• Posts
  • RSS
  • ◂◂RSS
  • Contact

  • Deepfake(?) Phishing

    October 21st, 2022
    tech
    Update 2022-10-25: I now think this probably wasn't a deepfake, but a recording the attacker made when using the same attack against the previous person. See the comments.

    I think someone just tried to phish my Facebook account, including a fake video of a FB friend. Here's the conversation:

    Them, via FB Messenger, 9:32am:
    Please ,I was trying to login in my instagram page on Facebook my new phone and they ask me to find someone to help me receive a code, Facebook gave me two friends suggestions and you one of them, the other person isn't online. will you Help me receive the code please?
    Me:
    I'm sorry you're having trouble logging in! Just so I can make sure your account hasn't been hacked, how did we meet?
    Them:
    [Calls me over FB Messenger, audio isn't working but it does look like them. I'm completely convinced at this point.]
    Me:
    Audio wasn't working, but I did recognize you
    What do you need me to do?
    32665, over SMS:
    NNNNNNNN is your Facebook password reset code [this number has previously sent me FB resets]
    Them:
    Send me the code sent to you minute ago
    Me:
    Hmm, those look like the code to reset the password to my account?
    Can we call again?
    Me:
    [I try to call them back, doesn't go through]
    Them:
    Nahh it's for my instagram
    Them:
    Having bad connections here
    Them:
    Send me the code ?
    Me:
    sorry, I'm still worried your account has been hacked -- can we do another call?
    Them:
    [Calls me over FB Messenger, audio is still not working, and the video feels slightly off. Ends quickly on their end. Possibly it's even the same video from last time?]
    Me:
    We're you able to hear me?
    Them:
    My connections

    I've reported their account as hacked.

    Things that made me suspicious:

    • I don't think FB has any sort of account recovery that looks like this

    • This is exactly what an attempt to hack my FB account would look like

    • 9:30am, even though that makes it 6:30 where they live

    • Video call didn't have any audio

    • They couldn't receive incoming video calls

    • Text did't feel like them, though I don't know them that well.

    Here's a screenshot I took during the second video call:

    Even with all those things, the video call would normally have been very convincing, and it did briefly convince me. I could easily see it fooling someone who didn't know about deepfake video.

    Comment via: facebook, lesswrong, hacker news, hacker news

    Recent posts on blogs I like:

    Rereading Roald Dahl

    Taking out a few words doesn't change much. The post Rereading Roald Dahl appeared first on Otherwise.

    via Otherwise March 25, 2023

    What does Bing Chat tell us about AI risk?

    Early signs of catastrophic risk? Yes and no.

    via Cold Takes February 28, 2023

    Why Neighborhoods Should Have Speed Bumps

    I have several reasons I think why neighborhoods should have speed bumps. First, speed bumps are very useful to stop cars from hitting people in the streets. Second, when construction workers installed speed bumps on the street in front of our house it was v…

    via Lily Wise's Blog Posts February 27, 2023

    more     (via openring)


  • Posts
  • RSS
  • ◂◂RSS
  • Contact