[IntFee588]

People often act like victims of scams need to be smarter, however widespread scamming places an immense burden on the broader economy. It increases the cost of doing business, since you have to do more verification for any transaction. We don't blame victims of other crimes, scamming shouldn't be an exception.

Imagine if you went to a restaurant, and the staff refused to serve you until you showed them your bank account balance to prove you could pay. It is an immense failure of law enforcement to not crack down harder on widespread scams.

[bmitc]

> It is an immense failure of law enforcement to not crack down harder on widespread scams.

I fully agree. My identity was stolen and used to sign up for retail credit cards in a spree, and I even did the research for them. I had a timestamp of purchase, the items purchased, and the cash register number. The police could not care less. For one, they are lazy as hell and throw up jurisdictions as an excuse. The mere fact that the thief seemingly only used one store per jurisdiction seemed almost intentional in terms of taking advantage of this. The total amount stolen was $9,000, but I don't think the police gave it a second thought after I contacted them, and this was in a city big enough that had a financial crimes department.

[shuckles]

I worked briefly for a financial crimes prevention organization, and the minimum dollar amount of loss we could get police to act on was over $100,000. We would do all the research and present them with a complete case.

[oatmeal1]

> For one, they are lazy as hell

How do you know they are lazy and don't just have an excessive # of crimes to handle?

[iudqnolq]

The cops have a pervasive misallocation of resources from the top down.

For example, US police eventually come up with enough evidence for prosecutors to start proceedings only in about 50% of murder cases [1]. Yet police departments spend very little of their time working on murder cases. [2]

Assuming you believe police investigating murders is valuable, I don't see how you can think police should be wasting time on broken taillight stops when they're failing that badly at it. (If the cops can't be reassigned they should be fired and their salaries used to pay cops who can)

[1] Technically I'm describing the murder clearance rate, but I use this phrasing to avoid the common and incorrect implication that a cleared murder means it's necessary actually "solved"

[2] There's no great metric for this. Assuming a police officer who just filed an incident report about a traffic stop for a broken taillight probably wasn't working on a murder case immediately before we can use incident reporting data. For ex, https://data.sfgov.org/d/wg3w-h783/visualization

[bmitc]

Because I communicated with them.

[nyc_data_geek1]

Have you ever met and spoken at length with a cop? They're #1 concern is billing enough overtime and securing a cushy gig

[askiiart]

I won't imply any opinions here, because this is far outside my realm of knowledge, but I will say that a sample size of 1 isn't too good.

[wpietri]

Absolutely. And every dollar in the hands of scammers is funding the creation of new and better scams. Even if we didn't care about scam victims at all, society should vigorously pursue scammers just to keep the overall burden down.

[luckylion]

And it seems like a no-brainer money-wise too. A dedicated task-force of 10 people might cost you a million a year, but they'll easily track down scammers doing that amount of damage per month.

I recently took an interest into a phishing campaign because the guy was using Amazon SES and kept using new email templates and it kept landing in my inbox. He was an amateur and it was easy to find juice things on his server, and it looked like he was engaging in all kinds of different scams, like phishing for bank logins, defrauding online-shops, identity theft etc. With law enforcement options, I'm pretty confident I could've nailed him with a few hours invested. Get him for one crime, you stop 10 others.

But the last time I talked to a police officer locally, he didn't know what Netflix was so I won't even try to explain phishing to them and how I got this information on the perp.

[nradov]

A task force of 10 law enforcement officers and support staff with the necessary technical skills is going to have a fully loaded cost way higher than $1M per year.

[toss1]

Fine. Pick your number. Let's be a bit generous:

Ten fully skilled security experts deputized @ 200K/yr. Fifteen assistants at $75K/yr. All personnel grossed up to 140% for fully loaded cost. Hardware, infrastructure, software, hosting services, $200K/yr. Total (((20010)+(7515))*1.4)+200 = $4,575,000/year.

You don't think that such a team could stop $50 million in crime in a year? I'd expect that $500 million would be a slow year and stopping $5billion would be more like it. There is so much of it and such low-hanging fruit...

I know of large corporation divisions where $5 million per quarter was literally their rounding error threshold three decades ago (likely more like $15 million now).

The payoff is so great it is astonishing that some large tech companies don't do it just for the general reputation of the industry. Or the banks for the same reason (e.g., I wont' touch Zelle, both because when I first checked it out it was horribly clunky, my bank wanted $20/month just to use it, and all the persistent scams).

Or, just for lulz. This is rounding-error pocket-change for these corps. If it got going, I could see a rivalry between MS, Oracle, & Alphabet execs for who could dunk the most scam dollars, and jail the most perps...

[kube-system]

> You don't think that such a team could stop $50 million in crime in a year?

By "stop", do you mean "prevent from happening", "successfully prosecute", or "identify the perpetrators"?

My answers, respectively, are "no", "maybe, depending on the sample set", and "yes".

[toss1]

Hmm, why do you think they couldn't prevent $50mm? I'd expect that to be the easiest number to to maximize. Take out a ransomware crew, and you prevent all their crimes for the next years, as long as you keep them offline; get the encryption keys, and you've undone every ransom demand still standing. Just busting them in a way that their are either denied bail or have conditions placed on them so they cannot use any computing device, and you've taken them offline (and sufficient monitoring will probably jail them soon when they go back online under bail conditions.

Definitely agree that successfully prosecute is harder than ID perps...

[majani]

There are a lot of talented people you can sell on the dream of working for less than their full market value in order to help vulnerable people not get scammed. It would be very fulfilling work for a lot of people

[rndmize]

Track them down and do what? Are you deploying a local police officer to arrest a scammer in India? It seems to me that in the vast majority of cases, law enforcement efforts will immediately run into jurisdiction issues, and most of the effort will be for nothing.

[luckylion]

That's probably true for some part of the scams, but others are domestic. The one I was looking into was most likely speaking German natively, and from what I could tell, he was a German in Germany (some info pointed to a specific German state, and his homedir was a common German first name).

You'll still have scammers from India, but you'll also have a lot that are running more elaborate scams and do a lot of damage by defrauding the government and companies.

[rootusrootus]

It's a fine line. It is not victim blaming to discuss what happened and a strategy to avoid it in the future, though I hear a lot of people suggesting just that. Sure, don't shame the person who got scammed, but if there is something they could do differently that would increase their protection, it needs to be communicated.

[ryandrake]

Exactly. This taboo against "victim blaming" is kind of holding society back from properly addressing scams (and other crimes). Yes, the scammers are responsible and yes, they are the only ones who should face consequences.

That being said, it's smart to take precautions, and it's not victim blaming to suggest things people can do to reduce their risk of becoming victims. I teach my kid not to play in busy streets. That's not blaming pedestrian victims for car crashes--it's just sensible, risk-mitigating precaution.

[happytoexplain]

My opinion, based on observation, is the opposite (i.e. you perceive a "taboo" against victim-blaming because victim-blaming is a real problem). Obviously we need both sides of the coin (help targets to help themselves, and hamper attackers). And yes, some people may jump to accusations of victim-blaming too quickly. But, I think it's an exaggeration to imply that there is a significant problem where people are characterizing "suggesting things people can do to reduce their risk of becoming victims" as victim-blaming in the context of money scams.

I think that, by far the greater poison holding us back is the obsession with personal responsibility that many people use as an excuse to not have to expend additional effort on dealing with a problem pragmatically. If you are suggesting educating people or giving them tools to deal with scams, that's great. But a lot of people don't want to do that under the very same rationale that you are using to justify it - that the victims could have avoided it. You are saying, "people can avoid this - we need to help them do so", but there is a significant part of society whose opinion on many topics where there is a victim is, "people can avoid this - they need to take responsibility".

[BobaFloutist]

Teaching your kid not to play in busy streets wouldn't be victim blaming, it would be victim blaming if your kid got hit by a speeding car and people immediately started questioning how well you taught him street safety. The problem with victim blaming isn't that it seeks to teach people to avoid becoming victimized, the problem is that it gets brought up when people have already been harmed, making it insensitive, unhelpful (something something barn door), and, often, deflecting blame from the actual bad actor.

[luckylion]

We should agree on some time frame when it's acceptable to talk about what you could do to avoid being a victim then. It's perfectly fine to say "maybe not now" while the victim is still getting stitches, but having to wait 10 years is also pretty useless because it'll be forgotten.

When something happens is usually the best time to talk to others about that same thing. A bank exploded? Hey, have you heard that there are ways to spread the risk over multiple banks? A hospital got all their files encrypted and needs to pay a ransom? Let's talk about backup strategies and how to secure infrastructure because that could be your organization.

I don't think people discussing strategies seek to deflect blame from a potential bad actor (it doesn't need to be about crime, accidents happen all the time, and there are plenty of things you can do to lower your risk), they just want it not to happen again, or at least less frequently.

[Pxtl]

Not only law enforcement. The communication systems that allow scammers to ride on their infrastructure anonymously and fail to give their users tools to push back also bear some responsibility.

The POTS and e-mail and usenet protocols are embarrassingly broken on this front.

For anybody who is building a communication system: If you are allowing anonymous messages to users is a default behavior and it is impossible or impractical to avoid, you have created a system for spam, scams, threats, and harassment.

[golergka]

Putting blame on the victim and pointing out that victim could've easily prevented the crime are two different things. We can put the whole moral responsibility on the perpetrator, and simultaneously advice other potential victims to properly safeguard themselves.

[ericmcer]

Shitty people ruin society at every level. Sure online scams are part of it but we have banks, locked doors, guns, an entire law enforcement and justice system etc. all to account for the small minority of humans who will hurt others given the chance.

[babypuncher]

An idiot in my neighborhood getting robbed because they leave their garage door open at night causes my insurance premiums to go up, but they are still an idiot.

[cwkoss]

> We don't blame victims of other crimes

Humans blame victims so often they've created a specific term for it - "victim blaming"

[p_j_w]

>It is an immense failure of law enforcement to not crack down harder on widespread scams.

Do you think if we let cops put on their pretty SWAT gear and roll into the front yards of white collar criminals' front yards in their APCs they'd start taking these sorts of things seriously?