#carding
Text
How I got scammed
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
https://pluralistic.net/2024/02/05/cyber-dunning-kruger/#swiss-cheese-security
I wuz robbed.
More specifically, I was tricked by a phone-phisher pretending to be from my bank, and he convinced me to hand over my credit-card number, then did $8,000+ worth of fraud with it before I figured out what happened. And then he tried to do it again, a week later!
Here's what happened. Over the Christmas holiday, I traveled to New Orleans. The day we landed, I hit a Chase ATM in the French Quarter for some cash, but the machine declined the transaction. Later in the day, we passed a little credit-union's ATM and I used that one instead (I bank with a one-branch credit union and generally there's no fee to use another CU's ATM).
A couple days later, I got a call from my credit union. It was a weekend, during the holiday, and the guy who called was obviously working for my little CU's after-hours fraud contractor. I'd dealt with these folks before – they service a ton of little credit unions, and generally the call quality isn't great and the staff will often make mistakes like mispronouncing my credit union's name.
That's what happened here – the guy was on a terrible VOIP line and I had to ask him to readjust his mic before I could even understand him. He mispronounced my bank's name and then asked if I'd attempted to spend $1,000 at an Apple Store in NYC that day. No, I said, and groaned inwardly. What a pain in the ass. Obviously, I'd had my ATM card skimmed – either at the Chase ATM (maybe that was why the transaction failed), or at the other credit union's ATM (it had been a very cheap looking system).
I told the guy to block my card and we started going through the tedious business of running through recent transactions, verifying my identity, and so on. It dragged on and on. These were my last hours in New Orleans, and I'd left my family at home and gone out to see some of the pre-Mardi Gras krewe celebrations and get a muffalata, and I could tell that I was going to run out of time before I finished talking to this guy.
"Look," I said, "you've got all my details, you've frozen the card. I gotta go home and meet my family and head to the airport. I'll call you back on the after-hours number once I'm through security, all right?"
He was frustrated, but that was his problem. I hung up, got my sandwich, went to the airport, and we checked in. It was total chaos: an Alaska Air 737 Max had just lost its door-plug in mid-air and every Max in every airline's fleet had been grounded, so the check in was crammed with people trying to rebook. We got through to the gate and I sat down to call the CU's after-hours line. The person on the other end told me that she could only handle lost and stolen cards, not fraud, and given that I'd already frozen the card, I should just drop by the branch on Monday to get a new card.
We flew home, and later the next day, I logged into my account and made a list of all the fraudulent transactions and printed them out, and on Monday morning, I drove to the bank to deal with all the paperwork. The folks at the CU were even more pissed than I was. The fraud that run up to more than $8,000, and if Visa refused to take it out of the merchants where the card had been used, my little credit union would have to eat the loss.
I agreed and commiserated. I also pointed out that their outsource, after-hours fraud center bore some blame here: I'd canceled the card on Saturday but most of the fraud had taken place on Sunday. Something had gone wrong.
One cool thing about banking at a tiny credit-union is that you end up talking to people who have actual authority, responsibility and agency. It turned out the the woman who was processing my fraud paperwork was a VP, and she decided to look into it. A few minutes later she came back and told me that the fraud center had no record of having called me on Saturday.
"That was the fraudster," she said.
Oh, shit. I frantically rewound my conversation, trying to figure out if this could possibly be true. I hadn't given him anything apart from some very anodyne info, like what city I live in (which is in my Wikipedia entry), my date of birth (ditto), and the last four digits of my card.
Wait a sec.
He hadn't asked for the last four digits. He'd asked for the last seven digits. At the time, I'd found that very frustrating, but now – "The first nine digits are the same for every card you issue, right?" I asked the VP.
I'd given him my entire card number.
Goddammit.
The thing is, I know a lot about fraud. I'm writing an entire series of novels about this kind of scam:
https://us.macmillan.com/books/9781250865878/thebezzle
And most summers, I go to Defcon, and I always go to the "social engineering" competitions where an audience listens as a hacker in a soundproof booth cold-calls merchants (with the owner's permission) and tries to con whoever answers the phone into giving up important information.
But I'd been conned.
Now look, I knew I could be conned. I'd been conned before, 13 years ago, by a Twitter worm that successfully phished out of my password via DM:
https://locusmag.com/2010/05/cory-doctorow-persistence-pays-parasites/
That scam had required a miracle of timing. It started the day before, when I'd reset my phone to factory defaults and reinstalled all my apps. That same day, I'd published two big online features that a lot of people were talking about. The next morning, we were late getting out of the house, so by the time my wife and I dropped the kid at daycare and went to the coffee shop, it had a long line. Rather than wait in line with me, my wife sat down to read a newspaper, and so I pulled out my phone and found a Twitter DM from a friend asking "is this you?" with a URL.
Assuming this was something to do with those articles I'd published the day before, I clicked the link and got prompted for my Twitter login again. This had been happening all day because I'd done that mobile reinstall the day before and all my stored passwords had been wiped. I entered it but the page timed out. By that time, the coffees were ready. We sat and chatted for a bit, then went our own ways.
I was on my way to the office when I checked my phone again. I had a whole string of DMs from other friends. Each one read "is this you?" and had a URL.
Oh, shit, I'd been phished.
If I hadn't reinstalled my mobile OS the day before. If I hadn't published a pair of big articles the day before. If we hadn't been late getting out the door. If we had been a little more late getting out the door (so that I'd have seen the multiple DMs, which would have tipped me off).
There's a name for this in security circles: "Swiss-cheese security." Imagine multiple slices of Swiss cheese all stacked up, the holes in one slice blocked by the slice below it. All the slices move around and every now and again, a hole opens up that goes all the way through the stack. Zap!
The fraudster who tricked me out of my credit card number had Swiss cheese security on his side. Yes, he spoofed my bank's caller ID, but that wouldn't have been enough to fool me if I hadn't been on vacation, having just used a pair of dodgy ATMs, in a hurry and distracted. If the 737 Max disaster hadn't happened that day and I'd had more time at the gate, I'd have called my bank back. If my bank didn't use a slightly crappy outsource/out-of-hours fraud center that I'd already had sub-par experiences with. If, if, if.
The next Friday night, at 5:30PM, the fraudster called me back, pretending to be the bank's after-hours center. He told me my card had been compromised again. But: I hadn't removed my card from my wallet since I'd had it replaced. Also, it was half an hour after the bank closed for the long weekend, a very fraud-friendly time. And when I told him I'd call him back and asked for the after-hours fraud number, he got very threatening and warned me that because I'd now been notified about the fraud that any losses the bank suffered after I hung up the phone without completing the fraud protocol would be billed to me. I hung up on him. He called me back immediately. I hung up on him again and put my phone into do-not-disturb.
The following Tuesday, I called my bank and spoke to their head of risk-management. I went through everything I'd figured out about the fraudsters, and she told me that credit unions across America were being hit by this scam, by fraudsters who somehow knew CU customers' phone numbers and names, and which CU they banked at. This was key: my phone number is a reasonably well-kept secret. You can get it by spending money with Equifax or another nonconsensual doxing giant, but you can't just google it or get it at any of the free services. The fact that the fraudsters knew where I banked, knew my name, and had my phone number had really caused me to let down my guard.
The risk management person and I talked about how the credit union could mitigate this attack: for example, by better-training the after-hours card-loss staff to be on the alert for calls from people who had been contacted about supposed card fraud. We also went through the confusing phone-menu that had funneled me to the wrong department when I called in, and worked through alternate wording for the menu system that would be clearer (this is the best part about banking with a small CU – you can talk directly to the responsible person and have a productive discussion!). I even convinced her to buy a ticket to next summer's Defcon to attend the social engineering competitions.
There's a leak somewhere in the CU systems' supply chain. Maybe it's Zelle, or the small number of corresponding banks that CUs rely on for SWIFT transaction forwarding. Maybe it's even those after-hours fraud/card-loss centers. But all across the USA, CU customers are getting calls with spoofed caller IDs from fraudsters who know their registered phone numbers and where they bank.
I've been mulling this over for most of a month now, and one thing has really been eating at me: the way that AI is going to make this kind of problem much worse.
Not because AI is going to commit fraud, though.
One of the truest things I know about AI is: "we're nowhere near a place where bots can steal your job, we're certainly at the point where your boss can be suckered into firing you and replacing you with a bot that fails at doing your job":
https://pluralistic.net/2024/01/15/passive-income-brainworms/#four-hour-work-week
I trusted this fraudster specifically because I knew that the outsource, out-of-hours contractors my bank uses have crummy headsets, don't know how to pronounce my bank's name, and have long-ass, tedious, and pointless standardized questionnaires they run through when taking fraud reports. All of this created cover for the fraudster, whose plausibility was enhanced by the rough edges in his pitch - they didn't raise red flags.
As this kind of fraud reporting and fraud contacting is increasingly outsourced to AI, bank customers will be conditioned to dealing with semi-automated systems that make stupid mistakes, force you to repeat yourself, ask you questions they should already know the answers to, and so on. In other words, AI will groom bank customers to be phishing victims.
This is a mistake the finance sector keeps making. 15 years ago, Ben Laurie excoriated the UK banks for their "Verified By Visa" system, which validated credit card transactions by taking users to a third party site and requiring them to re-enter parts of their password there:
https://web.archive.org/web/20090331094020/http://www.links.org/?p=591
This is exactly how a phishing attack works. As Laurie pointed out, this was the banks training their customers to be phished.
I came close to getting phished again today, as it happens. I got back from Berlin on Friday and my suitcase was damaged in transit. I've been dealing with the airline, which means I've really been dealing with their third-party, outsource luggage-damage service. They have a terrible website, their emails are incoherent, and they officiously demand the same information over and over again.
This morning, I got a scam email asking me for more information to complete my damaged luggage claim. It was a terrible email, from a noreply@ email address, and it was vague, officious, and dishearteningly bureaucratic. For just a moment, my finger hovered over the phishing link, and then I looked a little closer.
On any other day, it wouldn't have had a chance. Today – right after I had my luggage wrecked, while I'm still jetlagged, and after days of dealing with my airline's terrible outsource partner – it almost worked.
So much fraud is a Swiss-cheese attack, and while companies can't close all the holes, they can stop creating new ones.
Meanwhile, I'll continue to post about it whenever I get scammed. I find the inner workings of scams to be fascinating, and it's also important to remind people that everyone is vulnerable sometimes, and scammers are willing to try endless variations until an attack lands at just the right place, at just the right time, in just the right way. If you think you can't get scammed, that makes you especially vulnerable:
https://pluralistic.net/2023/02/24/passive-income/#swiss-cheese-security
Image:
Cryteria (modified)
https://commons.wikimedia.org/wiki/File:HAL9000.svg
CC BY 3.0
https://creativecommons.org/licenses/by/3.0/deed.en
10K notes
·
View notes
Text
One of my favorite things about learning about traditional textiles is the little ghosts they left in the language. Of course the ghosts are there, now that I know to look for them. Once upon a time, half the population spent a majority of their day making textiles. Spinning, at the very least, has been a part of humanity since the Neanderthals. That kind of knowledge doesn't just disappear.
A heckle was a device with sharp metal spikes, and people drag flax through the spikes to separate out the fibers from the chaff. When you say someone heckled a performer, you think you are being literal but you're speaking in an ancient metaphor.
When my grandpa says "spinning yarns" to mean telling stories, he knows that one's not quite literal, but its vividness is lost to him. There is no image in his mind of rhythm, muscle memory, and the subtle twist that aligns clouds of fibers into a single, strong cord.
When a fanfic writer describes someone carding their fingers through someone's hair, that's the most discordant in my mind. Carding is rough, and quick, and sometimes messy (my wool is full of debris, even after lots of washing). The teeth of my cards are densely packed and scratchy. But maybe that's my error, not the writer's. Before cards were invented, wool was combed with wide-toothed combs, and sometimes, in point of fact, with fingers. The verb "to card" (from Middle English) may actually be older than the tools I use, archaic as they are. And I say may, because I can't find a definitive history. People forget, even when the language remembers.
20K notes
·
View notes
Text
Tried out my new hand cards today
I used some of the felting wool I got in my early spinning stages and don't really care about. So it's perfect for practise reasons!
I absolutely need to refine my technique so it doesn't put as much strain on my wrist. I don't think it's supposed to need this much force. But I'll get there. Hopefully
26 notes
·
View notes
Text
Some pouches I made! And I'm super happy with them, because I made them out of this:
A friend of mine has part angora goats, so she gave me a bag of Happy's hair and I carded it, spun it, plied it, wove it and then made it into pouches!
Since Happy's only part angora, her hair wasn't great to work with: very spiky and short, not many locks, and constantly shedding, so I added some silk for strength.
It spun up really nice!
It also wove up nice, but not into anything you'd want to put next to your skin - even with the silk, it was coarse and spiky (and still shedding!), hence pouches.
It was definitely an experience going from raw fibre to finished product, and one I'd like to do again, just maybe not with Happy's hair. (Even if she's adorable)
#weaving#spinning#carding#fibre arts#it also reminded me how much I love to spin#so will be doing more of that#long post
36 notes
·
View notes
Text
Test spinning is underway! It's still so greasy lol.
@mimsical-on-main i tried using water fresh out the kettle, I think it helped a bit with the grease, but didn't seem to get out as much dirt from the tips, coz it's too hot for me to put my hands in and rub out. I can live with the trade off though.
Tbh I don't mind spinning it greasy, and I'm really keen to do a true 4 ply with this, there's so much wool omg. I checked the info, it's over 3kg of raw fleece! So so so much to play with :)
I love the variation in colour through the fleece, there's lighter and darker sections and it's tickling my little gremlin brain so much. I think ive been looking for this kind of textural stimulation for a while :))
#wool#craft#craftblr#spinblr#handspinning#fibre prep#wool prep#merino#fleece#greasy wool#spinning wheel#carding#handcrafts#handmade#handspun#spinning
24 notes
·
View notes
Text
I recently bought some beautiful handcarders and I spent a few relaxing hours teaching myself how to card. It’s surprisingly easy & I carded up some spare fibre; white cormo, yak, & grey polwarth.
#craft#crafts#wip#carding#wool#yarn#rolags#maker#spinning#woolen#woolen prep#fibre#fibre arts#yarnart#yarnaddict#handspun
21 notes
·
View notes
Text
Insane how people think of handsewing as tedious when for most of history it was by far the least time-consuming step in making any garment.
#weaving#spinning#breaking#carding#so many many hours of handiwork going into each step#not to mention growing the flax or raising the sheep#!#history#textile arts
9 notes
·
View notes
Text
My new flicker is very bitey. I am getting better at the floof though.
7 notes
·
View notes
Text
How I blend colors and fiber on my drum carder:
You will need: the carder tool of "getting the batt of the carder" some tool to comb the fiber closer to the drum and a long enough needle to get between the fine needles of the drum
Also a drum carder (obviously) and some fiber of your choice in my case: 4,6 g hand dyed silk (acid dye) and 25 g south German merino (plant dyed with onion skin) (i have 100g of merino and 18,4 silk in total. Separated into 4 chunks, so i can make 4 batts. how big your batt can be depends on your carder. I can make 35g batts, but that stretches it already)
Then you'll have to separate your fiber into smaller chunks. I ripped the roving in 1/4ths to make them a bit slimmer. The silk however it worked. It is quite messy from the dyeing.
Now you need to prep that fiber for carding. How you do that depends on your taste and the fiber. I pulled the silk into a long pencil roving, because widening it out was tedious. With the merino it was the other way around .
If you have a pencil roving, start on one side of the carder and gently (very gently) guide it to the other side to distribute it evenly over the drum. The front drum will grab it and pull it in. Just let it to it and if fore fiber ends up on one part of the drum then the other. It's no big deal
If you widen the fiber out make Shure it is thin. I once heard that you should be able to read a newspaper through it. Important is, that it is not to much. Otherwise you have to work harder to get the fiber through AND you risk bending the needles and break your carder in the long run. ( I separated the 1/4th rovings in the middle to make two shorter parts)
Repeat that until all your fiber is on the drum. From time to time fiber gets stuck on the front drum. That means the back drum is getting to full. You can combat that with a hand card and card the fiber on the drum (mind the needles and their directions)
Next you pull the batt of the carder and make a picture for your blog
Now you basically repeat what you have done the first time. Ripp it apart
Pull it into a slimmer card band
Feed it to your carder from one side to the other
Rest of this will be in the reblog, got to the picture limit 😬
146 notes
·
View notes
Text
Weekends of 2-12-2024 and 11-12-2023, part four:
It took me a long time to write up the next installment in the series, but here I am! Only four months later!
Anyway, the weekend of the 2nd of december was for carding. I texted a friend of mine who has a drumcarder, and luckily enough I was able to borrow it for a few weeks. The first weekend I carded the first half (partly scoured, partly soaked overnight). Part of that (the scoured stuff) I used for a dyeing experiment with food colouring:
The blue turned out very pale and kind of a blue to green gradient, which I ended up spinning as a thick 3-ply. The purple/red ended up kind of blood coloured? At least that is what it reminds me of, this is still unspun. Conclusion: blue does not like to exhaust, get better dyes.
I also did some testspins and swatches:
On the left pic is a small test I did to see if I liked the way I cleaned and carded the wool. Of the swatches, on the left is a 3-ply (chainply), right is a two ply (I think, I did not note it down). I ended up chosing the two ply, as it is a bit more supple and I like the airiness of it better.
I decided that I wanted a bit more lanolin in it while spinning, so the other half I carded straight from the fleece during the second weekend:
There were so many stubborn locks! Since I didn't open up the locks before hand, I had to do so while carding. I ended up gathering clumps of curls in my hand and running them allong the carder to open them up. I carded each bat again to get rid of most of the clumps.
Now to start spinning and knitting! Thanks for following along!
(Part one) (Previous part)
#fiber art#spinning#fiber crafts#handspinning#fleece#sheep#fiber arts#hand spinning#work in progress#walliser schwarznase#wool spinning#lights enlightenment#wool#carding#drumcarder#louet
3 notes
·
View notes
Text
Carding and spinning wool!
27 notes
·
View notes
Text
Carded my first batt at the spinning group yesterday. Looove the colours.
Supersoft merino and bamboo viscose.
I definitely will get hand carders at the next wool festival! If I don't get them in person I'll order them (still much to spin until then so rn it'd be a bad time to buy). The batt spun up like butter and I want mooooore of this experience. Photo of the yarn will follow later
4 notes
·
View notes
Text
So you know that thing where you get a new hobby and just hyperfixate on it and buy all the things?
I now have a drum carder to go with my spinning wheel and e-spinner.
BUT it's going to be amazing for making pelts for needle felting, so it actually crosses back over to my last hyperfixation so i'm apportioning blame. And I'm going to start needle felting a Creature so I can make it a glorious pelt with the drum carder.
Here's some super messy roving I dizzed off the carder - I'm so bad with the diz but carding is so much fun!
(It's black and pewter merino with copper silk)
#Carding#fibre#it really is fun#it blends colours so fast though#like whoops there were three colours blue there a second ago now it's just one#The espinner isn't as good/fun/meditative for spinning as the wheel#but i freaking love it for plying#especially chain plying#fibre arts
20 notes
·
View notes
Text
More fibre prep with the supervisors on duty
#craft#wool#craftblr#spinning#handspun#fibre prep#fibre craft#alpaca#blend#carding#spinblr#cat#bean#jack
93 notes
·
View notes
Text
Again, another video that would make my OC Katarina Koser go bonkers with joy: carding, spinning, weaving wool yarn
Dude, she'd be SO STOKED that this sort of information is on the internet. (She'd be amazed the internet exists, first of all.) And the fact that young people are excited about textiles and fiber arts enough to make videos about it? She'd be jumping for joy! 😍
That's like, her life's mission!
#my oc: katarina#my ocs#katarina koser#oc: Katarina Koser#my oc#my oc: Katarina Koser#spinning#carding#weaving#loom#making yarn#wool fibercraft#fiber crafts#stitch witch
2 notes
·
View notes
Note
Hey, I just saw your post about textile metaphors left in the language, and I want to rec you a book you might be interested in, but, like, it's going out of print so maybe go find it at the publisher's site. Oxbow Books. Spinning Fates and the Song of the Loom: The Use of Textiles, Clothing and Cloth Production as Metaphor, Symbol and Narrative Device in Greek and Latin Literature, edited by Gionvanni Fanfani, Mary Harlow, and Mari-Louise Nosch.
Thank you!
10 notes
·
View notes
Last Seen Blogs
