This series is about online banking and operational security. As such it is relevant to jot just Japan, but online banking (including smartphone banking) in general. In fact, there is little specific to Japan, but the bank names, etc. we use here for example will be Japanese - but everything here could just as easily apply to Korea, the UK, or the US.
We will discuss the common problems and solutions, ranging from the simple easily implemented solutions and best practices all the way to the super paranoid.
First, let's discuss the common problems, as understanding the threat model is key:
1. Offline & Social Media Social Engineering - These are when someone attempts to convince you to "invest" or outright sent them money.
I'll give three examples:
a. The "Ore Ore" scam. This one is popular in Japan and many other countries. The scammer will call random phone numbers from a burner phone and claim to be a relative in trouble. The conversation will usually go something like this:
Victim: Hello?
Scammer: Hi, it's me!
Victim: Takeshi, is that you?
Scammer: Yes, I'm in trouble. Listen, I don't have much time to talk, but it's an emergency, I need you to send me money.
Victim: Okay, I can send some money to your account.
Scammer: I can't access my account right now, but can you sent the money to my friend's account? I'll send you the information.
Victim: Okay, I see.
Scammer: (Sends account information)
Victim: (sends money)
In this case, the scammer usually knows nothing about the victim, but just calls lots of people randomly in the hopes that someone who isn't very vigilent will assume their child, grandchild, etc. is calling, and will send the money without thinking too much due to a sense of urgency.
The scammer will likely be using a stolen account they have access to, and withdraw the money in cash as soon as it is sent. By the time the victim realizes what's happened, it will be too late. Even if they report the crime, the police are left with a burner phone number, and two victims, the one who sent the money, and the one who's account was used.
Sadly, this type of crime most often affects elderly people, who seem less likely to stop and think before blindly sending money to a loved one in need.
As cold as it may sound, the best way to stop this type of crime is simply to verify the story before sending any money to anyone. Don't say "Is this Takeshi?", but ask "Who is this?" If they won't tell you, or say something like "It's me!", then it's almost for sure a scam.
You can hang up and call them on their normal number to verify the story - even if they claim they lost their phone or whatever. It's very unlikely that anything would be that urgent that it can't wait a few hours while you check.
b. The account takeover / POSA Gift Card Scam
In this case, someone you know will contact you by chat (f.e. LINE), SMS, email, etc., claiming to need a favor. They may ask you to send the cash, or more often, gift cards. Of course they will often offer to pay you back in cash the next time they see you. Gift cards are preferable because they can be exchanged for cash without needing a bank account - so there is less evidence.
This usually means that someone's phone has been stolen, or their email account has been taken over. The best solution to this is to ask them to call you so you can discuss it. If it's somene you know, you probably know what their voice sounds like, and can quickly determine if it's someone else. You could also ask why they need the gift card, why they can't buy it themselves, etc.
This actually happened to me, with a wealthy friend suddenly asking that I buy them Amazon gift cards at 7-11 via Line. When I asked them to call me to discuss it, they started in with "Don't you trust me?", etc. That friend had two phones, so I called the other one and asked them about it. They said "Oh, I lost my phone in Thailand". I told them they should contact Line to have the account disabled, and quickly warn their other friends not to send any money to the scammer.
I also had a similar experience where another friend sent me a message from their Gmail account explainoing how they were traveling and in trouble, and wanted me to send them money via Western Union. I contacted them via Skype and of course it turned out to be a scam. they were not traveling at all and were in fact at work at the time.
c. The new friend / investment scam - Someone you don't know will contact you via some chat app, often saying they were referred to you by someone with a common name. They will try to talk to you, and over the course of weeks will try to befriend you, or perhaps make you believe they are a romantic partner.
At some point, the discussion will inevitably turn to money, and they will often try to "help" you by letting you know about an amazing investment opportunity. This will often be crypto related.
This happened to someone I know, and they were asked to invest a small amount in some crypto site. The amazing opportunity was that they would earn 1% per month just by having money in this account. So they invested a small amount, for example $100, and saw after a few months that they were indeed getting 1% interest per month. That's over 12% per year compounded, so it seems like a great deal, and they invested a lot more. The new "Friend" discouraged them from taking their winnings, suggesting they should inveest more and more. Eventually when he did try to withdraw the money, it never arrived, and the new friend blocked them. Of course the site was fake, and the money was long gone.
The sage advice "Don't talk to strangers" applies here, but more to the point, most chat programs can be set to simply not allow contact from unknown accounts. This may mean requiring that you have their phone number in your address book, making your ID non-searchable, etc. This is the best option - but even if you allow strangers to contact you, you should never take investment advice from them or send them money. A stranger you've been chatting with for 6 months is still a stranger if you've never met them in person.
Sadly this person lost about $30k to their online girlfriend.
Summary:
All of the above are social engineering scams that work based on technology, but the solutions are mainly not technological in nature - but simply verifying identity, not trusting strangers, not allowing yourself to be rushed, and thinking deliberatly before you act.
Also, a 12% risk free investment simply doesn't exist. In Japan if a company needs to raise capital, they can go to the bank and get a loan for less than 5%, so there is absolutely no reason they would pay individual investors 12%. The best stable returns you can get are form a stock market index, at around 7% - and that is risky in the short term. If someone is willing to pay you 12%, it must be riskier than that. You should always thinkg about the transaction from the other party's point of view to see if it makes sense.
0 件のコメント:
コメントを投稿