportents · 3 months

Text

How I got scammed

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2024/02/05/cyber-dunning-kruger/#swiss-cheese-security

I wuz robbed.

More specifically, I was tricked by a phone-phisher pretending to be from my bank, and he convinced me to hand over my credit-card number, then did $8,000+ worth of fraud with it before I figured out what happened. And then he tried to do it again, a week later!

Here's what happened. Over the Christmas holiday, I traveled to New Orleans. The day we landed, I hit a Chase ATM in the French Quarter for some cash, but the machine declined the transaction. Later in the day, we passed a little credit-union's ATM and I used that one instead (I bank with a one-branch credit union and generally there's no fee to use another CU's ATM).

A couple days later, I got a call from my credit union. It was a weekend, during the holiday, and the guy who called was obviously working for my little CU's after-hours fraud contractor. I'd dealt with these folks before – they service a ton of little credit unions, and generally the call quality isn't great and the staff will often make mistakes like mispronouncing my credit union's name.

That's what happened here – the guy was on a terrible VOIP line and I had to ask him to readjust his mic before I could even understand him. He mispronounced my bank's name and then asked if I'd attempted to spend $1,000 at an Apple Store in NYC that day. No, I said, and groaned inwardly. What a pain in the ass. Obviously, I'd had my ATM card skimmed – either at the Chase ATM (maybe that was why the transaction failed), or at the other credit union's ATM (it had been a very cheap looking system).

I told the guy to block my card and we started going through the tedious business of running through recent transactions, verifying my identity, and so on. It dragged on and on. These were my last hours in New Orleans, and I'd left my family at home and gone out to see some of the pre-Mardi Gras krewe celebrations and get a muffalata, and I could tell that I was going to run out of time before I finished talking to this guy.

"Look," I said, "you've got all my details, you've frozen the card. I gotta go home and meet my family and head to the airport. I'll call you back on the after-hours number once I'm through security, all right?"

He was frustrated, but that was his problem. I hung up, got my sandwich, went to the airport, and we checked in. It was total chaos: an Alaska Air 737 Max had just lost its door-plug in mid-air and every Max in every airline's fleet had been grounded, so the check in was crammed with people trying to rebook. We got through to the gate and I sat down to call the CU's after-hours line. The person on the other end told me that she could only handle lost and stolen cards, not fraud, and given that I'd already frozen the card, I should just drop by the branch on Monday to get a new card.

We flew home, and later the next day, I logged into my account and made a list of all the fraudulent transactions and printed them out, and on Monday morning, I drove to the bank to deal with all the paperwork. The folks at the CU were even more pissed than I was. The fraud that run up to more than $8,000, and if Visa refused to take it out of the merchants where the card had been used, my little credit union would have to eat the loss.

I agreed and commiserated. I also pointed out that their outsource, after-hours fraud center bore some blame here: I'd canceled the card on Saturday but most of the fraud had taken place on Sunday. Something had gone wrong.

One cool thing about banking at a tiny credit-union is that you end up talking to people who have actual authority, responsibility and agency. It turned out the the woman who was processing my fraud paperwork was a VP, and she decided to look into it. A few minutes later she came back and told me that the fraud center had no record of having called me on Saturday.

"That was the fraudster," she said.

Oh, shit. I frantically rewound my conversation, trying to figure out if this could possibly be true. I hadn't given him anything apart from some very anodyne info, like what city I live in (which is in my Wikipedia entry), my date of birth (ditto), and the last four digits of my card.

Wait a sec.

He hadn't asked for the last four digits. He'd asked for the last seven digits. At the time, I'd found that very frustrating, but now – "The first nine digits are the same for every card you issue, right?" I asked the VP.

I'd given him my entire card number.

Goddammit.

The thing is, I know a lot about fraud. I'm writing an entire series of novels about this kind of scam:

https://us.macmillan.com/books/9781250865878/thebezzle

And most summers, I go to Defcon, and I always go to the "social engineering" competitions where an audience listens as a hacker in a soundproof booth cold-calls merchants (with the owner's permission) and tries to con whoever answers the phone into giving up important information.

But I'd been conned.

Now look, I knew I could be conned. I'd been conned before, 13 years ago, by a Twitter worm that successfully phished out of my password via DM:

https://locusmag.com/2010/05/cory-doctorow-persistence-pays-parasites/

That scam had required a miracle of timing. It started the day before, when I'd reset my phone to factory defaults and reinstalled all my apps. That same day, I'd published two big online features that a lot of people were talking about. The next morning, we were late getting out of the house, so by the time my wife and I dropped the kid at daycare and went to the coffee shop, it had a long line. Rather than wait in line with me, my wife sat down to read a newspaper, and so I pulled out my phone and found a Twitter DM from a friend asking "is this you?" with a URL.

Assuming this was something to do with those articles I'd published the day before, I clicked the link and got prompted for my Twitter login again. This had been happening all day because I'd done that mobile reinstall the day before and all my stored passwords had been wiped. I entered it but the page timed out. By that time, the coffees were ready. We sat and chatted for a bit, then went our own ways.

I was on my way to the office when I checked my phone again. I had a whole string of DMs from other friends. Each one read "is this you?" and had a URL.

Oh, shit, I'd been phished.

If I hadn't reinstalled my mobile OS the day before. If I hadn't published a pair of big articles the day before. If we hadn't been late getting out the door. If we had been a little more late getting out the door (so that I'd have seen the multiple DMs, which would have tipped me off).

There's a name for this in security circles: "Swiss-cheese security." Imagine multiple slices of Swiss cheese all stacked up, the holes in one slice blocked by the slice below it. All the slices move around and every now and again, a hole opens up that goes all the way through the stack. Zap!

The fraudster who tricked me out of my credit card number had Swiss cheese security on his side. Yes, he spoofed my bank's caller ID, but that wouldn't have been enough to fool me if I hadn't been on vacation, having just used a pair of dodgy ATMs, in a hurry and distracted. If the 737 Max disaster hadn't happened that day and I'd had more time at the gate, I'd have called my bank back. If my bank didn't use a slightly crappy outsource/out-of-hours fraud center that I'd already had sub-par experiences with. If, if, if.

The next Friday night, at 5:30PM, the fraudster called me back, pretending to be the bank's after-hours center. He told me my card had been compromised again. But: I hadn't removed my card from my wallet since I'd had it replaced. Also, it was half an hour after the bank closed for the long weekend, a very fraud-friendly time. And when I told him I'd call him back and asked for the after-hours fraud number, he got very threatening and warned me that because I'd now been notified about the fraud that any losses the bank suffered after I hung up the phone without completing the fraud protocol would be billed to me. I hung up on him. He called me back immediately. I hung up on him again and put my phone into do-not-disturb.

The following Tuesday, I called my bank and spoke to their head of risk-management. I went through everything I'd figured out about the fraudsters, and she told me that credit unions across America were being hit by this scam, by fraudsters who somehow knew CU customers' phone numbers and names, and which CU they banked at. This was key: my phone number is a reasonably well-kept secret. You can get it by spending money with Equifax or another nonconsensual doxing giant, but you can't just google it or get it at any of the free services. The fact that the fraudsters knew where I banked, knew my name, and had my phone number had really caused me to let down my guard.

The risk management person and I talked about how the credit union could mitigate this attack: for example, by better-training the after-hours card-loss staff to be on the alert for calls from people who had been contacted about supposed card fraud. We also went through the confusing phone-menu that had funneled me to the wrong department when I called in, and worked through alternate wording for the menu system that would be clearer (this is the best part about banking with a small CU – you can talk directly to the responsible person and have a productive discussion!). I even convinced her to buy a ticket to next summer's Defcon to attend the social engineering competitions.

There's a leak somewhere in the CU systems' supply chain. Maybe it's Zelle, or the small number of corresponding banks that CUs rely on for SWIFT transaction forwarding. Maybe it's even those after-hours fraud/card-loss centers. But all across the USA, CU customers are getting calls with spoofed caller IDs from fraudsters who know their registered phone numbers and where they bank.

I've been mulling this over for most of a month now, and one thing has really been eating at me: the way that AI is going to make this kind of problem much worse.

Not because AI is going to commit fraud, though.

One of the truest things I know about AI is: "we're nowhere near a place where bots can steal your job, we're certainly at the point where your boss can be suckered into firing you and replacing you with a bot that fails at doing your job":

https://pluralistic.net/2024/01/15/passive-income-brainworms/#four-hour-work-week

I trusted this fraudster specifically because I knew that the outsource, out-of-hours contractors my bank uses have crummy headsets, don't know how to pronounce my bank's name, and have long-ass, tedious, and pointless standardized questionnaires they run through when taking fraud reports. All of this created cover for the fraudster, whose plausibility was enhanced by the rough edges in his pitch - they didn't raise red flags.

As this kind of fraud reporting and fraud contacting is increasingly outsourced to AI, bank customers will be conditioned to dealing with semi-automated systems that make stupid mistakes, force you to repeat yourself, ask you questions they should already know the answers to, and so on. In other words, AI will groom bank customers to be phishing victims.

This is a mistake the finance sector keeps making. 15 years ago, Ben Laurie excoriated the UK banks for their "Verified By Visa" system, which validated credit card transactions by taking users to a third party site and requiring them to re-enter parts of their password there:

https://web.archive.org/web/20090331094020/http://www.links.org/?p=591

This is exactly how a phishing attack works. As Laurie pointed out, this was the banks training their customers to be phished.

I came close to getting phished again today, as it happens. I got back from Berlin on Friday and my suitcase was damaged in transit. I've been dealing with the airline, which means I've really been dealing with their third-party, outsource luggage-damage service. They have a terrible website, their emails are incoherent, and they officiously demand the same information over and over again.

This morning, I got a scam email asking me for more information to complete my damaged luggage claim. It was a terrible email, from a noreply@ email address, and it was vague, officious, and dishearteningly bureaucratic. For just a moment, my finger hovered over the phishing link, and then I looked a little closer.

On any other day, it wouldn't have had a chance. Today – right after I had my luggage wrecked, while I'm still jetlagged, and after days of dealing with my airline's terrible outsource partner – it almost worked.

So much fraud is a Swiss-cheese attack, and while companies can't close all the holes, they can stop creating new ones.

Meanwhile, I'll continue to post about it whenever I get scammed. I find the inner workings of scams to be fascinating, and it's also important to remind people that everyone is vulnerable sometimes, and scammers are willing to try endless variations until an attack lands at just the right place, at just the right time, in just the right way. If you think you can't get scammed, that makes you especially vulnerable:

https://pluralistic.net/2023/02/24/passive-income/#swiss-cheese-security

Image: Cryteria (modified) https://commons.wikimedia.org/wiki/File:HAL9000.svg

CC BY 3.0 https://creativecommons.org/licenses/by/3.0/deed.en

#pluralistic #social engineering #phishing #ai #swiss cheese security #infosec #finance #fraud #carding

10K notes · View notes