19 comments

[ 2.4 ms ] story [ 34.2 ms ] thread
Incredibly creepy, but ultimately live face-swapping feels like it’s been low-hanging fruit for a while considering every messaging app seems to have some flavour of filters. Other than the creepy aspect of having to face the person who’s trying to scam you, this feels pretty run of the mill.
If it's just a segment of video of them not saying anything or reacting, it could be that it's not even a deepfake. For example, hacker video calls friend X and just records them responding to a blank call. That gives a minute of video you can play back
Also likely could record video of the author and use it with someone else next.
I would bet that’s how it works, the calls are recorded to obtain more video.

That’s also probably why the second call had the same video, if it was a deepfake they could have had multiple or longer videos.

I'm not sure whether the second call had the same video: it felt off, and that's one reason it could have been, but I really don't know.
Yes, that's now what I think happened. Funny that the simpler explanation didn't occur to me when writing the post!

Edited the post to add this.

(comment deleted)
I had someone hit me with this same scam a few months ago, with almost the exact same script, although they only said they would call and never actually attempted it. Their account has now been banned, though, so their messages in my chat log are now empty.

Doesn't seem like it'd be hard to do live face swapping from someone's Facebook photos. Seems like a sophisticated improvement on the age-old "send me that password reset code" scam that's been around forever.

> Text did't feel like them, though I don't know them that well.

This is key. Recon for this requires finding the edges of your social graph. Too close and you'd twig instantly. Too far and you wouldn't care enough to help out. Not judging your relationship with this person, but social media has devalued the concept of "friend" so far that many more people fall into that exploitable category.

I think anyone can fall for a phishing mail--provide it is received at the right moment with the right trigger.

Reminds of the incident ten years or so ago. A coca-cola executive is leading a project on energy saving, and receives an email from one of his legal people with the topic safe energy. The coca-cola guy clicks on the powerpoint link and the most comprehensive hack of coca cola is underway.

If you happen to expect the mail, you don't suspect a thing.

YUP; I've almost hit the link on some shipment phishing scams ("Your international shipment is en route, please read & sign these documents, click here...") when they arrive at a time when I'm actually awaiting a shipment. If I had been in a bit more of a rush and had not taken the extra 15 seconds to check the details and discovered they didn't match, I'd have likely clicked through & been pwned. Such close calls happened several times.

It is really pernicious, and attacks one of human's weakest capabilities, which is maintaining constant vigilance. Almost every neuroscience study shows that basic vigilance is easy, but maintaining that high vigilance over time is nearly impossible. So a constant rain of random attacks, only one of which needs to work, will see success. Ugh.

I swear there’s something going on with those fake shipping emails- I only ever get them when I’m waiting for a parcel- and no, I haven’t been entering my tracking number into any websites. Very suspicious.
Yes, now that you mention it, the gaps between these phishing emails don't seem random, but do seem to come around the same time as an actual shipment (not enough data, but...).

I mostly see fake-DHL being phished, even when the shipment is coming on another carrier. You?

Are you talking with multiple people? Or why do you call him "them"?

Btw this scammer is lazy.

>* Or why do you call him "them"?*

What makes you think the person I was talking to was male?

(Answering your question: because the gender of my hacked friend isn't relevant)

English is not my native language, so parent might be asking in good faith. "Them" is the neutral plural third-person pronoun, for when you don't know if it's a him or her.

It's something I somehow didn't notice for years, until the non-binary people started demanding it, and then I learned it was actually correct grammar.

> I learned it was actually correct grammar.

While I'm strongly in favor of expanding the situations in which we use "they", "correct grammar" isn't really right.

There is a long history of using "they" in cases where the person it references is vague or hypothetical: "each visitor took off their hat at the door", "someone has their head screwed on wrong", "no one thought they could do it", "if anyone calls, get their name". Using "they" for a specific known referent, like "Pat said they'd be home soon", is a much more recent construction.