|
Author
|
Topic: Scammers
|
Percy
Member Posts: 23257 From: New Hampshire Joined: 12-23-2000 Member Rating: 5.6
(1)
| |
| |
| |
|
Message 1 of 14 (920881)
12-04-2024 10:45 AM
|
|
|
Michelle Singletary, a personal finance journalist at the Washington Post, has recently run a series of articles about people who've been scammed out of their retirement savings. These links are no doubt behind a paywall, but here they are anyway:
Almost all Washington Post articles conclude with a comments section, but not these except for the last. I suspect that the reason might be that when the Post ran a column by a woman (ironically a financial adviser) who had been scammed in a very similar way, more than half of the comments (mine was one of them) excoriated her for being such an idiot. The scammers these articles are about are very clever and their schemes are very elaborate. They pretend to be real people whose identity can be verified online, in this case beginning with an FBI agent. The FBI agent gains their trust, convinces them their retirement savings are in danger, and that they must place their savings in government protection. I know I would never fall for something like this. Earlier this year a nurse from my doctor's office called needing information (I no longer recall the details), and I said I couldn't provide that information because she called me and not the other way around. I said I could call her back so that I knew she was from the doctor's office, and she provided a number. I checked the number against the numbers for my doctor's office and there was no match. I said I couldn't trust that number, that I would only talk with her if I knew it was a number I could trust, which were the numbers I had in my contacts list for my doctor's office. She told me I could call the main number but that it might take a while before they could switch me to her given that she moved around quite a bit in the building. But I wasn't going to take any chances, so I called the number for my doctor's office, and it did take a while to finally get switched to her. The call was genuine. I added the number she used to the list of numbers for my doctor's office. If someone claiming to be an FBI agent called me I would respond in the same way. I don't have any numbers for the FBI, but I would ask them to provide me a public central number for the FBI that I could verify online. In my experience it's very hard to convince scammers that you're a likely victim. I've recently become a target for Medicare scammers. I get several calls a day. If I'm in need of a break then I entertain myself by seeing how long I can keep them on the line. I've learned many things I shouldn't say else they will immediately hang up. Most are innocent things such as, "Who did you say you were with again?" <click> or "What did you say your name was again?" <click> When they ask, "Do you have Medicare Part A and Part B?" definitely do not answer, "Do you?" <click> As you're riding them along there are certain answers you shouldn't give. When they ask your age, do not say "84." I'm have no idea why, but that's outside their target demographic. Do not say you're not interested in Medicare Advantage plans. When they ask for your Social Security number do not say that you don't give out personal information over the phone. Make up a fake one, else they'll hang up on you. Returning to the Post articles, I'm amazed at the ignorance and naïveté. Once the scam victims are convinced that their retirement savings are in danger, they are then enlisted in an effort to catch the thieves. They are told everything must be kept very much on the hush-hush, else the thieves will become aware that the FBI is closing in. They can't trust anyone, not their friends, not their closest relatives, not their spouses, and especially not the people at their bank because their are in on the scheme to steal their money. To keep their retirement money safe they're told to withdraw large sums of cash from their banks, or to purchase gold and take delivery, or to purchase bitcoin. The banks usually try to protect their customers, often warning them that they're concerned they may be the victim of a scam, but they don't listen. They wait on a street corner and when a certain car pulls up they put the cash or gold in the back seat and the car drives off. Or they transfer their money to a bitcoin account. They never see their money again. I wish these articles had comments sections so I could excoriate these people again. How do you get to be 65 or 70 years of age and actually believe that you're a key part of a sting operation orchestrated by the FBI? --Percy
|
Zucadragon
Member Posts: 165 From: Netherlands Joined: 06-28-2006 Member Rating: 5.6
|
|
|
Message 2 of 14 (920891)
12-05-2024 4:11 AM
|
Reply to: Message 1 by Percy
12-04-2024 10:45 AM
|
|
Over here you see it currently happening a lot with fake local police. They'll go to old people's houses, knock on the door and warn them that there's a lot of breakins going on and they're here to gather information and also to ensure peoples safety measures are up to snuff. Two guys usually, they'll go inside, they'll check locks but really, they're searching for valuables, and when they found em, one will stay in that room while the other will lure the folk away to a different room, generally with a more specific question about safety. Jewelry gets snatched and then the 'cops' are out and on to the next house without the people even knowing they've been robbed yet.
| This message is a reply to: | | | Message 1 by Percy, posted 12-04-2024 10:45 AM | | Percy has replied |
| Replies to this message: | | | Message 3 by Percy, posted 12-05-2024 9:05 AM | | Zucadragon has replied |
|
Percy
Member Posts: 23257 From: New Hampshire Joined: 12-23-2000 Member Rating: 5.6
|
|
|
Message 3 of 14 (920895)
12-05-2024 9:05 AM
|
Reply to: Message 2 by Zucadragon
12-05-2024 4:11 AM
|
|
Now that's a bold one. Are they dressed as police, or are they in plain clothes? If they're in plain clothes then that would definitely set off alarm bells for me. If they're in uniform then that's very bold. --Percy
| This message is a reply to: | | | Message 2 by Zucadragon, posted 12-05-2024 4:11 AM | | Zucadragon has replied |
| Replies to this message: | | | Message 5 by Zucadragon, posted 12-06-2024 5:07 AM | | Percy has not replied |
|
Percy
Member Posts: 23257 From: New Hampshire Joined: 12-23-2000 Member Rating: 5.6
|
|
|
Message 4 of 14 (920896)
12-05-2024 10:13 AM
|
Reply to: Message 1 by Percy
12-04-2024 10:45 AM
|
|
More in the Scammer Series
The latest installment in the series of scammer columns by Michelle Singletary of the Washington Post has just dropped:
--Percy
| This message is a reply to: | | | Message 1 by Percy, posted 12-04-2024 10:45 AM | | Percy has not replied |
|
Zucadragon
Member Posts: 165 From: Netherlands Joined: 06-28-2006 Member Rating: 5.6
|
(1)
| |
| |
| |
|
|
Message 5 of 14 (920899)
12-06-2024 5:07 AM
|
Reply to: Message 3 by Percy
12-05-2024 9:05 AM
|
|
It happens both ways really, I would also say that anyone claiming to be police better have some damn good evidence for it. Even when I'm dealing with actual police I'll stand ground on my rights as a citizen. In some cases, someone from 'the police' will call a resident a few hours beforehand, explaining the situation and priming the potential victim on the fact that an officer will visit them later to talk about the situation and inspect homes. It is very bold, but that's why they generally only rob really old people, 80+ because those people are more vulnerable to authority it seems.
| This message is a reply to: | | | Message 3 by Percy, posted 12-05-2024 9:05 AM | | Percy has not replied |
|
Percy
Member Posts: 23257 From: New Hampshire Joined: 12-23-2000 Member Rating: 5.6
|
(1)
| |
| |
| |
|
|
Message 6 of 14 (920901)
12-06-2024 10:54 AM
|
|
|
Security and Scamming
The easier it is for scammers to find your private information the easier it is for them to scam you or convince someone else they're you. I just discovered a password security hole I've never heard about before. When you create an account at a secure website, it saves away an encrypted copy of the password you provide using a one-way encryption method, meaning that it cannot be decrypted. When you log in it encrypts the password you enter and compares it to the encrypted copy it has saved away. If they match then it logs you in. There's an additional detail that makes this even more secure. The first time that it encrypts your password and saves it away, the encrypted password might look like this:
$2y$10$z8Wd/0..dqQ8eaiBYfQ6begJY30usdEXa4ojOEXv7rSCZiemyXWeq But the next time you log in it will encrypt it again and it will result in a different string. It has to call another function to compare the two strings to see if they're both valid encryptions of your password. If a hacker manages to steal your encrypted password he won't be able to use it, because even if he manages to submit it to a website (say by overwriting a password cookie), the comparison fails because the encrypted strings are identical, an obvious sign of hacking. But password managers, which are very popular, cannot use one-way encryption, whether they generate the password for you or you provide one yourself. The reason is that when they generate a password for you for, say, Wikipedia they save it away in encrypted form because they have to decrypt it in order to provide a valid password to Wikipedia the next time you log in. Passwords stored away via a decryptable method are very insecure. Let me describe this way I just discovered by which password managers can place your passwords at risk. Say you have an account at Wikipedia with a password that you selected yourself. Your spouse would like to use your Wikipedia account, but you don't want them to know your password, so you take their laptop, phone or tablet aside, enter your password, and now they're logged into your account but don't know your password. But if your spouse uses a password manager and clicks "yes" when asked whether to save that password away then the next time they log in the password manager provides the password to the password field, and if the password field has a show/hide button then they can see the password. They now know your password. Their device also knows your password and if it falls into the wrong hands can be used to discover your password. A compromised Wikipedia account isn't too much to worry about, but what if you use the same password at your bank? What if the password manager uses the cloud and is hacked? I love my wife, but she doesn't share my paranoia about security. I don't use password managers, and I have never in my life shared a password with anyone, but by logging my wife into one of my online accounts she was able to discover one of my passwords using her password manager and a helpful show/hide button. The lesson? Never share passwords, not even by logging someone else's device into one of your accounts. It will make it harder for scammers to uncover any personal information that they can use to convince you they're really legitimate, or to convince someone else that they're you. --Percy
| Replies to this message: | | | Message 7 by PaulK, posted 12-06-2024 1:39 PM | | Percy has replied |
|
PaulK
Member Posts: 18082 Joined: 01-10-2003 Member Rating: 5.1
|
(1)
| |
| |
| |
|
|
Message 7 of 14 (920904)
12-06-2024 1:39 PM
|
Reply to: Message 6 by Percy
12-06-2024 10:54 AM
|
|
Re: Security and Scamming
quote:
When you create an account at a secure website, it saves away an encrypted copy of the password you provide using a one-way encryption method, meaning that it cannot be decrypted. When you log in it encrypts the password you enter and compares it to the encrypted copy it has saved away. If they match then it logs you in.
That is usually referred to as “hashing” rather than “encrypting” . On a secure site the hash will be stored with a random “salt” which gets added to the password for the hash function. The salt means that people who choose the same password do not end up with the same hash value.
quote:
But the next time you log in it will encrypt it again and it will result in a different string. It has to call another function to compare the two strings to see if they're both valid encryptions of your password.
I’ve not heard of that one, and I don’t see how it can work as described. Generally you should be submitting passwords over a secure connection which will be encrypted, but the encrypted password will be decrypted before it is sent (with the salt) to the hash function. There is another detail - the hash function must not be too easy to run, or hackers could simply try every possibility until they find one that works. No cryptography is immune to brute-forcing - and as computer power becomes more easily available steps must be taken to keep the problems intractable enough that brute-forcing is impractical - or at least uneconomic. That’s why secure sites use specialised hash functions these days - general cryptographic hashes used to be used but efficiency is a virtue in other applications so they are not difficult enough. Just one more point. While there are reasonable concerns about password managers - though they can benefit some people - reusing passwords is a bad idea anyway. Especially for your bank account. That should have a password that you have never ever used for anything else at all. Password databases do get hacked and released. Old password databases will be based on cryptographic algorithms that are no longer secure. Hackers may well try your username and old passwords elsewhere. (In fact I once got a blackmail email that pretended to have hacked my computer - and the “evidence” was that they knew an old password that had been replaced years before.)
| This message is a reply to: | | | Message 6 by Percy, posted 12-06-2024 10:54 AM | | Percy has replied |
| Replies to this message: | | | Message 8 by Rahvin, posted 12-06-2024 3:06 PM | | PaulK has replied | | | Message 11 by Percy, posted 12-07-2024 10:59 AM | | PaulK has replied |
|
Rahvin
Member Posts: 4093 Joined: 07-01-2005 Member Rating: 7.3
|
(1)
| |
| |
| |
|
|
Message 8 of 14 (920906)
12-06-2024 3:06 PM
|
Reply to: Message 7 by PaulK
12-06-2024 1:39 PM
|
|
Re: Security and Scamming
Hackers may well try your username and old passwords elsewhere. (In fact I once got a blackmail email that pretended to have hacked my computer - and the “evidence” was that they knew an old password that had been replaced years before.) They absolutely do this, and that's why it's so important for services and sites that store credentials to use strong hash algorithms and salt. Never ever ever store passwords, even in encrypted form. Encryption can be reversed into plaintext; hashing is explicitly designed to be one-way. A given string of characters will always generate the same hash value when the same hash algorithm is used, but it's not possible to reverse the process and use the hash to reveal the original string - you have to brute force every possible string, which is computationally unfeasible for sufficiently strong algorithms. The "salt" part is used so that neither the client (your browser) nor the server (whatever you're logging onto) has the complete picture. You have the password, but don't know the right salt. The server knows the salt and the salted hash of your password, but never stores the actual password. A malicious attacker cannot take information from any single entity and get a complete logon credential. There is still risk at the moment of authentication where a man in the middle could capture your password, but this is where HTTPS/TLS come in, and that's why you should never log on to or trust services that don't use secure connections. These protocols encrypt web traffic and use a hierarchy of trusted "certificates" to ensure that you're communicating with the authentic service. Without that, an attacker could intercept your logon attempt. And this is why government policies that seek to add a "law enforcement back door" to web encryption is a terrible awful stupid very bad idea - attackers would only have to crack the backdoor key to gain access to all web communication, instead of needing to individually get the keys for every site/service you connect to. I remember T-Mobile had a major breach after being warned about their plaintext password storage. Every customer's username and password and email address and phone number was stolen in plaintext - no encryption, no hashing, just toally open and available. And hackers absolutely started automating attempts to log on to every bank, Facebook, every email service, everything with that information. Using the same password across services means that some people were easily the subject of identity theft...all because T-Mobile couldn't be bothered to implement a very simple and standard practice for storing password information.
-->“The human understanding when it has once adopted an opinion (either as being the received opinion or as being agreeable to itself) draws all things else to support and agree with it.” - Francis Bacon"There are two novels that can change a bookish fourteen-year old's life: The Lord of the Rings and Atlas Shrugged. One is a childish fantasy that often engenders a lifelong obsession with its unbelievable heroes, leading to an emotionally stunted, socially crippled adulthood, unable to deal with the real world. The other, of course, involves orcs." - John Rogers “A world that can be explained even with bad reasons is a familiar world. But, on the other hand, in a universe suddenly divested of illusions and lights, man feels an alien, a stranger. His exile is without remedy since he is deprived of the memory of a lost home or the hope of a promised land. This divorce between man and his life, the actor and his setting, is properly the feeling of absurdity.” – Albert Camus "...the pious hope that by combining numerous little turds of variously tainted data, one can obtain a valuable result; but in fact, the outcome is merely a larger than average pile of shit." - Barash, David 1995... "Many that live deserve death. And some die that deserve life. Can you give it to them? Then be not too eager to deal out death in the name of justice, fearing for your own safety. Even the wise cannot see all ends." - Gandalf, J. R. R. Tolkien: The Lord Of the Rings "The last enemy that shall be destroyed is death."
1 Corinthians 15:26King James Version (KJV) -->Nihil supernum --> -->
| This message is a reply to: | | | Message 7 by PaulK, posted 12-06-2024 1:39 PM | | PaulK has replied |
| Replies to this message: | | | Message 9 by PaulK, posted 12-06-2024 3:21 PM | | Rahvin has replied |
|
PaulK
Member Posts: 18082 Joined: 01-10-2003 Member Rating: 5.1
|
|
|
Message 9 of 14 (920908)
12-06-2024 3:21 PM
|
Reply to: Message 8 by Rahvin
12-06-2024 3:06 PM
|
|
Re: Security and Scammin
quote:
The "salt" part is used so that neither the client (your browser) nor the server (whatever you're logging onto) has the complete picture. You have the password, but don't know the right salt. The server knows the salt and the salted hash of your password, but never stores the actual password. A malicious attacker cannot take information from any single entity and get a complete logon credential.
That wouldn’t work. The only thing an attacker needs is the password - the salt is always used to check it on the server. The original purpose of salting was to harden against “rainbow tables”. But, as I said it also ensures that if users happen to pick the same password they don’t end up with the same hash.
| This message is a reply to: | | | Message 8 by Rahvin, posted 12-06-2024 3:06 PM | | Rahvin has replied |
| Replies to this message: | | | Message 10 by Rahvin, posted 12-06-2024 3:28 PM | | PaulK has not replied |
|
Rahvin
Member Posts: 4093 Joined: 07-01-2005 Member Rating: 7.3
|
|
|
Message 10 of 14 (920909)
12-06-2024 3:28 PM
|
Reply to: Message 9 by PaulK
12-06-2024 3:21 PM
|
|
Re: Security and Scammin
You're right, Im mis-speaking. The plaintext password is all they need, and otherwise you wouldnt be able to log on yourself. But the attacker can't capture data from anywhere else and reassemble the password. They can't just submit the hash, since that would be itself re-hashed. The salt is actually used to make the actual stored hashes look different, so you can't tell when people have identical passwords, among a few other benefits. When implemented correctly. (I've seen instances where developers implement hashing/salting....weirdly. Which is still maybe better than plaintext.).
-->“The human understanding when it has once adopted an opinion (either as being the received opinion or as being agreeable to itself) draws all things else to support and agree with it.” - Francis Bacon"There are two novels that can change a bookish fourteen-year old's life: The Lord of the Rings and Atlas Shrugged. One is a childish fantasy that often engenders a lifelong obsession with its unbelievable heroes, leading to an emotionally stunted, socially crippled adulthood, unable to deal with the real world. The other, of course, involves orcs." - John Rogers “A world that can be explained even with bad reasons is a familiar world. But, on the other hand, in a universe suddenly divested of illusions and lights, man feels an alien, a stranger. His exile is without remedy since he is deprived of the memory of a lost home or the hope of a promised land. This divorce between man and his life, the actor and his setting, is properly the feeling of absurdity.” – Albert Camus "...the pious hope that by combining numerous little turds of variously tainted data, one can obtain a valuable result; but in fact, the outcome is merely a larger than average pile of shit." - Barash, David 1995... "Many that live deserve death. And some die that deserve life. Can you give it to them? Then be not too eager to deal out death in the name of justice, fearing for your own safety. Even the wise cannot see all ends." - Gandalf, J. R. R. Tolkien: The Lord Of the Rings "The last enemy that shall be destroyed is death."
1 Corinthians 15:26King James Version (KJV) -->Nihil supernum --> -->
| This message is a reply to: | | | Message 9 by PaulK, posted 12-06-2024 3:21 PM | | PaulK has not replied |
|
Percy
Member Posts: 23257 From: New Hampshire Joined: 12-23-2000 Member Rating: 5.6
|
|
|
Message 11 of 14 (920928)
12-07-2024 10:59 AM
|
Reply to: Message 7 by PaulK
12-06-2024 1:39 PM
|
|
Re: Security and Scamming
PaulK writes: quote:
But the next time you log in it will encrypt it again and it will result in a different string. It has to call another function to compare the two strings to see if they're both valid encryptions of your password.
I’ve not heard of that one, and I don’t see how it can work as described. This site, using PHP, works that way, though I could have explained it better. password_hash() is called using PASSWORD_BCRYPT as the algorithm. When a user logs in password_verify() checks the user-entered password against the saved hash to see if the saved hash is a valid hash of that password. The old approach of comparing the hashed password against the saved hash no longer works because password_hash() generates a different hash each time it is called with the same password.
Generally you should be submitting passwords over a secure connection which will be encrypted, but the encrypted password will be decrypted before it is sent (with the salt) to the hash function. Yes, you're right. Two-way encryption for secure communication, one-way hash for secure validation. Your password advice is right on, but I don't think your average person is ever going to comprehend the critical importance of personal cyber security. Say your average person has accounts at 20 websites. If they use the same password everywhere, with maybe a few minor variations, then that's very insecure, for the reasons you gave. But if they've gotten the message about cyber security and are determined to use a different password at each website then they'll need to write them down, keep them in a file, have a mental system, or use a password manager. I use two-factor authentication for some sites, and it feels like that should produce a sizeable security improvement, but I haven't investigated its security aspects. --Percy
| This message is a reply to: | | | Message 7 by PaulK, posted 12-06-2024 1:39 PM | | PaulK has replied |
| Replies to this message: | | | Message 12 by PaulK, posted 12-07-2024 11:54 AM | | Percy has seen this message but not replied | | | Message 13 by Rahvin, posted 12-07-2024 5:51 PM | | Percy has not replied |
|
PaulK
Member Posts: 18082 Joined: 01-10-2003 Member Rating: 5.1
|
(1)
| |
| |
| |
|
|
Message 12 of 14 (920930)
12-07-2024 11:54 AM
|
Reply to: Message 11 by Percy
12-07-2024 10:59 AM
|
|
Re: Security and Scamming
quote:
This site, using PHP, works that way, though I could have explained it better. password_hash() is called using PASSWORD_BCRYPT as the algorithm. When a user logs in password_verify() checks the user-entered password against the saved hash to see if the saved hash is a valid hash of that password.
The old approach of comparing the hashed password against the saved hash no longer works because password_hash() generates a different hash each time it is called with the same password.
I think you may have misunderstood how it works. If you are using password_hash() it chooses a salt. You can’t use password_hash() for verification because it will choose a new salt and get a different hash. Under the hood it’s still comparing the hash directly, you just don’t see it. (Before PHP 8.0 there was apparently the option to provide a salt instead of letting the function choose one, but that no longer works). Two factor authentication is more secure because an attacker needs to obtain the second factor as well as the password. SMS is probably the least secure version but even so it’s still an improvement over a password.
| This message is a reply to: | | | Message 11 by Percy, posted 12-07-2024 10:59 AM | | Percy has seen this message but not replied |
|
Rahvin
Member Posts: 4093 Joined: 07-01-2005 Member Rating: 7.3
|
(1)
| |
| |
| |
|
|
Message 13 of 14 (920934)
12-07-2024 5:51 PM
|
Reply to: Message 11 by Percy
12-07-2024 10:59 AM
|
|
Re: Security and Scamming
2-factor has issues too. Cell phones have been the "easy" way to get people to use 2-factor, but sim-jacking is a known attack vector. You log on, the site sends a code to your cell phone...but if someone has duplicated or swapped your SIM (the easiest way is to call your cell provider and use social engineering to register a different sim card), they can intercept the code. Similar for 2FA via email - your 2FA is only as secure as your email account. Much easier to get access to an email account in most cases, but I've seen some scary/facepalm-inducing social engineering. The Google authenticator app is also tied to your Google account (if the cloud sync is turned on, which I believe is the default). So if anyone manages to steal your Google logon...they can get access to your auth codes. The same thing that makes swapping phones easy also creates a vulnerability. Personally I prefer a hardware security key like a Yubikey, but not all providers support that. You can use authenticator apps that root to a hardware key; secure GMail and many other accounts with a hardware key; etc. My password manager requires a hardware key too. Hypothetically it should be nearly impossible to break into my critical accounts (recovery email addresses, authenticator, password manager) without my physical hardware key. But getting the average user to do anything beyond the bare minimum is near impossible, which is why the cell phone and Google authenticator will likely remain most common. My setup could go farther, but even as much as I do is too much of a pain for most people to bother with.
-->“The human understanding when it has once adopted an opinion (either as being the received opinion or as being agreeable to itself) draws all things else to support and agree with it.” - Francis Bacon"There are two novels that can change a bookish fourteen-year old's life: The Lord of the Rings and Atlas Shrugged. One is a childish fantasy that often engenders a lifelong obsession with its unbelievable heroes, leading to an emotionally stunted, socially crippled adulthood, unable to deal with the real world. The other, of course, involves orcs." - John Rogers “A world that can be explained even with bad reasons is a familiar world. But, on the other hand, in a universe suddenly divested of illusions and lights, man feels an alien, a stranger. His exile is without remedy since he is deprived of the memory of a lost home or the hope of a promised land. This divorce between man and his life, the actor and his setting, is properly the feeling of absurdity.” – Albert Camus "...the pious hope that by combining numerous little turds of variously tainted data, one can obtain a valuable result; but in fact, the outcome is merely a larger than average pile of shit." - Barash, David 1995... "Many that live deserve death. And some die that deserve life. Can you give it to them? Then be not too eager to deal out death in the name of justice, fearing for your own safety. Even the wise cannot see all ends." - Gandalf, J. R. R. Tolkien: The Lord Of the Rings "The last enemy that shall be destroyed is death."
1 Corinthians 15:26King James Version (KJV) -->Nihil supernum --> -->
| This message is a reply to: | | | Message 11 by Percy, posted 12-07-2024 10:59 AM | | Percy has not replied |
|
Percy
Member Posts: 23257 From: New Hampshire Joined: 12-23-2000 Member Rating: 5.6
|
(2)
| |
| |
| |
|
|
Message 14 of 14 (922189)
02-15-2025 10:16 AM
|
|
|
Scammers Strike Again
The scammers struck close to home this time. My sister, less than a year after losing her husband, has fallen for a scam website that is pushing "investing" in cryptocurrency. I put investing in quotes because it isn't really investing. The way their website works is that you first provide them money through their platform. This is stage 1. Once they have your money you place bets on whether cryptocurrency will go up or down over the next 30 or 60 seconds. The 30-second bet pays 15% if you're right, and the 60-second bet pays 30% is you're right. If you're wrong you lose your bet. For example, if you bet $1000 that cryptocurrency will go up over the next 30 seconds and you're right, you've gained $150. If you're wrong you lose the $1000. The scamming software that runs the website almost always reports that you're right. This is stage 2. In a relatively short time the amount you've provided them grows into a substantial sum, and at that point they inform you that you owe them capital gains taxes on the amount you've won. They lock your funds while until you pay the taxes This is stage 3. Of course, your funds are always, in effect, locked. Once you send them money they never send money back. My sister has fallen for this scam and is currently seeking a loan to pay the taxes so she can free up all the money she has won. When she came to me for a loan I explained to her that she was the victim of a scam, that all the money she had given them was gone, and that they were lying to her about taxes in order to get her to turn over even more money to them. She doesn't believe me and is still looking for a loan. --Percy
|
™ Version 4.2