I am selling something on a marketplace. Someone contacted me - they want to buy the thing I am selling. Do I still have it? I say yes. They say they are sending a GLS courier to collect the item. I figure they need the item fast - we are celebrating Christmas tomorrow. Why not.
The "buyer" sends me a link to a service supposedly offered by GLS, where GLS works as an intermediary - they collected the money from the buyer; when they collect the item, they will pay me. This is happening in the Czech Republic, and services like that seem plausible here. I do not know every detail of every delivery service offered here. The page looks just like an ordinary GLS page. I am in a hurry. I do not pay that much attention. I pause and check only when redirected to my bank's authentication page (this is the phishing part, obviously). Turns out GLS offers no such service.
I was closer to giving them what they wanted than I imagined possible. I was on autopilot until the last second. Not even my bank's login page surprised me that much - we have something called "bank identity" that lets you authenticate stuff by your bank ID. It is so convenient that I got used to it and I do it carelessly.
>> I hate scammers
Yes, me too.
In Czechia, something called bank ID is commonly used to authenticate. The point is to verify it is you, for example when you sign a contract online, fill in tax returns online... stuff like that. The way it works is that you are on some site, you get redirected to your internet banking, you log in (that's what I meant by "bank details", I am sorry about expressing myself so clumsily), and your bank redirects you back to that site with confirmation that is you.
Do I need to verify my identity when someone wants to send me money? Who knows. This is the part that made me check. But I was close to not checking simply because it is habitual, and you do stuff like that automatically.
Nowadays, we are often dealing with systems we do not fully understand. You get redirected to some familiar login form, you log in, and you don't even pause. Well, at least I do it. I should be a lot more careful, apparently.
If most of the traffic is scams, it’s not like they can remove it without something showing up in their metrics after all.
Search, and USPS ‘spam’ mail has a similar problem.
Are you going to show up with cash on my doorstep (or another agreed upon location)? If yes, we can continue talking. If not, you are blocked and reported. End of story.
I get why someone might not show up on my doorstep if they’re buying a piano - they probably need to hire somebody and are themselves not going to contribute anything to the piano moving process.
But fully agreed that once you’re an inch off the “show up with money” path, everything is suspect.
Even if you get .01% success rate, if it costs so little to reach 1M people, you’ll do well.
That's survival bias. There are some you can't spot.
As noted, it probably won't change anything, but scammers are a lot more sophisticated, these days, than they used to be.
It's the lifecycle of a scam. Once it really isn't worth the effort anymore, it gets packaged up and sold to stupid kids.
