• Posts
  • RSS
  • ◂◂RSS
  • Contact

  • Deepfake(?) Phishing

    October 21st, 2022
    tech
    Update 2022-10-25: I now think this probably wasn't a deepfake, but a recording the attacker made when using the same attack against the previous person. See the comments.

    I think someone just tried to phish my Facebook account, including a fake video of a FB friend. Here's the conversation:

    Them, via FB Messenger, 9:32am:
    Please ,I was trying to login in my instagram page on Facebook my new phone and they ask me to find someone to help me receive a code, Facebook gave me two friends suggestions and you one of them, the other person isn't online. will you Help me receive the code please?
    Me:
    I'm sorry you're having trouble logging in! Just so I can make sure your account hasn't been hacked, how did we meet?
    Them:
    [Calls me over FB Messenger, audio isn't working but it does look like them. I'm completely convinced at this point.]
    Me:
    Audio wasn't working, but I did recognize you
    What do you need me to do?
    32665, over SMS:
    NNNNNNNN is your Facebook password reset code [this number has previously sent me FB resets]
    Them:
    Send me the code sent to you minute ago
    Me:
    Hmm, those look like the code to reset the password to my account?
    Can we call again?
    Me:
    [I try to call them back, doesn't go through]
    Them:
    Nahh it's for my instagram
    Them:
    Having bad connections here
    Them:
    Send me the code ?
    Me:
    sorry, I'm still worried your account has been hacked -- can we do another call?
    Them:
    [Calls me over FB Messenger, audio is still not working, and the video feels slightly off. Ends quickly on their end. Possibly it's even the same video from last time?]
    Me:
    We're you able to hear me?
    Them:
    My connections

    I've reported their account as hacked.

    Things that made me suspicious:

    • I don't think FB has any sort of account recovery that looks like this

    • This is exactly what an attempt to hack my FB account would look like

    • 9:30am, even though that makes it 6:30 where they live

    • Video call didn't have any audio

    • They couldn't receive incoming video calls

    • Text did't feel like them, though I don't know them that well.

    Here's a screenshot I took during the second video call:

    Even with all those things, the video call would normally have been very convincing, and it did briefly convince me. I could easily see it fooling someone who didn't know about deepfake video.

    Comment via: facebook, lesswrong, hacker news, hacker news

    Recent posts on blogs I like:

    Be less scared of overconfidence

    deferring to markets • deferring to experts • deferring to low-information heuristics • why they fail • blindness to outliers • what to do instead

    via benkuhn.net November 30, 2022

    Corncob Dolls

    I went to a farm and at the farm I got to see a corncrib and the corn that had fell out of the corncrib that no one wanted I got to use my fingers to take off the corn kernels and once the cobs were empty I put them in a bag and then once I got back to the…

    via Anna Wise's Blog Posts November 7, 2022

    Light Switch

    When I got my loft bed it was just so annoying every morning to have to get out of bed, climb down the ladder, turn the light on, and climb back up, just so I could see stuff. I decided to make a string for my light switch because I really wanted to be abl…

    via Lily Wise's Blog Posts November 7, 2022

    more     (via openring)


  • Posts
  • RSS
  • ◂◂RSS
  • Contact