Discussion

Matt Mullenweg

hk__2: Previous submission: https://news.ycombinator.com/item?id=47388201

voidUpdate: Whats at the bottom of the page? It looks like it's meant to be brushstrokes or something?

ErneX: Yes, same as the logo / header.

olmo23: I told my parents: if they are ever called by anyone, to tell them "now is not a good time, please give me a case number and I'll call back when I do have the time."And then, this is important, look up the number for the customer service hotline online.I feel like this is a simple solution that works 100% of the time.

firstrulephish: For the record, Apple will never call you first, but other services might. The REAL first rule of not being scammed should be stated"Thanks for the concern, I will call you right back"If your bank calls you, you turn off the call and call them. Don't take suggestions for contact address. You look them up, and you call them. Don't elaborate. The scammer is either and idiot and will try to call you telling to stop, or smart and fuck off. And if it was the bank, they'll at best, pick right back from where you left it, and at worst, learn better from the event.

maplethorpe: The scammer sounds Australian, but he pronounces mobile as "mobil", like an American. I wonder if he's doing that intentionally to provide cover, or if he's worked with Americans so much in the past that it's changed his pronunciation.

mentalgear: This scam is scarily well made. What terrifies me is how easily scalable it is across sectors (e.g. your bank) and with AI voice clones (like in the attached video they mentioned the new 11lab generation).

ChrisMarshallNY: Phishing has gotten really good, lately. As he noted, they will often re-use legit templates from the actual corporation. The email will be 99.9% legit, with maybe only one link being dodgy.I don’t think they can pass DMARC, though.My wife was almost scammed, a few years ago. What tipped her off, was how extremely good the “tech support” was. Real tech support is generally someone on a scratchy line, with a heavy accent, following an inappropriate script.Even after she backed away, they sent a few followup snail mails, looking somewhat legit (cheap printer).

tom-blk: This is actually quite impressive and concerning

argee: [delayed]

xnx: audit-apple.com is offline now. Is that something ICANN does, and if so, can they fix zombo.com?

Apple Support lives on apple.com and getsupport.apple.com, nowhere else.

JumpCrisscross: > Apple Support lives on apple.com and getsupport.apple.com, nowhere else.Meanwhile: “Microsoft support uses the following domains to send emails:microsoft.commicrosoftsupport.commail.support.microsoft.comoffice365support.comtechsupport.microsoft.com” [1][1] https://learn.microsoft.com/en-us/troubleshoot/azure/general...

throwaway290: That's just for support. Legit password resets for example come from more random top level domains with "microsoft" in it, like microsoftonline.com

CraigRood: Is this because at one point <username>@facebook.com was a valid communication method? Great concept to be fair, but once you pull back the first layer you can immediately see its problems.

e40: The number of redirects while using ms properties is just insane. It makes white listing them in uBO impossible because they redirect so fast, through multiple domains. The White listing is needed to sometimes make them work.

throwaway290: It's a thing with google and facebook too. If you login to youtube or go to facebook account settings, at least 3 redirects through very random places. I guess 3 is not a lot compared to microsoft's 15.