- From: Merul Dhiman <me@merul.org>
- Date: Sat, 25 Jan 2025 22:44:18 +0530
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: W3C Credentials CG <public-credentials@w3.org>
- Message-ID: <CAO4-94HHBmmkoxn+G5kViFJ-xY_3Pv4Knz5zB2iBsX=xRxcyCg@mail.gmail.com>
Manu, you make a very interesting point with whether any identity document would have helped her, I believe scams like this are less about integrity of data and more about human nature, it's more about the psychology of the victim and how these scammers prey on their weaknesses. I personally know someone who was duped by a similar pigbutchering scam. People can be vulnerable at times, and vulnerable people are gullible. What really stands out in this story in particular is how the scammer used information available on the victim on social media and weaponized it to gain fake sympathy in her eyes. I do want to add a comment though, although privacy preserving identity technology could have helped this poor woman, but I believe the failure was truly at the part of her bank allowing these transfers to go through, the bank should have flagged these unusual transfers to a random account in Turkey, especially if the user doesn't have a history of making such large transactions to international accounts. Although I do believe that Identity technology would have perhaps made it simpler to verify an individual there's a more "human" element here which cannot be simply solved with cryptography. A lot of these scams are engineered to prey on vulnerable people, people who are too trusting and too kind for this world. There need to be UX warnings which could be added at the application layer for various services which warn users for common types of scams, scammers and tech prevent scammers will always be a game of whack-a-mole, you take one down another method pops up, I think this particular issue needs to be solved with education and more stringent flagging which takes into account new scams in the market. Best Wishes, Merul On Sat, Jan 25, 2025 at 10:21 PM Manu Sporny <msporny@digitalbazaar..com> wrote: > On Sat, Jan 25, 2025 at 11:05 AM Brian Richter <brian@aviary.tech> wrote: > > Here’s the article > > https://www.bbc.com/news/articles/ckgnz8rw1xgo > > Ooof, how heartbreaking, that poor woman! > > I presumed it was going to follow a standard scam with relatively > small and/or recoverable financial damage. Instead, this person lost > their entire life savings while in her 50s. Sure, she got scammed, but > society has also failed her -- all because she couldn't verify the > person on the other end of the line, and then because the banks didn't > have proper controls, and now because the authorities might not be > able to recover her money. > > Julien's point is well made in that story. Lots of lessons in there > about building fraud-resistant and unphishable systems; we need to do > better as a society. > > Would any of these things have helped? > > 1. Asking the scammer for a VP of a selectively-disclosed identity > document? > 2. Setting up a communication channel w/ continuous identity verification? > 3. The bank requiring VPs for sender and receiver of funds in that > amount? Exposing that information to the victim? > 4. The bank/money transfer app providing an AI that goes through a > safety checklist (which includes providing documentation for the > transfer)? > > What else could we build/deploy that would have helped in this case? > > -- manu > > -- > Manu Sporny - https://www.linkedin.com/in/manusporny/ > Founder/CEO - Digital Bazaar, Inc. > https://www.digitalbazaar.com/ > >
Received on Saturday, 25 January 2025 17:15:16 UTC