I always thought I was too tech-savvy to fall for a scam. Are any other older internet veterans feeling less confident lately?
Posted by Individual-Gas5276@reddit | GenX | View on Reddit | 74 comments
We grew up navigating the wild west of the early internet. Back in the day, scams were obvious (the classic Nigerian Prince or glaring spelling mistakes). I always prided myself on being the one my family comes to for tech help.
But honestly? The new wave of AI-generated phishing and fake websites is getting scary. I was doing a random interactive quiz online today that tests your ability to spot modern cyber threats, and I actually failed one of the scenarios. It was a fake login page that looked indistinguishable from the real one.
It completely humbled me. Has anyone else had that "oh wow, I almost fell for that" moment recently? How do you keep your scam-radar sharp these days?
handsomeape95@reddit
I did something dumb the other day. Tried to call Fidelity to ask a question about my 401k. I called 1-800-number vice the actual number that started with 1-866. Someone answers and identifies herself and asks if I can hear her. Thought it was strange, but I answered yes. Then she launches into this pitch about medical alert bracelets. I immediately hung up and realized I dialed the wrong number. Don't know if I really compromised anything, but I feel like an idiot for making such a mistake.
9inez@reddit
Had a similar when calling my bank business line to discuss an ACH.
I dialed one wrong digit.
Took a little bit of “that’s seems strange” vibes to realize they were bogus. Either pure scam or opportunists.
Sprinted to see my biz bank rep within 10 mins, changed acct numbers before 1 hr passed. But I felt that clock tick, tick, ticking.
It’s tiny lapses in attention that can get ya.
Bank rep told me a story abt how he compromised his identity and was nearly arrested by FBI for fraud and fraudulent car theft…due to thief having ID with his info. And, how he thought he was extra careful based on his bank training and was still compromised.
draggar@reddit
That's the scam. They now have a recoding of you saying yes and can edit the audio as they see fit. Even if you didn't give out any personal information they have your phone number.
If it ever feels off and they ask "Can you hear me" respond with "I can hear you". If they insist on a yes or no answer, hang up.
temerairevm@reddit
I got suckered by one last month. An architect I work with sent a link to download drawings for bid, which is something that happens every day at my job, and of course I clicked on it. Fortunately we have really good IT and that flagged it. Now every time someone sends drawings via a link (common, because the files are big) we voice call first to confirm.
It’s funny how the evolution of the digital world is pushing us into more analog steps.
draggar@reddit
This is my favorite new(ish) meme and it's so true.
handsomeape95@reddit
Scams and the continous addition of new junk fees are pushing me back to analog.
temerairevm@reddit
Yep. Everything being a SaaS is making software more expensive and 10x more annoying. I definitely think twice now before committing anything to software or an app. And I’m less likely to buy something that connects to an app because I just assume it’s a way to force me to pay for essential features down the line.
Mindless-Baker-7757@reddit
I feel like I’m too cautious.
draggar@reddit
You can never be too cautious.
draggar@reddit
I work in a hospital's IT department and it's scary. We had to rewrite our process for resetting someone's 2FA (it now has to either be done in person or their supervisor needs to submit the request *and* a member of IT management has to accept it.
Yes, this includes 2AM pages when we're on call.
The first time it happened the tech admitted he should have known something was off, the person referred to himself as "Dr. (name" - yet he wasn't a doctor. The second one kept referring to himself as Dr. (Firstname) (Lastname) - yet he has always gone by his nickname. Both of them also know the IT department very well (small hospital, not because they call often).
We had to do a full audit but luckily the only thing that was accessed was direct deposit. (Even if you are viewing your own, it's masked so no issue there, they just changed it, but that would have triggered payroll to issue you a paper check).
JealousDot6409@reddit
I trust nothing
MonkeyMan18975@reddit
I've known myself long enough to know I can't even trust that bastard!
Bazoun@reddit
I got an email that a service I use needed renewal. That was actually correct and from the company. I didn’t respond immediately and got a text the next day or two days later saying the same thing. That text was the scam.
I (stupidly) responded to the text and got scammed. I got the money back but then I got every phishing scam on earth for weeks after.
I assume it was just a fluke that they sent it right then - I’ve received similar messages for services I don’t use - but it was embarrassing nonetheless.
snotick@reddit
I trust no one. Worked in fraud for over a decade.
If Ed McMahon came to my door with a giant check, I'd chase him off my property.
handsomeape95@reddit
https://i.redd.it/9gtgk79n3p2h1.gif
AaronTheElite007@reddit
Listen to security podcasts to stay abreast of threats. I recommend Smashing Security, Hacking Humans, Hacked, and Darkweb Diaries
BizarroMax@reddit
Never been scammed. But it is definitely getting worse out there.
ONROSREPUS@reddit
I have not and don't think I will. I tend to stay away from tech when not at work. I don't do any online banking or pay any bills online. I try to keep my personal life off the interwebs as well. They less they have to work with the better IMO. I try not to make myself an easy target.
FlexibleIntegrity@reddit
About five years ago, I got catfished and they got me good. It took about 4 years to get myself back onto more stable ground financially.
Sad thing is my intuition was trying to tell me the whole thing didn’t feel right. However, these people are pros where it comes to manipulating people emotionally. And I fell for it.
MusicalMerlin1973@reddit
I…. Got nailed by the scam call claiming to be fraud prevention from my bank. They spoofed the number. I think they got 4-5k before I figured it out and shut them down. Usually I hang up and call the number I have on sped dial. I was tired. Never again.
Someone tried it again recently. I just drove to my branch. Nope. Part of why I will never sign up for a bank that doesn’t have a physical storefront
Cranks_No_Start@reddit
I got a text from “My Bank”. Asking about a charge and as I’ve gotten this from them before I answered.
They immediately called me ( again this has happened before) and started down that hole of we need some information to verify you but it didn’t feel correct so I hung up and called the banks 1800 number to verify.
Yep it was bs.
Oldebookworm@reddit
If we’re calling you, you are automatically verified. We have to call the number we send texts to, so we know who we’re calling. Unless someone stole your phone. That might cause issues
MusicalMerlin1973@reddit
Mine will only ever text and email. The number the scammers used will never be the source of outbound calls.
LuceLeakey@reddit
My company's cyber security team sends out regular phishing test emails. They haven't fooled me yet, so so far so good.
pdx_mom@reddit
You can always check the information about the email and it will include the name of the company that does the Phish
LuceLeakey@reddit
I work in IT so I know the name of the company we use, but I have never seen it in any of the phishing emails. That would really defeat the purpose of the test, if it were visible.
Relevant_Outside_860@reddit
I just hover over the link and it has the company name in the url.
pdx_mom@reddit
It's in the header message details.
Relevant_Outside_860@reddit
I just hover over the link and it has the company name in the url.
BendakLives@reddit
Not exactly true, we have tools that can obfuscate the origin.
domesticatedprimate@reddit
I still like to think I'm one of the last people to fall for something. I'm pretty suspicious by nature and I'm always on the outlook for the typical misspelled URL scams which are the usual giveaway for spoof websites.
More importantly, when you find yourself on a login page, the question you have to always be reviewing in your mind is "how did I get here". There are legitimate ways you arrive at a login and illegitimate ways, and the latter are usually pretty damn obvious.
So I have a pretty strong aversion to anything out of the ordinary, so I become doubly vigilant if I'm being asked for info in a novel manner. And the minute I'm suspicious I really start to dig. For example, rather than following the email link, I'll navigate to the website independently to make sure.
And if my suspicions aren't eliminated completely, I'll just ignore the call to action because if it's legit, they'll try again. Scams don't try again multiple times unless you're being specifically targeted.
Oldebookworm@reddit
i work as a fraud analyst at a bank. I almost got scammed a few months ago. Got all the way to “I’m with the ftc”. I may not have caught it if the phone number had been an 800 number. He tried to call me back from “his office” number. I captured the number and contacted the FTC employee he was pretending to be. Used the guys name and everything. I tell people every day not to beat themselves up too much, because I almost got caught.
DontEatThePorridge@reddit
Same I'm the finance manager of a law firm and we are on the watch for this constantly. The other day I got an urgent email, I was in a hurry and clicked the link. Thankfully the IT system flagged it which made me stop and look to see it was fake. And I KNOW urgency when you're already pressed for time is how they get you. They work on it for days and then bam!.. You've got to be so careful.
looselyhuman@reddit
I gotta say, the impetus that has you taking random interactive quizzes could point to a vulnerability.
AttitudeSimilar9347@reddit
Quizzes have been scams almost since the inception of the web. "Your unicorn name is your mother's maiden name and the street you grew up on!" and literally thousands of people are excitedly commenting the same details they would use to confirm their identities.
Haunting-Prior-NaN@reddit
I came real close to a fake Airbnb. Scammer published photos on an alternate platform and ensured me that the transaction would go down on Airbnb. I seeked the listing in the real site, but obviously couldn’t find it. Eventually he sent me a link to the listing. The phishing site looked identical to Airbnb. I was so excited that I started filling up the Credit card data, but just before I hit sent I examined the URL and noticed it was not Airbnb.
SolomonGrumpy@reddit
My CEO texted me to buy something for the office on my way into work because he was in a meeting. Note, I was a new employee of the CEO - a VP.
It was his number/name that showed up on my phone.
He wanted me to buy prepaid Google store cards to demo electronic payments on our platform.
I bought them and sent him screenshots of the cards. Like $200 worth. It felt like something was amiss. But it was definitely him.
Except that it wasn't. Some has spoofed his phone and stolen his identity.
SouthConsideration15@reddit
As someone else said, assume everything is a scam and then carefully investigate further.
Oldebookworm@reddit
I don’t even answer number I know everyone goes to voicemail and I’ll call back
More_Law6245@reddit
It's all about education but what gets me the most is that vendors make their devices easy to use but in reality they diminish the understanding of basic security fundamentals because people just want ease of use and in particularly smart phones.
What gets me the most is that I've lost count in asking people if they have a firewall or VPN on their home computer why wouldn't they have one on their smart phone, it's an IP based device that connects to the internet. Social engineering such as Spear Phishing or Phishing is a very common way to hack devices but yet people always surprised when they do. Ignorance is the very thing that black hat hackers count on.
Oldebookworm@reddit
Because I can’t use my network login Authenticator if I have a vpn on. It pisses me off
KaJashey@reddit
My daughter found a pair of shoes online. Sent me the link. I bought the shoes with a debit card.
Wait a week or so. No shoes. Go back to the website and it’s falling apart. Lookup reviews of the site everyone has been scammed.
I have to cancel and replace my debit card. Not a big loss but I realize I wasn’t skeptical enough of the site on first glance.
TwistedMemories@reddit
Haven't fallen for one yet. I tons of get emails that say my McAfee or Norton has been renewed and my PayPal acct has been charged $499. I do have a PayPal account, but there is no bank or credit card linked to it and I only have about $45 in it. So there's no way to charge it $499.
I've also had a number of supposed "Amazon" security alerts that someone knows my password and it has a code I need to login. I know that it's a scam as it's addressed to customer and not to me specifically. Amazon will use your name and not, customer. These land in my AOL spam folder. Now, when I hover my mouse over the email address, it does show, account_update@amazon .com, but again, it's addressed to customer.
I'm also logged into my Amazon acct 24/7 on my computer, iPhone and iPad. If I need to check my acct for activity, I can,
MaximumJones@reddit
Entire-Order3464@reddit
No. Your financial companies will never ever text you or send you a link and tell you to click on it. Use strong passwords, private browsing, and maybe a separate computer for financial stuff. Go to the actual website don't click on links in emails.
daphatty@reddit
Best solution is to not engage. I rarely click on anything I don’t know about or can’t verify the validity of. That said, there are so many exploits out there that don’t even require you to interact in order to spread.
Yes, it’s scary out there.
First-Ad-7960@reddit
The scams get better and better and in some cases manage to come from an angle where it seems impossible that it could be a way to rip you off. I try to stay paranoid.
HatlessDuck@reddit
/r/scams
This is why I joined
2PlasticLobsters@reddit
My partner started to fall for one a couple years ago. Somehow they got control of his laptop & made it blare some "warning" about it being compromised. Of course, that was meant as a distraction to block of sensible thought & just do what you're told.
He ended up on the phone with someone, and they tried to get him to log into his Wells Fargo account Of course, they could see everything on his screen.
Around this point, I reached over & muted the laptop. Between that & some other thought he had that I've forgotten, something about how he still used a flip phone, he clued in & shut them down.
It was a factor that he'd only just gotten that laptop a couple weeks before, and it had Windows 11. We both thought that was a new security feature at first.
He locked down all his accounts, changed passords, etc. Also had the laptop professionally scanned. There were no repercussions, but it was a close one.
jarhead3088@reddit
Brother my tin foil hat is always on lol
BendakLives@reddit
Internet veteran here, cybersecurity director and subject matter expert for my organization. Not falling for any of it, why? It’s simple, I am skeptical of anything and everything on the Internet. I trust nothing and no one when communicating via email, collaboration platforms, voice, and text. I’m well versed in attacker and defender techniques and have spent years teaching anyone who will listen to stop, think, and connect.
Zero trust is more than just a technology architecture, it should be a way of life when dealing with anything and everything on social media, email, and the broader Internet.
Such_Reference_8186@reddit
I've had the same concerns and I have adopted the "NO" posture. No to everything.
steve-eldridge@reddit
Never click on any links provided by any email or DM. If you suspect that you have an important message about anything, open the browser yourself and make sure you are not logged into anything other than the trusted URL.
Use two factor authentication and a trusted password strategy that makes everything complex and monitored.
I also use a screening service for all calls that blocks everything incoming, make the callers leave a message and most won't.
The government will not send messages via email or call you, they'll likely send registered mail.
Trust nothing, check the email domains and assume they are not real.
agirldonkey@reddit
I am also always telling my mom to inspect the sending address on any email that says she owes a balance somewhere. Once you click inside the sender field and reveal the actual address it’s always Gmail. I tell her to just remember that anyone who could actually charge her money for something would most likely own their corporate domain and would not use Gmail
agirldonkey@reddit
I almost fell for the good old gift card scam!!! I was so ashamed, I have saved my relatives from that one multiple times and they got me by identifying themselves by first and last name as the broker of the agency I work for. He said he was giving a presentation and needed Razer cards.
I actually got all the way to the drugstore gift card aisle and texted a photo of what they had. I didn’t snap until the scammer told me to buy one for $590 and I thought “ok but he knows I don’t have a physical corporate card and he would never ask me to just drop THAT much without some discussion of reimbur—-OOOOHHHH”
MaximumJones@reddit
LOL no.
Wrong-Barracuda0U812@reddit
Always let calls goto voicemail, I have had 2 AI calls in the past week, both scary in that they tried to get a knee jerk reaction. One was a “person” calling for help, the other was from my “bank” approving a withdrawal. Both sounded legit, both were AI and it will get worse.
If you’re not buying a new car or a new house, I would suggest freezing all of your credit until you need it. Five years ago, someone hacked my 23 and me got all or most of my genetic data and then tried to buy houses and cars and other such things. I was diligent enough to thwart their plan, but after that, I put a freeze on all of my credit with all of the credit reporting agencies. It stops most thieves in their tracks. I would also suggest closing any unnecessary online shopping portals that you may use and use a service to remove your name from as many data brokers as humanly possible.
Happy-Bluejay-3849@reddit
I work in a large place with hundreds of employees. A few times a month I get a phishing email from a hacked coworker’s account. Different coworkers every time, across all ages. Some are really obvious and some are really subtle.
I’m suspicious of all email links. Hover over the link and look in the bottom corner of your browser so see where it goes. HR has never accidentally sent you confidential information. No one in another department will ever say, “hey, I need you to check this doc.” You have never been randomly selected for a gift card. I send them all to IT so they can filter them out of the system.
In the log in scenario, the page you go to on your own is probably safe. The one you got an email saying there is a new log in page is fake. Any log in link you get in an email is suspicious if it is not for a new account. Look at the URL and make sure there is a lock next to it. For a lot of account, I’ll never click a link in an email but will do a search for the company’s log in and use that.
smuttybuddy84@reddit
LOL. Taking online quizzes is already a data mining scam.
wyohman@reddit
I'm hyper skeptical but even with that, all they need is one moment of inattention
shrubflower@reddit
I got taken for $3500 by a very realistic scam. Thank god my credit card company refunded the money. It was a .gov website and everything made to look like I had failed to pay a toll. My brother drives my car a lot, so I figured he just missed one and wanted to pay it for him. Such a mistake.
NPC261939@reddit
I'm not tech savvy myself. I am very distrustful and cynical though. I worry a lot more about my parents than myself honestly. I think just about anyone can fall victim to the right scam applied at the right time.
Formal_Plum_2285@reddit
I’m fine.
squirtloaf@reddit
I am pretty savvy, and there have been a few lately that took me several steps to figure out were bullshit.
I am confident that we will soon have scams that no level of human scrutiny will be able to discern :(
Monkeyboogaloo@reddit
I fell for one last year. I was busy and trying to do three things at once. They happened to pop up in one of the things I was trying to do. They got $300. Not the end of the world but I felt very foolish.
I worked it out half hour or so after I had paid it.
I have written courses on cyber security. But nothing is fool proof for a well equipped fool.
NVJAC@reddit
I just assume every email is trying to scam me.
Azerafael@reddit
Yes AI has definitely made things more worrying. I recently saw a uhmm "video" where the performers faces were swapped out using, presumably, AI, and it looked seriously realistic.
You could tell it was AI but it would only be just a matter of time when it would be extremely difficult if not impossible to tell otherwise.
dugs-special-mission@reddit
If there is any doubt I will call the business alerting me to a problem via numbers on my bank cards or other official material. I no longer assume electronic notifications are trustworthy.
nakedonmygoat@reddit
Same here. I've always done it that way with obvious things, like mention of a credit card or bank balance, but after a recent hospitalization, I got an amount due notice from an entity other than the hospital. I had to contact the hospital to confirm that yes, the other entity is a trusted billing partner.
Seyforth@reddit
Go analog
Konorlc@reddit
If you just don’t talk to anybody, read any emails or click on any links, you will be fine.
oldnutsy@reddit
I had a bit on an opposite experience this week. I started getting stubhub emails about the season nfl tickets I purchased for $8,300. I deleted them as phishing emails. Then the next day I got another email from stubhub, but this one was 100% normal. no links, no attachments, no click me‘s. it really made me wonder and I checked my main credit card and sure enough the charge was real.
i too worry about AI upping their game, but now I also wonder if, because of the saturation, if I’m not now ignoring stuff as a scam (I’ve never used stubhub and did not have an account with them) when it is a legit email indicating the fraud happened.
RedQueenWhiteQueen@reddit
I'm concerned, too. Four things have carried me so far:
But I do worry the new tech is heading where it could sneak past all that.
Ok-Lingonberry-8261@reddit
Password managers will detect a phishing site and Yubikey MFA will defeat any phishing attempt that gets over that hurdle.