this post was submitted on 15 Mar 2025
1083 points (98.1% liked)

Programmer Humor

21609 readers
1954 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS
 
top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 32 points 1 day ago (3 children)

Our IT sent out a test once that was a fake "someone sent you this document on teams" link and I fell for it assuming it was another stupid microsoft workflow for sharing documents. The only reason I didn't actually hit the log in part that would have got me reported was because I didn't care enough about whatever it was that was supposedly sent to me.

[–] [email protected] 48 points 1 day ago (1 children)
[–] [email protected] 2 points 1 day ago

If it's not in slack, it doesn't exist

[–] [email protected] 4 points 1 day ago

I send anything that isn't plain text or something I requested straight to security to keep those fucks sharp, I wish they summarized emails I sent them instead of complaining that I keep doing it though.

[–] [email protected] 3 points 1 day ago

yeah the only phishing tests that got me were that and an invite to a Teams team because i get added to a new team every week or so lol

[–] [email protected] 228 points 2 days ago (7 children)

I had one a about a month ago now that I was actually impressed with how they did it.

I have a Apple account just for the kids Apple devices (required for school). Received an email from Apple support about fraudulent activity and that they'd call at sometimes. I thought that was weird and checked out the email and everything was legit.

Call came in a little early then in the email. They knew all the right details including the case number, sent a verification code to my mobile from a short code SMS "iCloud" and at that point they had me. But only until they asked me to go to a site apple.somebullshit.com. Well apple isn't going to use a domain that's not *.apple.com. went there anyway to check and the SSL cert was from Let's encrypt, apple ain't using let's encrypt.

20 years in IT, that's the closest I've been in. Very long time to falling for something.

[–] [email protected] 5 points 1 day ago

Apple ain't using Let's Encrypt

To be fair, I've seen just about everyone use Let's Encrypt, from banks to nsa.gov. The latter has switched their certificate provider though.

[–] Barbarian 120 points 2 days ago* (last edited 2 days ago) (1 children)

I know someone who got had by a spearfishing call. They knew all the details about his phone contract, sounded 100% legit. The scammer got thousands of dollars in prepaid SIM cards from his account.

After the police investigation, turned out that the scammer was actually a former employee of the phone company who downloaded a copy of the customer list when he got fired.

[–] [email protected] 86 points 2 days ago (3 children)

This is why even if I think something is 100% legit, if a place calls me asking for anything I tell them I have to check on it and call back. Then I'll call their known public number and go through that way. I've avoided a couple scam situations like this

[–] [email protected] 56 points 2 days ago

Honestly this is so simple and effective at stopping these sort of scams dead in their tracks. When you call in to help desk and say “I was just on the phone with your agents about a payment problem” and they don’t see any record, it’ll set off all sorts of alarm bells. Especially if it’s the bank.

[–] [email protected] 13 points 2 days ago

This is literally the correct way to proceed in any inbound communication. Doesn't matter who it is, the more authority they claim the faster to hang up.

They will try and trigger your lizard brain and make you feel like you must act now.

[–] [email protected] 3 points 2 days ago

I've done this many times in the past, and not really sure what it was about this call that I didn't.

That's just made me wonder how much of a psychological aspects scammers are employing in there scams?

[–] [email protected] 22 points 2 days ago (2 children)

So are you saying the original email genuinely was from Apple? If so do you have any idea how the scammers got all that info? And did you ever receive the legitimate call back from Apple?

[–] [email protected] 21 points 2 days ago (2 children)

I’m just speculating but maybe they (scammers) filled out a fraudulent activity form on the Apple site on behalf of the victim and then called before an Apple rep did.

[–] [email protected] 2 points 1 day ago (1 children)

Wouldn't they still need to know the username and telephone number then? That seems like something most people would be unable to link.

[–] [email protected] 2 points 1 day ago* (last edited 1 day ago)

Again I am going in to the realm of conjecture here over a little post, but maybe they had loads of information on Apple users from a data breach and this is how they were capitalising on them.

[–] [email protected] 2 points 2 days ago

Yeah that's how I think they did it.

[–] [email protected] 6 points 2 days ago

Yeah it was a legit apple support email and I compared it to the email I received after calling apple and starting a new case to give them all the info I could about the scam.

I assume that got my info from a data leak somewhere.

[–] [email protected] 16 points 2 days ago

Imagine when AI is automating the whole process. Including the phone call.

[–] [email protected] 8 points 2 days ago (1 children)

Thanks for sharing your story! It is very important to get these stories as well, someone who has 20 years in tech so close to getting scammed..

You did the correct thing and kept track of the url etc. on an offday you might not have been so vigilant.

[–] [email protected] 3 points 2 days ago

That's just made me think of something else about the day. Totally coincidental, but earlier in the day I was looking into what permission the Microsoft Company Portal App had on unmanaged Android and iOS devices for a concerned user.

Then I got the email from Apple support and was like WTF‽ Then I realised it was to my private email and went, damn! How's that timing.

[–] [email protected] 20 points 2 days ago

That's frightening

[–] [email protected] 9 points 2 days ago (1 children)

They got you because you're not familiar with the Apple ecosystem nor their support system. That's all sus as hell.

You also failed at basic opsec because you allowed them to control the flow of communication.

Was there actual suspicious activity? Did an actual Apple representative ever contact you because it sounds like the whole thing was a phish but you make it sound like they just got the case number and timing when the more likely scenario is that the email was also them.

[–] [email protected] 7 points 2 days ago

Totally agree that I don't know the Apple eco system and that made it easier. It was a legit apple support email. Even compared all email headers with the email I received after I called Apple support and opened a new case. I gave them all the info I could.

It was definitely phishing, I'd even say spear phishing as the knew all of my details without me giving it out. I assume from leaked data somewhere.

I'm pretty sure that they were able to create a support case with me details and scheduled it for that time so they had the case number and knew to call before that time.

[–] [email protected] 56 points 2 days ago (2 children)

I heard once that the reason that those phishing emails are (usually) pretty obvious is because the phisher doesn't want to accidentally catch a more attentive and careful victim, spend time trying to wire money from them, only for the victim to realize that it's a scam before following through, therefore wasting the phishers time. The type of person to fall for the Nigerian prince stuff is not common, but they exist and the odds of them paying out are much higher.

[–] [email protected] 4 points 1 day ago

Depends on what the end goal is. Wire fraud? Sure. Typically a Business Email Compromise will try and compromise the account credentials to use it as a location to send other mass phishing attacks to their contacts, gain access to sensitive information the user had, or laterally move between systems and further compromise the organization. In that case, you would want the message to appear as legitimate as possible to gain access to the highest privileged accounts.

[–] [email protected] 12 points 1 day ago* (last edited 1 day ago) (1 children)

I've heard that too. But, super-realistic scams exist, so if that's right it's just splitting the difference between the two that's a bad strategy.

[–] [email protected] 12 points 1 day ago (2 children)

It's mass phishing versus spear phishing. I believe anyone would fall for a highly specific spear phishing campaign from dedicated individuals, but I don't believe most people are important enough to be victims of it nor do most people need to really do it.

[–] [email protected] 2 points 1 day ago* (last edited 1 day ago)

The cost of people to run the scams is also a big factor. If poor quality can actually be an asset, slave labour from Myanmar or similar is going to be very competitive. You can have a small center full of those unfortunate people for the price of one Western cracker to do spear phishing.

[–] [email protected] 2 points 1 day ago

Right and the motives are likely going to be different too. Mass phishers are just out to make a quick buck, but targeted phishing could be for money, intelligence, disruption, making a statement, or even just clout.

[–] [email protected] 92 points 2 days ago* (last edited 2 days ago) (1 children)

privacy policy

look inside

sells your data

cat looking in meme

[–] [email protected] 32 points 2 days ago

The policy is that you don't have privacy and that they sell your data.

[–] [email protected] 47 points 2 days ago

wow I hate this meme format

[–] [email protected] 78 points 2 days ago (2 children)

I get that feeling when I press "report spam" and gmail suggest I "unsubscribe from them", that that's exactly what the spammer want, a ping back so they know I'm susceptible, that I'm an engaging fool, and get put on all the lists.

[–] [email protected] 52 points 2 days ago (1 children)

Not sure if emails work the same way, but this is how phone scammers work

If you interact with a phone scammer, send them to hell or do anything at all with them, you just get added to a big lost of people that respond to scam calls and so you get more calls

[–] [email protected] 13 points 2 days ago (5 children)

I try waste as much of their time as possible. It seems I've been such a cunt and wasted so much of their time that they have put my number on a blacklist.

[–] [email protected] 11 points 2 days ago (1 children)

I have a work phone and a personal phone. The work phone i answer calls from I known numbers all the time. My contact information gets passed around as part of my business. For a while I had scammers hitting my number 3-4 times per day. I answered and fucked with them every time. A little free stress relief through the day. Now I almost never get them anymore.

My personal phone I have always screened all the calls. It still gets hit with scammers 2-3 times per week.

I guess you are right. There is a list going around of numbers who waste their time.

[–] [email protected] 2 points 1 day ago

I have recieved two spam emails over the course of my life and two or three on messengers of varying degrees of privacy. Am I just lucky?

[–] ThePantser 9 points 2 days ago (1 children)

That's what I figured too. Make sure to be the biggest pain for them. Seems dumb to put someone that is savvy and not a rube on a list to be called more. I would think the not answering scam calls would get you more calls because they are unsure of you.

[–] [email protected] 17 points 2 days ago (2 children)

I defiantly got onto the call more list at one point but I kept being the biggest pain in the ass and one day they just stopped completely. I once had these one people on the phone for 6hours straight and went through about 4 transfers in the process. They connected with my VM at one point where I was live developing a fake bank website I had passed through from my host. Did u know u can embed the password game into a website extremely easily and conveniently I needed a password reset and needed help. Yes I stole the idea from kitboga.

[–] [email protected] 6 points 2 days ago (2 children)

Jesus Christ dude. 6 hours?!

Ignoring calls is easy enough. I value my time more.

If I don’t recognize a number I just don’t answer it. No time commitment.

[–] [email protected] 7 points 2 days ago

Kotboga’s record is around 54 hours. It’s amazing.

[–] [email protected] 2 points 2 days ago

Tbh I see it as free entertainment. Doing dishes and telling some guy that u computer needs a windows update and after he says to click the ignore button 500 times to say u want to update to ensure no scammers can hack you.

load more comments (1 replies)
load more comments (3 replies)
[–] explodicle 11 points 2 days ago

It drives me nuts that I can't turn off the unsubscribe feature entirely. I'll use their unsubscribe button once, and if it doesn't work, then all future emails are getting forwarded back to whoever I gave the email address.

[–] [email protected] 38 points 2 days ago (1 children)

Also work on the unsubscribe button

[–] [email protected] 19 points 2 days ago

At this point, that's like a default corporate feature.

[–] [email protected] 20 points 2 days ago
[–] [email protected] 17 points 2 days ago

Yup. Done that one

load more comments
view more: next ›