If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
More specifically, I was tricked by a phone-phisher pretending to be from my bank, and he convinced me to hand over my credit-card number, then did $8,000+ worth of fraud with it before I figured out what happened. And then he tried to do it again, a week later!
Here's what happened. Over the Christmas holiday, I traveled to New Orleans. The day we landed, I hit a Chase ATM in the French Quarter for some cash, but the machine declined the transaction. Later in the day, we passed a little credit-union's ATM and I used that one instead (I bank with a one-branch credit union and generally there's no fee to use another CU's ATM).
A couple days later, I got a call from my credit union. It was a weekend, during the holiday, and the guy who called was obviously working for my little CU's after-hours fraud contractor. I'd dealt with these folks before – they service a ton of little credit unions, and generally the call quality isn't great and the staff will often make mistakes like mispronouncing my credit union's name.
That's what happened here – the guy was on a terrible VOIP line and I had to ask him to readjust his mic before I could even understand him. He mispronounced my bank's name and then asked if I'd attempted to spend $1,000 at an Apple Store in NYC that day. No, I said, and groaned inwardly. What a pain in the ass. Obviously, I'd had my ATM card skimmed – either at the Chase ATM (maybe that was why the transaction failed), or at the other credit union's ATM (it had been a very cheap looking system).
I told the guy to block my card and we started going through the tedious business of running through recent transactions, verifying my identity, and so on. It dragged on and on. These were my last hours in New Orleans, and I'd left my family at home and gone out to see some of the pre-Mardi Gras krewe celebrations and get a muffalata, and I could tell that I was going to run out of time before I finished talking to this guy.
"Look," I said, "you've got all my details, you've frozen the card. I gotta go home and meet my family and head to the airport. I'll call you back on the after-hours number once I'm through security, all right?"
He was frustrated, but that was his problem. I hung up, got my sandwich, went to the airport, and we checked in. It was total chaos: an Alaska Air 737 Max had just lost its door-plug in mid-air and every Max in every airline's fleet had been grounded, so the check in was crammed with people trying to rebook. We got through to the gate and I sat down to call the CU's after-hours line. The person on the other end told me that she could only handle lost and stolen cards, not fraud, and given that I'd already frozen the card, I should just drop by the branch on Monday to get a new card.
We flew home, and later the next day, I logged into my account and made a list of all the fraudulent transactions and printed them out, and on Monday morning, I drove to the bank to deal with all the paperwork. The folks at the CU were even more pissed than I was. The fraud that run up to more than $8,000, and if Visa refused to take it out of the merchants where the card had been used, my little credit union would have to eat the loss.
I agreed and commiserated. I also pointed out that their outsource, after-hours fraud center bore some blame here: I'd canceled the card on Saturday but most of the fraud had taken place on Sunday. Something had gone wrong.
One cool thing about banking at a tiny credit-union is that you end up talking to people who have actual authority, responsibility and agency. It turned out the the woman who was processing my fraud paperwork was a VP, and she decided to look into it. A few minutes later she came back and told me that the fraud center had no record of having called me on Saturday.
"That was the fraudster," she said.
Oh, shit. I frantically rewound my conversation, trying to figure out if this could possibly be true. I hadn't given him anything apart from some very anodyne info, like what city I live in (which is in my Wikipedia entry), my date of birth (ditto), and the last four digits of my card.
Wait a sec.
He hadn't asked for the last four digits. He'd asked for the last seven digits. At the time, I'd found that very frustrating, but now – "The first nine digits are the same for every card you issue, right?" I asked the VP.
I'd given him my entire card number.
Goddammit.
The thing is, I know a lot about fraud. I'm writing an entire series of novels about this kind of scam:
And most summers, I go to Defcon, and I always go to the "social engineering" competitions where an audience listens as a hacker in a soundproof booth cold-calls merchants (with the owner's permission) and tries to con whoever answers the phone into giving up important information.
But I'd been conned.
Now look, I knew I could be conned. I'd been conned before, 13 years ago, by a Twitter worm that successfully phished out of my password via DM:
That scam had required a miracle of timing. It started the day before, when I'd reset my phone to factory defaults and reinstalled all my apps. That same day, I'd published two big online features that a lot of people were talking about. The next morning, we were late getting out of the house, so by the time my wife and I dropped the kid at daycare and went to the coffee shop, it had a long line. Rather than wait in line with me, my wife sat down to read a newspaper, and so I pulled out my phone and found a Twitter DM from a friend asking "is this you?" with a URL.
Assuming this was something to do with those articles I'd published the day before, I clicked the link and got prompted for my Twitter login again. This had been happening all day because I'd done that mobile reinstall the day before and all my stored passwords had been wiped. I entered it but the page timed out. By that time, the coffees were ready. We sat and chatted for a bit, then went our own ways.
I was on my way to the office when I checked my phone again. I had a whole string of DMs from other friends. Each one read "is this you?" and had a URL.
Oh, shit, I'd been phished.
If I hadn't reinstalled my mobile OS the day before. If I hadn't published a pair of big articles the day before. If we hadn't been late getting out the door. If we had been a little more late getting out the door (so that I'd have seen the multiple DMs, which would have tipped me off).
There's a name for this in security circles: "Swiss-cheese security." Imagine multiple slices of Swiss cheese all stacked up, the holes in one slice blocked by the slice below it. All the slices move around and every now and again, a hole opens up that goes all the way through the stack. Zap!
The fraudster who tricked me out of my credit card number had Swiss cheese security on his side. Yes, he spoofed my bank's caller ID, but that wouldn't have been enough to fool me if I hadn't been on vacation, having just used a pair of dodgy ATMs, in a hurry and distracted. If the 737 Max disaster hadn't happened that day and I'd had more time at the gate, I'd have called my bank back. If my bank didn't use a slightly crappy outsource/out-of-hours fraud center that I'd already had sub-par experiences with. If, if, if.
The next Friday night, at 5:30PM, the fraudster called me back, pretending to be the bank's after-hours center. He told me my card had been compromised again. But: I hadn't removed my card from my wallet since I'd had it replaced. Also, it was half an hour after the bank closed for the long weekend, a very fraud-friendly time. And when I told him I'd call him back and asked for the after-hours fraud number, he got very threatening and warned me that because I'd now been notified about the fraud that any losses the bank suffered after I hung up the phone without completing the fraud protocol would be billed to me. I hung up on him. He called me back immediately. I hung up on him again and put my phone into do-not-disturb.
The following Tuesday, I called my bank and spoke to their head of risk-management. I went through everything I'd figured out about the fraudsters, and she told me that credit unions across America were being hit by this scam, by fraudsters who somehow knew CU customers' phone numbers and names, and which CU they banked at. This was key: my phone number is a reasonably well-kept secret. You can get it by spending money with Equifax or another nonconsensual doxing giant, but you can't just google it or get it at any of the free services. The fact that the fraudsters knew where I banked, knew my name, and had my phone number had really caused me to let down my guard.
The risk management person and I talked about how the credit union could mitigate this attack: for example, by better-training the after-hours card-loss staff to be on the alert for calls from people who had been contacted about supposed card fraud. We also went through the confusing phone-menu that had funneled me to the wrong department when I called in, and worked through alternate wording for the menu system that would be clearer (this is the best part about banking with a small CU – you can talk directly to the responsible person and have a productive discussion!). I even convinced her to buy a ticket to next summer's Defcon to attend the social engineering competitions.
There's a leak somewhere in the CU systems' supply chain. Maybe it's Zelle, or the small number of corresponding banks that CUs rely on for SWIFT transaction forwarding. Maybe it's even those after-hours fraud/card-loss centers. But all across the USA, CU customers are getting calls with spoofed caller IDs from fraudsters who know their registered phone numbers and where they bank.
I've been mulling this over for most of a month now, and one thing has really been eating at me: the way that AI is going to make this kind of problem much worse.
Not because AI is going to commit fraud, though.
One of the truest things I know about AI is: "we're nowhere near a place where bots can steal your job, we're certainly at the point where your boss can be suckered into firing you and replacing you with a bot that fails at doing your job":
I trusted this fraudster specifically because I knew that the outsource, out-of-hours contractors my bank uses have crummy headsets, don't know how to pronounce my bank's name, and have long-ass, tedious, and pointless standardized questionnaires they run through when taking fraud reports. All of this created cover for the fraudster, whose plausibility was enhanced by the rough edges in his pitch - they didn't raise red flags.
As this kind of fraud reporting and fraud contacting is increasingly outsourced to AI, bank customers will be conditioned to dealing with semi-automated systems that make stupid mistakes, force you to repeat yourself, ask you questions they should already know the answers to, and so on. In other words, AI will groom bank customers to be phishing victims.
This is a mistake the finance sector keeps making. 15 years ago, Ben Laurie excoriated the UK banks for their "Verified By Visa" system, which validated credit card transactions by taking users to a third party site and requiring them to re-enter parts of their password there:
This is exactly how a phishing attack works. As Laurie pointed out, this was the banks training their customers to be phished.
I came close to getting phished again today, as it happens. I got back from Berlin on Friday and my suitcase was damaged in transit. I've been dealing with the airline, which means I've really been dealing with their third-party, outsource luggage-damage service. They have a terrible website, their emails are incoherent, and they officiously demand the same information over and over again.
This morning, I got a scam email asking me for more information to complete my damaged luggage claim. It was a terrible email, from a noreply@ email address, and it was vague, officious, and dishearteningly bureaucratic. For just a moment, my finger hovered over the phishing link, and then I looked a little closer.
On any other day, it wouldn't have had a chance. Today – right after I had my luggage wrecked, while I'm still jetlagged, and after days of dealing with my airline's terrible outsource partner – it almost worked.
So much fraud is a Swiss-cheese attack, and while companies can't close all the holes, they can stop creating new ones.
Meanwhile, I'll continue to post about it whenever I get scammed. I find the inner workings of scams to be fascinating, and it's also important to remind people that everyone is vulnerable sometimes, and scammers are willing to try endless variations until an attack lands at just the right place, at just the right time, in just the right way. If you think you can't get scammed, that makes you especially vulnerable:
Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.
âś“ Live Streamingâś“ Interactive Chatâś“ Private Showsâś“ HD Qualityâś“ Free Actions
Free to watch • No registration required • HD streaming
I'm utterly devastated—$19 BILLION in liquidations, the LARGEST in crypto history, vaporized in a single, soul-crushing 24-hour frenzy! Over 1.6 million traders—yes, you read that right—watched their leveraged dreams shatter as longs dominated the carnage with $17B wiped out, shorts snagging $2.5B on the feeble rebound. Bitcoin alone accounted for $5.34B in obliterated positions, Ethereum $4.39B, Solana a staggering $2B—exchanges like Hyperliquid saw a single $200M ETH hit that echoed like thunder. Trump's tariff tweet lit the fuse, igniting a cascade of margin calls at dawn, frozen accounts on Binance, and altcoins flashing to zero before gasping back. My stomach's in knots thinking of the families behind those numbers, fortunes flipped in seconds. This purge hurts like hell, a brutal equalizer exposing leverage's dark underbelly. But in the ashes? Opportunity whispers. Institutions are lurking, ready to pounce. Can we rebuild from this abyss?
The OTW's Finance Committee has released the 2025 budget, reporting on donation income and expenses for all our projects! Learn more at: https://otw-news.org/2b59b9pn
Noting the volatility of various retirement products and the long-term uncertainty of global markets, financial advisor Michael Reynolds recommended Tuesday that investors always keep one bullet in the chamber, just in case. “Even if you’re a more conservative investor who keeps most of your savings in bonds and money market accounts, it just makes a lot of sense to have a round locked and loaded at all times in the event of a major financial market disruption,” said Reynolds, who stressed the importance of maxing out yearly IRA contributions and regularly cleaning and oiling the barrel.
Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.
âś“ Live Streamingâś“ Interactive Chatâś“ Private Showsâś“ HD Qualityâś“ Free Actions
Free to watch • No registration required • HD streaming
The OTW's Finance Committee has released the 2025 budget, reporting on donation income and expenses for all our projects! Learn more at: https://otw-news.org/2b59b9pn
Got a rare luxury asset with a rich history? Maybe an exclusive piece once owned by a celebrity?
What if you could turn it into a tradeable, liquid asset on-chain?
With Aconomy Marketplace, you can mint, validate, and trade your high-value assets effortlessly through RWA tokenization. We've mapped out the entire journey for you—so you can unlock liquidity like never before!
🚀 Start your tokenization journey today!
đź”— Aconomy Marketplace: https://aconomy.io/
For more insights on RWA Tokenization, check out:
đź“– Aconomy RWA Blog: https://www.aconomy.foundation/aconomy-blogs/decentralized-ecommerce
Stay updated with Aconomy:
🌍 Aconomy: https://www.aconomy.foundation/
Aconomy offers a custom platform for digital assets. Earn, exchange, and shop with a marketplace and card designed to simplify your financia
The Top Crypto Cards of 2024: Power Your Digital Wallet with Coinbase, BitPay, Nexo, Aconomy, or Crypto.com
In 2024, the use of crypto cards has surged, catering to users who want the flexibility of spending cryptocurrencies like traditional cash worldwide. Whether for daily purchases, travel, or enhancing digital wallet functionalities, these cards make digital currency more accessible. Leading the charge are some top-tier cards like those offered by Coinbase, BitPay, Nexo, and Crypto.com, but Aconomy Cards stand out for international use, offering unique features that make them the best fit for travelers and privacy-conscious users.
Best Crypto Cards in 2024: Bridging the Gap Between Crypto and Traditional Finance
Crypto cards bridge the digital and physical worlds, allowing crypto enthusiasts to use their assets as easily as cash. The best crypto cards in 2024 offer Visa or Mastercard compatibility, which is essential for global usability, and provide users with access to cryptocurrency liquidity on the go. Beyond mere convenience, these cards offer incentives like cashback rewards, low transaction fees, and enhanced security, making them a top choice for digital asset holders.
Aconomy Crypto Cards: Designed for Global Accessibility
When it comes to international crypto cards, Aconomy Crypto Cards have become the go-to solution for users worldwide. These cards, supported by the Visa network, can be used globally, making it easy to spend crypto in any country.
Aconomy’s strength lies in its international adaptability and the tailored benefits for cross-border usage. Travelers and digital nomads, who previously struggled with crypto adoption abroad, can now access their funds seamlessly with Aconomy Cards. Their ease of use, secure functionality, and transparency make Aconomy an invaluable choice for those who frequently venture across borders.
Benefits of Crypto Cards for Travelers: Why Aconomy Cards Stands Out
One of the most appealing aspects of crypto cards is their practicality for globetrotters. With the Aconomy Cards, users can enjoy benefits tailored to international travel:
No Currency Exchange Hassle: Forget about losing money to exchange rates. With Aconomy’s Visa crypto card, you can make purchases directly in local currencies, eliminating exchange fees.
Enhanced Security for International Use: Aconomy cards use state-of-the-art encryption and security features, making it one of the safest international crypto cards.
Global Accessibility: The card works in any location that accepts Visa, making it ideal for travelers who need instant, reliable access to funds.
Anonymous Transactions: For privacy-conscious users, Aconomy also offers anonymous crypto cards, allowing users to maintain their financial privacy without compromising security.
In addition to these benefits, Aconomy provides a seamless integration with its digital wallet app, where users can track expenses, manage card settings, and stay updated on market trends. This all-in-one approach makes it easier for travelers to monitor their spending and secure their digital assets.
Why Aconomy Cards is Best for International Use
Aconomy has optimized its crypto cards for international transactions, a step ahead of many competitors. With minimal fees, competitive exchange rates, and a platform designed for global access, Aconomy Cards are built for a mobile, borderless lifestyle. Unlike other cards that charge high fees for international transactions, Aconomy focuses on affordability, allowing users to travel without worrying about excessive costs.
The Aconomy Crypto Card has been designed to support multiple fiat and digital currencies, making it easier for international users to adapt their spending to various local economies. With Aconomy, users can pay with confidence, knowing that their crypto card is not only accepted globally but also optimized to handle complex transactions across different currencies.
Top Crypto Debit Cards: How Aconomy Competes with Other Market Leaders
Compared to the top crypto debit cards on the market, Aconomy holds its own through a combination of travel-centric benefits, advanced security, and flexible spending options. Here’s how Aconomy stacks up:
Coinbase Card: Known for its robust security and ease of use, Coinbase offers an attractive crypto debit card with rewards. However, it’s more focused on the U.S. market, whereas Aconomy excels internationally, making it a better choice for travelers.
BitPay Card: BitPay provides a straightforward solution for spending crypto assets, but it lacks the global flexibility and competitive exchange rates that Aconomy brings to the table.
Nexo Card: With cashback rewards and a user-friendly interface, Nexo is a popular choice among crypto enthusiasts. However, Aconomy’s focus on privacy and anonymity for users looking to keep their transactions private is unmatched.
Crypto.com Card: Crypto.com is known for its range of card options and high cashback rewards. However, its rewards structure and fees make it less appealing for frequent travelers, where Aconomy’s international usability and low fees give it an advantage.
Anonymous Crypto Cards: Aconomy’s Commitment to Privacy
In today’s digital age, privacy is increasingly valuable. For users concerned with anonymity, Aconomy crypto cards are designed to offer an extra layer of discretion in transactions. The card enables users to access funds and make payments without revealing personal details, ensuring both security and privacy.
Aconomy understands the growing demand for privacy in finance and has responded by creating a secure, anonymous crypto card that doesn’t compromise on functionality. For privacy-focused users who value anonymity, Aconomy offers a level of discretion that few competitors can match.
Aconomy Crypto Cards: Leading the Future of International Finance
In 2024, Aconomy Crypto Cards have set a new standard for international crypto usage, blending accessibility, security, and privacy in a powerful package. Whether you’re a frequent traveler, a digital nomad, or a crypto enthusiast looking for more ways to use your assets, Aconomy offers a crypto card that supports your lifestyle.
The future of finance is borderless, and Aconomy’s forward-thinking approach to crypto cards is helping shape that future. With features tailored for global accessibility and privacy, Aconomy has carved out a niche for itself among the top crypto cards of 2024, redefining what users can expect from an international crypto card.
Moreover, Aconomy offers a fully integrated platform designed to meet all your digital finance needs. With Aconomy Exchange, you can seamlessly buy, sell, and trade digital assets, making it simple to achieve your financial goals.Â
In addition, Aconomy Marketplace gives you access to a wide array of financial tools and services, including the Aconomy Wallet for secure and smooth crypto transactions. Aconomy Marketplace serves as your one-stop digital hub, empowering you to make the most of your crypto assets.
For those looking to unlock new ways to grow their wealth, Aconomy Earn offers innovative solutions to help you maximize your income. With Aconomy Earn, you can explore advanced opportunities for increasing your earning potential and enhancing your financial journey. Together, these services create a powerful, user-friendly ecosystem that simplifies managing and expanding your digital wealth.
Wow, "The Zone of Interest" is a cinematic gut-punch that’ll leave you breathless!
Jonathan Glazer’s 2023 masterpiece dares to show the Holocaust through the lens of a Nazi family’s mundane life—right beside Auschwitz. The Hösses garden, host parties, and bicker over chores while the faint hum of death camps lingers. The sound design is a character itself: distant gunshots, cries, and furnace roars creep into every scene, making your skin crawl. Sandra Hüller’s chillingly oblivious Hedwig and Christian Friedel’s stoic Rudolf are performances that sear into your memory. This film doesn’t just depict history; it forces you to wrestle with complicity and silence. Winning BAFTAs and an Oscar, it’s a work of art that hurts to watch but demands to be seen. I’m still rattled. Who else felt this one deep?
Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.
âś“ Live Streamingâś“ Interactive Chatâś“ Private Showsâś“ HD Qualityâś“ Free Actions
Free to watch • No registration required • HD streaming
Size does not determine wealth, as evidenced by Luxembourg, Singapore, and San Marino, which rank second, third, and tenth, respectively, among the world’s richest countries by GDP per capita. Luxembourg, with $104,003, leverages its status as a financial powerhouse and tax haven. Singapore, at $90,151, excels in trade, technology, and innovation, serving as a global economic gateway. San Marino, a microstate with $59,058, thrives through tourism and banking. These nations illustrate that strategic economic policies and favorable geographic or political conditions can outweigh the limitations of small landmasses. What factors do you think enable these small states to achieve such remarkable prosperity?
Qatar holds the top spot as the world’s richest country, boasting a GDP per capita of $127,660. This small Gulf nation’s extraordinary wealth stems primarily from its vast natural gas reserves and a population of under three million, allowing for concentrated prosperity. Luxembourg follows in second place with $104,003, driven by its robust financial sector, while Singapore, ranking third at $90,151, thrives as a global hub for trade and innovation. These nations demonstrate how diverse economic models—resource extraction, finance, and commerce—can propel countries to the top. Which country’s economic strategy do you find most intriguing, and what can others learn from their success?