I saw something disturbing this morning.
-
@stefano That's only dangerous if a potential victim has 20k spare change laying around
@ricardo unfortunately, amounts like those are in their budgets, so they could pay them
-
undefined Oblomov ha condiviso questa discussione
-
I saw something disturbing this morning.
One of my clients showed me an email. They use Gmail for their emails (on their own domain) and download them locally.
The email officially came from their company president, giving the purchasing department orders to immediately pay an invoice of around €20,000 to a new supplier in the UK. It included all the details and had the invoice attached as a PDF.The worrying part is that the style and tone of the writing were exactly like their president's. However, the sender's address, while using the correct name, was a generic Gmail account. This immediately raised a red flag for the purchasing department, and they didn't fall for it. It was also easy for them to check because the president was in their office at that very moment.
Looking at the sender's address, it would have been simple for anyone to figure out what was happening, but many people don't.
The accuracy with which they (likely using an LLM) recreated the president's writing style is truly concerning.I wonder how the scammers get samples of the president's emails to use?
-
@ricardo unfortunately, amounts like those are in their budgets, so they could pay them
@stefano All jokes aside, wouldn’t a proper accounting department question an unscheduled or unbudgeted expense just because the invoice says "pay now", specially without any warning?
-
I saw something disturbing this morning.
One of my clients showed me an email. They use Gmail for their emails (on their own domain) and download them locally.
The email officially came from their company president, giving the purchasing department orders to immediately pay an invoice of around €20,000 to a new supplier in the UK. It included all the details and had the invoice attached as a PDF.The worrying part is that the style and tone of the writing were exactly like their president's. However, the sender's address, while using the correct name, was a generic Gmail account. This immediately raised a red flag for the purchasing department, and they didn't fall for it. It was also easy for them to check because the president was in their office at that very moment.
Looking at the sender's address, it would have been simple for anyone to figure out what was happening, but many people don't.
The accuracy with which they (likely using an LLM) recreated the president's writing style is truly concerning.Stefano Marinelli I hope that they have learnt that a single email should not be enough to authorise a payment
-
I saw something disturbing this morning.
One of my clients showed me an email. They use Gmail for their emails (on their own domain) and download them locally.
The email officially came from their company president, giving the purchasing department orders to immediately pay an invoice of around €20,000 to a new supplier in the UK. It included all the details and had the invoice attached as a PDF.The worrying part is that the style and tone of the writing were exactly like their president's. However, the sender's address, while using the correct name, was a generic Gmail account. This immediately raised a red flag for the purchasing department, and they didn't fall for it. It was also easy for them to check because the president was in their office at that very moment.
Looking at the sender's address, it would have been simple for anyone to figure out what was happening, but many people don't.
The accuracy with which they (likely using an LLM) recreated the president's writing style is truly concerning.@stefano I'm frustrated because a solution to this problem exists for decades - its name is #PGP. Also it has it's disadvantages, problems and is of course not bullet proof, I wonder why nobody was able to design a GUI that is usable for most users with a few hours of training. You only need to understand 5 % of PGP to be able to use it.
I think convenience and lack of interest (until it's too late) are the main obstacles.
-
Stefano Marinelli I hope that they have learnt that a single email should not be enough to authorise a payment
@nick no, they have strict procedures for this. But another company I know fell in the trap (anyway, I'm not surprised)
-
@stefano All jokes aside, wouldn’t a proper accounting department question an unscheduled or unbudgeted expense just because the invoice says "pay now", specially without any warning?
@ricardo this one doesn't - but another I know did it. And lost 18000 euros.
And they refused a new server because "hey, 1800 euros are too much for a refurbished Dell server" -
I wonder how the scammers get samples of the president's emails to use?
@nlarson830 The president is active as he's talking at conferences, etc. I've tested and the LLMs are aware of this person and his style.
-
I saw something disturbing this morning.
One of my clients showed me an email. They use Gmail for their emails (on their own domain) and download them locally.
The email officially came from their company president, giving the purchasing department orders to immediately pay an invoice of around €20,000 to a new supplier in the UK. It included all the details and had the invoice attached as a PDF.The worrying part is that the style and tone of the writing were exactly like their president's. However, the sender's address, while using the correct name, was a generic Gmail account. This immediately raised a red flag for the purchasing department, and they didn't fall for it. It was also easy for them to check because the president was in their office at that very moment.
Looking at the sender's address, it would have been simple for anyone to figure out what was happening, but many people don't.
The accuracy with which they (likely using an LLM) recreated the president's writing style is truly concerning.@stefano PGP signing is 34 y.o. with several open source implementations that make it easy to sign and to verify email messages. I will never understand why business avoid it
-
@ricardo this one doesn't - but another I know did it. And lost 18000 euros.
And they refused a new server because "hey, 1800 euros are too much for a refurbished Dell server" -
I saw something disturbing this morning.
One of my clients showed me an email. They use Gmail for their emails (on their own domain) and download them locally.
The email officially came from their company president, giving the purchasing department orders to immediately pay an invoice of around €20,000 to a new supplier in the UK. It included all the details and had the invoice attached as a PDF.The worrying part is that the style and tone of the writing were exactly like their president's. However, the sender's address, while using the correct name, was a generic Gmail account. This immediately raised a red flag for the purchasing department, and they didn't fall for it. It was also easy for them to check because the president was in their office at that very moment.
Looking at the sender's address, it would have been simple for anyone to figure out what was happening, but many people don't.
The accuracy with which they (likely using an LLM) recreated the president's writing style is truly concerning.@stefano I’ve heard that they also do this through phone call, using AI mimicking voices.
-
@ricardo yes. life can be hard, at times
-
@stefano I’ve heard that they also do this through phone call, using AI mimicking voices.
I'd considered making a mini CLI-oriented podcast but this concern was part of why I have very little audio of my voice online.
-
-
-
@stefano This is true. Quite popular fraud scheme in my country (and actually post-Soviet space). So they collect enough samples of your voice to train AI, and then call your relatives asking to transfer money somewhere ASAP. That's one of the schemes.
-
@stefano This is true. Quite popular fraud scheme in my country (and actually post-Soviet space). So they collect enough samples of your voice to train AI, and then call your relatives asking to transfer money somewhere ASAP. That's one of the schemes.
@chesheer Scary!
-
I saw something disturbing this morning.
One of my clients showed me an email. They use Gmail for their emails (on their own domain) and download them locally.
The email officially came from their company president, giving the purchasing department orders to immediately pay an invoice of around €20,000 to a new supplier in the UK. It included all the details and had the invoice attached as a PDF.The worrying part is that the style and tone of the writing were exactly like their president's. However, the sender's address, while using the correct name, was a generic Gmail account. This immediately raised a red flag for the purchasing department, and they didn't fall for it. It was also easy for them to check because the president was in their office at that very moment.
Looking at the sender's address, it would have been simple for anyone to figure out what was happening, but many people don't.
The accuracy with which they (likely using an LLM) recreated the president's writing style is truly concerning.@stefano As embarrassing as it may be, I once was scammed by someone pretending to be the owner of the company where I worked. I lost approximately $1,000
However, I did learn my lesson and checking the email address of any suspicious email is the first thing I do now
-
@stefano As embarrassing as it may be, I once was scammed by someone pretending to be the owner of the company where I worked. I lost approximately $1,000
However, I did learn my lesson and checking the email address of any suspicious email is the first thing I do now
@gabe_saltar don't be embarrassed. In 2004 or 2005, I was scammed on ebay, too. I lost 1700 euros
-
@gabe_saltar don't be embarrassed. In 2004 or 2005, I was scammed on ebay, too. I lost 1700 euros
@stefano Damn! That sucks!
