Thats why on Linux you need to run the sudo command and type the root password (or user password) to install something. I get this isn't Linux but its a serious security vulnerability that someone could run a super user level command by clicking yes on a confirmation box that pops up so often that nobody thinks twice.
Technology
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
That's a sneaky one.
This is actually pretty smart because it switches the context of the action. Most intermediate users avoid clicking random executables by instinct but this is different enough that it doesn't immediately trigger that association and response.
This reminds of when I was 13 I used to tell my opponents in Warcraft 3 that pessing alt+q+q quickly reveals the map. It's a shortcut for closing the game. Worked way to many times
I do see this working
/disco mode on
ALT+F4 for free funds, opened alot of slots on bfh servers whenever my friends couldn't join.
Followed instructions but verification failed, seems like nothing happened except dick got stuck in toaster again. Using Arch, btw.
So inventive these guys. If only we could harness that ingenuity for the common good instead, it would have a huge impact.
I can't even download and run the first two, those are business innovations! 🤮
Fwiw there are a large number of people who volunteer their time and effort toward worthwhile projects. It's just they don't get rewarded anywhere near the level of benefit that they provide.
"To prove that you are human, donate $$$ to Doctors Without Borders."
"To prove that you are human, register to vote."
"To prove that you are human, adopt a pet from the local animal shelter."
I almost fell for an unrelated scam just a couple months ago. Basically, I was on vacation visiting family, had just gotten a new phone (w/ GrapheneOS, so it didn't have Google's network of spam detection), and was out and about at the time. Here's how it went down:
- received text earlier that day saying that my CC was used for an unauthorized purchase (happens a couple times/year)
- got a call from someone claiming to be my bank (not one of the popular chains like Chase or whatever)
- caller asked me to verify myself through text code, and I didn't read the text message carefully and provided it (later inspection showed that it was a password reset code)
- after going through some (fake) recent transactions, I told them they all sounded fraudulent (they were on the other side of the country)
- they asked me to confirm myself again through another code to finalize, at which point I told them they don't need a second code since I already proved my identity, and they hung up
I immediately went to go reset my password and found I was locked out, so I called my bank. They confirmed that my account had been automatically locked for suspicion of fraud (good job!!) and confirmed what I suspected, the scammer had reset my password (first code) and was attempting to add an external account (second code). Had I given them that second code, they likely would have been able to submit the transfer and it would've been a giant headache to try to get that money back.
I didn't lose anything and I immediately improved the security on my account, but I felt like an idiot for letting them get that far. I had also recently consolidated my other accounts to this one, so this would've been a big blow. They changed my account numbers, I changed my username and password, and they held my account for a week or so to ensure everything was good. This bank is one of the few that actually cares about security, so I set up voice recognition (they said they track it anyway, this just turns on an extra feature) and Symantec VIP (I prefer my regular TOTP app, but they don't support that).
I don't think it'll happen to me again, but I was still surprised that I got so far through the process before recognizing that it's a scam. And I consider myself pretty security conscious (e.g. I use TOTP everywhere, password manager, keep credit bureaus frozen, etc). I guess they got my info from a breach somewhere because they knew my name, my username (to be fair, I used it everywhere), and the bank I use (could've gotten lucky). I have since changed most of my usernames to be random, so hopefully I'll be more safe going forward.
Anyway, stay on your guard, it can happen to you.
As someone tech literate that looks hilarious to follow through with.
But if not, that really does seem similar to a normal captcha with fairly simple steps.
Usually I warn my 81 year old dad about these scams. Don't think I need to worry about this one, he wouldn't be tech savvy enough to find the windows button