RSS

The Future of the Con Is Here, It's Just Not Evenly Distributed

Manishearth1 pts0 comments

The Future of the Con Is Already Here, It's Just Not Evenly Distributed - In Pursuit of Laziness

The Set-Up

Johnny Hooker: Sometime after 2:00, a guy’s gonna call on that phone there and give you the name of a horse.

Imagine yourself, perhaps a typically-well-paid, tech-savvy professional, on the job hunt. You’ve been looking for a while with no luck; the market just sucks right now.

A recruiter reaches out on LinkedIn, and it seems to be a perfect opportunity, tailored exactly to your best skills.

The company is one you’ve heard about; it’s known to be a great place to work. They also pay pretty well compared to your previous job.

Of course you’re quite stoked, and agree to some interviews. You have an initial screening call that seems to go well. They mention that their interviews are under a standard, simple NDA and promise to send it to you over one of those legaltech SaaS startup platforms. You get the email, and after signing in to their enterprise SSO, you see what is, yep, a pretty simple NDA, and sign it.

The interviews go great. The interviewers are warm, welcoming, and you look forward to getting to work with them more. Everything they say about the company sounds amazing.

And then you get the bad news: someone else got the job. Oh well. They did, however, enjoy talking to you and might reach out for future similar opportunities. Anyway, back to the grind.

Six months later, you learn this was all a scam. Your identity has been stolen, and thousands have been spent on credit cards opened in your name. Your brokerage account has been partially drained. It’s going to take months to disentangle this, and you’re likely not going to get everything back. To top it all off, you have lost access to your email and many other online accounts.

As you are discovering this, you’re still bewildered as to how this happened. You never expected this type of thing to happen to you; you’re well versed with keeping yourself secure on the internet and not prone to common scams.

The Hook

Henry Gondorff: You can’t do it alone, you know. It takes a mob of guys like you and enough money to make them look good.

The point of attack was the login to the NDA signing platform. You chose to use a “sign in with ” login when you had to create an account, and it sent you through a realistic-looking login flow: a real Google/iCloud page, perhaps with your email already filled in. When you logged in to this site they used your entered password and subsequent “tap yes on your device” 2FA flow to log in to your account on their end (saving the session cookies), and made it look like a successful login on your end.

The attackers kept this undetected access and monitored your patterns, looking for ways to exploit it. They disabled your smoke detectors before setting off any fires: pre-filtering alert emails from accounts they intended to hit, so warnings never reached you. They downloaded all of your cloud files and used the account to log in to various other sites. They used everything they knew about you to open credit cards in your name. The interview and rejection after the compromise were theater — keeping you from getting suspicious so that they could hold on to your credentials longer.

This is pretty scary already, but it gets worse: they managed to drain funds. This is hard: modern financial systems have a lot of protection against hijacked accounts1. Most scams targeting money involve convincing someone to voluntarily transfer money in an irreversible or untraceable way, and a tech-savvy professional is less likely to be the target of that.

But it’s still possible for a scammer to take money from you with their level of access in a way that lets them keep that money and avoid detection until it’s too late. Someone with persistent, undetected access to your email and accounts may notice, for example, that you have paycheck money autotransferring to a brokerage account that you don’t seem to touch or log in to often2. They might gain access to it by resetting your password, and then add a transfer account, maybe establishing a pattern of usage making small transfers. Eventually, they transfer the funds out, timed so you won’t notice for a while, in a way that’s hard to trace3. Maybe they can wait for you to be on vacation, because they know when that is: they have your calendar!

After they’re all done and think the scam will be detected soon anyway, they lock you out of your accounts to make it harder for you to piece together what happened.

Yeah … all of that sounds possible.

It’s also a lot of effort, needing multiple people coordinating and monitoring things, for a payoff that might not happen. Feels unlikely, right?

Well, I left out one part. This entire attack was orchestrated and carried out by an LLM.

An LLM which could research everything about you and craft a tailored attack. An LLM that could put together all the things that would be needed to make this seem plausible (a LinkedIn account, a fake...

account well money access after email

Related Articles

Apple WWDC 2026 Livestream

nextstep32 ptsapple stream video event live feed

Claude Fable 5

Philpax30 ptsfable claude mythos model models capabilities

US Government directive to suspend access to Fable 5 and Mythos 5

Dylan131224 ptsfable government anthropic jailbreak access mythos

German ruling declares Google liable for false answers in AI Overviews

ahlCVA15 ptsgoogle court search overviews content users

Britain Became as Poor as Mississippi

SanjayMehta15 ptsbritain mississippi next financial crisis self
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.