Rendered at 07:22:40 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
hollow-moe 8 hours ago [-]
They don't even need to actually vibecode the emails. Some scam reached my gmail inbox for the french railway company advantage card at a "too low to believe" price. They just downloaded an original email, replaced content urls to their own host and all links to their scam page. Yes, all links even the socials lol. There's one link that was removed instead of replaced (but the text was still there): the unsubscribe notice. I didn't check the page but the email was well done since it just was an edited official one and if the page was equally made I'm sure at least some people got scammed there.
Ucalegon 5 hours ago [-]
Leaders in the email security space have been seeing this for a while now [0], this is not new. The problem is the means to protect consumer mailboxes outside of Gmail, isn't cost effective since most people do not actually pay for their consumer mailbox and the impacts of compromised accounts do not actually impact the providers. It is going to be interesting to see how this plays out in the consumer space as the complexity of the problem continues to grow while the technology used to stop it stays in the early-2010s.
It is better to use the term phishing for spam that is attempting to comprimise your security, over just trying to sell something.
LLMs are interesting for phishing as they allow personalisation. Spam is no longer, well exactly the Monty Python meaning.
vancroft 34 minutes ago [-]
Email clients should just strip out hyperlinks. You link in the email? Write it directly, then people can copy/paste it. It wouldn't stop all phishing, but it would be a start to increase people's awareness of shady links.
shusaku 5 hours ago [-]
For years I’ve read people claim that the reason spam emails were low quality was to filter for idiots. If the spammers are now reaching for coding agents to clean up the presentation, it seems that theory was bunk.
integralid 5 hours ago [-]
That theory was always bunk. People just can't comprehend, that the average spammer really is that bad. So that theory was created to make sense of that.
Because of my work I investigated a lot of spam, and I discovered real life identities of senders in many cases (because of horrible or no exostent opsec). Most of them were either underage, lived in third world countries, or both.
SchemaLoad 4 hours ago [-]
Scams got sophisticated a while ago where they would exactly replicate things like password reset emails and such including a whole fake replica website that looks identical to the real one.
I saw someone fall for one recently where a scammer had created a fake announcement from an email sending company stating they were adding political messages to the bottom of your sent emails, and to log in to opt out. The look and feel of the email was pretty much perfect.
leviathant 2 hours ago [-]
Once or twice, I've clicked through on a link in an email that was convincing enough to fool me, and what saved me both times was that I run NoScript.
It's so frustrating just standing by and watching as we descend into a low-trust society.
rkomorn 4 hours ago [-]
Scams are getting good enough that I'm now skeptical/paranoid every time I get a legit email.
"Click link" ? I think not. Gonna log in myself in a new window and try to navigate to the same thing on my own.
SchemaLoad 4 hours ago [-]
The sophistication of scam emails these days is a big part of the switch to Passkeys, just physically making it impossible to give your credentials to the scammer site.
bombcar 4 hours ago [-]
Remember that a large portion of the "real scam" is selling scamming techniques and systems to wanna-be scammers, some who never figure out how to replace the "insert viagra link here" text.
tdeck 4 hours ago [-]
Phishing too. At one point in my job I was involved with taking down phishing sites, and we would sometimes get a copy of the Phish kit code from the site owner. These were basically extremely poorly written PHP scripts that people would buy from a scam-enabler and deploy to some website. The sophistication was the lowest possible level at each step. But even if you find the perpetrator bragging about it on Facebook, they're in Nigeria (for example) and the local government doesn't care at all.
(By the way, the perpetrators are closer to home than Nigeria).
eucyclos 2 hours ago [-]
The reason you'd want to filter for idiots is that a smarter person would waste the scammer's time when they figure out it's a scam after some human interaction. If the ai can take you all the way to the close, there's no reason to filter any more.
Daz912 53 minutes ago [-]
Scammers have no shortage of time to communicate with potential victims.
4 hours ago [-]
sudo_cowsay 5 hours ago [-]
But is this something new? Wasn't using AI for scamming around for a long time?
Scammers started using LLMs to write fishing emails, then scammers started generating images, then they started using AI to vibe code it. Its just a natural progression.
From https://news.ycombinator.com/item?id=47435156, we can know that India has a ~70% positive view on AI. While scammers likely didn't fill out the survey, it shows the general view on AI from where most scammers work from and live.
user_7832 3 hours ago [-]
> it shows the general view on AI from where most scammers work from and live.
Got any citation on that? From what I've seen, the vaat majority of scams are targeted at other Indians. The government runs a significant number of cyber awareness programs nowadays; don't think they appreciate scammers.
jordanb 4 hours ago [-]
Scamming and cheating on homework were the original use cases of AI like buying drugs and extortion were the original use cases of crypto.
userbinator 7 hours ago [-]
The (now possibly vibe-coded) email clients hiding link destinations and the real senders' addresses as well as making it very hard to see the actual message content including all headers don't help either. Scammers might get the visible body content very convincing, but one look at the Received: and From: headers is still a reliable way to discern.
b00ty4breakfast 4 hours ago [-]
Spam and LLMs are made for each other; pumping out content, with little concern for quality, at industrial scale is what LLMs most excel at.
Even if it's not the only they can do.
quangtrn 44 minutes ago [-]
[dead]
sankalpnarula 8 hours ago [-]
Blacklisting Phone numbers and IP are gonna become extreme now, to the point it wont allow any unknown number/email without `karma` to reach anyone.
qsera 6 hours ago [-]
I don't understand why something like this exists natively on phones.
If someone calls from an unknown number, they get some sort of captcha to prove that they are a human, or they matter is important.
For example, the message should say that, if you are geniune, then please call again after 1 minute..
craftkiller 5 hours ago [-]
That already exists, it's "voicemail". The scammers never leave a voice mail (idk why). If a real person is trying to reach you, they'll either leave a voice mail or text you after you don't pick up.
obezyian 4 hours ago [-]
This is country-specific, though.
In my country, despite voicemail being available since the introduction of mobile phones decades ago, I am yet to hear of a single instance of anybody actually leaving a message.
qsera 4 hours ago [-]
But voicemail implies storing the audio somewhere, and that means cost.
And at least in my country one should explicitly enable voicemail. I never could make it work for some reason..
And as far as I can see, it is not widely used.
EDIT: Oh, I completely missed the fact that there can be a fake voicemail where the phone automatically answers and asks the caller to speak and record it and store the audio on the phone itself. Then the user can check such recorded messages later..
Did you mean something like that? I am really surprised that this is not common already...
b3ing 5 hours ago [-]
Many spammers leave a prerecorded voicemail, they call quickly from 2 numbers so they can slide into your voicemail instantly without ringing more than once
2postsperday 4 hours ago [-]
[dead]
SchemaLoad 4 hours ago [-]
ios added "Call screening" which asks unknown callers to explain who they are and what they want before it rings the receiver.
The tricky part for scammers is there is no good answer here, if you claim to be a plumber and the victim hasn't booked a plumber, they won't answer.
mostertoaster 5 hours ago [-]
I thought the “sponsored by nobody” thing to donate through was another example of the spam at first.
saidnooneever 8 hours ago [-]
definitely a big issue especially with all the big places now vibe coding and leaking all our damned data in plaintext. a lot of people are getting hit real hard now. its not a joke or overstatement.
mbernstein 8 hours ago [-]
I've noticed a gigantic uptick in text messages and phone calls where people try to bypass the call screening. It may get to the point where I'll only want to see comms from people in an allowlist.
varispeed 8 hours ago [-]
I don't answer the phone from anyone I don't know. If it is something important, they'll find a way to reach me.
b3ing 5 hours ago [-]
Unfortunately when you are on the job search every call can be important
gitmagic 8 hours ago [-]
Same, except for when I’m expecting a delivery, then I tend to answer calls from unknown numbers.
dspillett 6 hours ago [-]
My standard response in such cases is “Hello unknown number, who are you and why should I not immediately hang up?”.
The response “Am I speaking to…” gets cut off with “Nope, you answer my questions first”. If they _must_ speak to Mr [MySurname] I claim to be my PA and that they aren't talking to him(me) without convincing me they aren't a junk call first. If I have a few minutes to spare, it can be quite an entertaining little game keeping them on the line so they can't be conning someone more vulnerable. Unfortunately must junk calls these days are either initially automated or the humans are wise to people like me being a waste of their time so they hang up cutting that fun short.
varispeed 7 hours ago [-]
I solved this by renting small office that has reception and they handle deliveries. They are not far and so if I get something I get a text and then I collect when is convenient for me. I really hate waiting for couriers to ring, so it's a massive stress relief.
monster_truck 2 hours ago [-]
I've gotten so much blatantly obvious garbage like this. The corner radiuses etc always give it away.
Recently reported nearly 200 firebase accounts to google, haven't gotten any since
add-sub-mul-div 7 hours ago [-]
That LLMs are enabling more use cases to hurt us than help us is too obvious to deny. But too many people think they're going to be the ones getting rich from it so they pretend it's not the case.
7 hours ago [-]
imiric 8 hours ago [-]
This is hardly new, and it goes far beyond spam emails. Most of the content produced and consumed on the internet is now done by machines. A human may or may not benefit from directing a machine to do this, and the ways they do are often highly opaque, with several layers of indirection. It doesn't take a genius to see that this is ushering in a new era of scams and spam.
"AI" companies are responsible for this mess. They should be held accountable for digging us out of it.
viccis 5 hours ago [-]
This is interesting but I am not surprised. People got used to spammers putting in zero effort because it's a game of scale for them. Well now zero effort still gets them all the way there when it comes to looking convincing.
righthand 8 hours ago [-]
Full circle.
segmondy 8 hours ago [-]
... does't matter if they got flagged as spam.
wearethecompute 2 hours ago [-]
[dead]
iam_circuit 7 hours ago [-]
[dead]
irenetusuq 6 hours ago [-]
[dead]
Cider9986 6 hours ago [-]
At this point, if you give out your email and not aliases; it is on YOU.
joecasson 5 hours ago [-]
Did you read the article? It was about how the spam is less interesting now when the person had typically enjoyed reading spam emails.
Cider9986 2 hours ago [-]
"Please don't comment on whether someone read an article. "Did you even read the article? It mentions that" can be shortened to "The article mentions that"."
https://news.ycombinator.com/newsguidelines.html
[0] https://siliconangle.com/2023/12/19/new-report-warns-rise-ai...
LLMs are interesting for phishing as they allow personalisation. Spam is no longer, well exactly the Monty Python meaning.
Because of my work I investigated a lot of spam, and I discovered real life identities of senders in many cases (because of horrible or no exostent opsec). Most of them were either underage, lived in third world countries, or both.
I saw someone fall for one recently where a scammer had created a fake announcement from an email sending company stating they were adding political messages to the bottom of your sent emails, and to log in to opt out. The look and feel of the email was pretty much perfect.
It's so frustrating just standing by and watching as we descend into a low-trust society.
"Click link" ? I think not. Gonna log in myself in a new window and try to navigate to the same thing on my own.
(By the way, the perpetrators are closer to home than Nigeria).
Scammers started using LLMs to write fishing emails, then scammers started generating images, then they started using AI to vibe code it. Its just a natural progression.
From https://news.ycombinator.com/item?id=47435156, we can know that India has a ~70% positive view on AI. While scammers likely didn't fill out the survey, it shows the general view on AI from where most scammers work from and live.
Got any citation on that? From what I've seen, the vaat majority of scams are targeted at other Indians. The government runs a significant number of cyber awareness programs nowadays; don't think they appreciate scammers.
Even if it's not the only they can do.
If someone calls from an unknown number, they get some sort of captcha to prove that they are a human, or they matter is important.
For example, the message should say that, if you are geniune, then please call again after 1 minute..
In my country, despite voicemail being available since the introduction of mobile phones decades ago, I am yet to hear of a single instance of anybody actually leaving a message.
And at least in my country one should explicitly enable voicemail. I never could make it work for some reason..
And as far as I can see, it is not widely used.
EDIT: Oh, I completely missed the fact that there can be a fake voicemail where the phone automatically answers and asks the caller to speak and record it and store the audio on the phone itself. Then the user can check such recorded messages later..
Did you mean something like that? I am really surprised that this is not common already...
The tricky part for scammers is there is no good answer here, if you claim to be a plumber and the victim hasn't booked a plumber, they won't answer.
The response “Am I speaking to…” gets cut off with “Nope, you answer my questions first”. If they _must_ speak to Mr [MySurname] I claim to be my PA and that they aren't talking to him(me) without convincing me they aren't a junk call first. If I have a few minutes to spare, it can be quite an entertaining little game keeping them on the line so they can't be conning someone more vulnerable. Unfortunately must junk calls these days are either initially automated or the humans are wise to people like me being a waste of their time so they hang up cutting that fun short.
Recently reported nearly 200 firebase accounts to google, haven't gotten any since
"AI" companies are responsible for this mess. They should be held accountable for digging us out of it.