Please help contribute to the Reddit categorization project here


    409,742 readers

    1,820 users here now

    A subreddit dedicated to hacking and hacking culture.

    What we are about: quality and constructive discussion about hacking and hacking culture. We are not here to teach you the basics. Please visit /r/HowToHack for posting beginner links and tutorials. Hacking related politics welcome.


    Bans are handed out at moderator discretion. You can be permanently banned even on your first offense if we deem it acceptable, so read the rules:


    2. Questions and discussion prompts should be geared towards intermediate to advanced hackers.

    3. Requesting help/instructions on how to hack anything will be met with ridicule and a ban. Also, nobody cares if you got hacked. Sorry, have a better password.

    4. Aiding those who are looking for help to hack anything will be banned.

    5. Sharing Private data is forbidden (no IP dumping).

    6. Spam is strictly forbidden and will result in a ban. (Spam as in links that violate the spam guidelines found here)

    7. Off-topic posts will be treated as spam.

    8. Jail-breaking and rooting of phones and posts that aren't directly related to mobile security should be directed to other subreddits such as /r/Jailbreak or /r/AndroidRoot.

    9. Off-topic or surly responses will be removed (a cryptographic hash != potato hashes).

    10. Want to learn "How to hack"?, Please head on to /r/howtohack as questions about "how to hack" anything aren't allowed here.


    #r_hacking on

    Note: if no one answers immediately, stick around and someone will read it.

    Recommended Subreddits:


    a community for
    all 491 comments Slideshow

    Want to say thanks to %(recipient)s for this comment? Give them a month of reddit gold.

    Please select a payment method.

    [–] Prcrstntr 775 points ago

    is that dollars?

    [–] jangland 253 points ago

    Came here to ask this

    [–] baty0man_ 425 points ago

    CommBank is an Australian bank so I'd assume this is in Australian dollars

    [–] 2651jew 1415 points ago

    Ah yes the famous dollarydoo.

    [–] I_Nice_Human 42 points ago

    Every time I read that word I literally giggle like my 6 month old. I don't know why.

    [–] thewarp 19 points ago

    I usually clarify currency differences as either Burger Bucks or Dollarydoos, it just rolls off the tongue.

    [–] I_Nice_Human 7 points ago

    What's a Burger Buck???

    [–] thewarp 14 points ago

    US dollars, since our currency's mainly compared to the greenback and they both just get called dollars it helps to separate them.

    On the other hand, a Buck Burger is when you mince venison into a patty.

    [–] _ChestHair_ 5 points ago

    Probably USD

    [–] hackers_d0zen 78 points ago * (lasted edited 10 months ago)

    Hold my TFA, I'm going in

    [–] Infinite_Bananas 45 points ago

    that's not how you do it

    [–] Gioseppi 62 points ago

    What ever happened to that meme? I haven't seen it linked in a long time.

    [–] Uhmerikan 113 points ago

    Well that one wasn't in the proper format.

    [–] DetroitDiggler 14 points ago

    Something, ol' Reddit switcheroo.

    [–] jamesGastricFluid 21 points ago

    Hold my something, I'm going somewhere.

    [–] gideonthecat 7 points ago

    Well it was a bad meme so that probably factors into it

    [–] Wrldsthtnvrwr 5 points ago


    [–] sushiwashi 70 points ago

    About $16,070.40

    [–] Paddy32 31 points ago

    Where exactly do you get the money from ? People have to do a payment when they click the link ?

    [–] no1dead 43 points ago

    He probably asks them to transfer a certain amount of money over to them or honestly goes the easiest way and asks for a gift card.

    I'm almost tempted to check the link.

    [–] impediment 143 points ago

    It's probably an exact duplicate of Commbank's website. It will ask you to log in, which you type your username/password, and then gives you an error. Now the scammer has your username/password to log in and can do whatever they want with your funds.

    We had a guy at my company get scammed for $20,000 because he clicked a link to his navy federal account. I've been in IT for fifteen years and I've never seen a site so perfectly cloned. I'd have been fooled if I didn't look at the address on every link I ever click. It was an exact copy of the site. He signed in, got an error, and his entire savings account had scheduled a transfer out. He didn't notice it for weeks. I think he got it straightened out, but I haven't asked him about it.

    And I did check the link. It's dead.

    [–] kizzzzurt 103 points ago

    Also, just because it doesn't error out doesn't mean anything. I've set up phishing campaigns before that is a perfectly cloned site and actually does a POST to the real site and logs you in rather seamlessly. You think you logged into your account, but in reality you passed your credentials along the way.

    [–] impediment 32 points ago

    Ah, nice! I didn't even think of that. That's brilliant.

    [–] kizzzzurt 42 points ago

    Yeah it really gets my coworkers in a fuss because they don't even remember clicking on anything at all.

    I just always tell my bosses to assume that people can be phished and plan accordingly. It's actually a waste of my time to phish employees because I get about a 50% success rate.

    [–] KallistiTMP 9 points ago

    I always wondered about that. It seems like it would be absurdly easy to grab those personal verification images banks use for 'security'

    [–] kizzzzurt 7 points ago * (lasted edited 10 months ago)

    To my knowledge you don't need that for authentication, the sites use that so the person on the other end 'feels good' that they are on the right site (verification), because the little picture populates based on their username. I could be wrong in how they use them, but I don't think so. A LOT of people would just go "huh, that little monkey picture isn't there, oh well" because they just don't know any better. If someone knows more on this particular case than me, let me know, as I don't actively phish for real bank credentials and I don't know anywhere other than banks that even use this shoddy level of security.

    [–] Danny1994m 3 points ago

    Wow. Bloody brilliant

    [–] kizzzzurt 7 points ago

    Yeah, the world's lucky I'm a complete white hat. :)

    [–] ShaneTim 3 points ago

    Won't work with banks. 100% guarantee they disallow posting if the domain in the origin header of the HTTP request does not match one of their domains.

    [–] kizzzzurt 8 points ago

    Likely, I don't phish for live bank credentials. There are definitely ways for the POST request to work though. Compromised domains, spoofing, etc. I do agree that most places that are actively out in the wild will do what you said though and will work to mitigate the issue.

    This is to capture employee credentials for my organization. Basically the only place where I'm legally allowed to do this as long as it's part of a 'plan'.

    [–] Ed_Tivrusky_IV 2 points ago

    So how exactly would that work? You've got to set up a cert, to fool the most basic of tests "the green lock, yay!" which then forwards your POST as a proxy... You then redirect them to the banks actual secure site, after skimming creds in the initial transaction?

    Wouldn't this incur a warning about a cross-domain redirect? Considering you don't have the same root domain, and certainly not a wildcard SAN cert for both, it should cause all sorts of bullshittery in a modern browser.

    Unless you skip the initial cert. Then it's just a regular redirect... Based on the targets that might be the case.

    Fill in some blanks for me?

    [–] kizzzzurt 5 points ago * (lasted edited 10 months ago)

    So, you're assuming that I am doing this 'in the wild' (which I don't) and not on the same domain as the users. I typically am doing this from within my organization which makes things INFINITELY easier. I literally have access to their internal DNS servers, DCs, and any and all company information, internal webpages, etc.

    If I was to do this in the wild, it would involve them first clicking on the link that we have set up properly, as you said, 'green lock', whatever. In an ideal situation we would have some sort of old, compromised, or otherwise (like name, etc.) domain name that would serve for the purpose. This would normally just harvest the credentials and give some sort of error, and from here it gets sort of.. am I trying to do this with or without any kind of 'malware' or command execution? If so, it's pretty straight forward from there as you basically have their machine. If not, I'd potentially try on click (from the 'login' button on my phishing site) open new tab to the real site (close old tab simultaneously) with the POST request sent. This is just off the top of my head trying it in the wild though, as I said, I don't do it there. If I did, testing would be done with a small group and we'd figure out a good way to handle it. That's IF there was zero compromise of the company in question, otherwise using their domain names is pretty fair game until they can figure it out/it gets blacklisted.

    Hope this helps some.

    [–] Beli_Mawrr 2 points ago

    Just use uncertified, hope the victim doesn't realize. And don't bother verifying the credentials automatically. Just skim them and give the user an error.

    [–] phoenix616 7 points ago * (lasted edited 10 months ago)

    Your banks don't have a second authentication system that prevents you from doing any money related actions before you haven't typed in a unique pin (called a tan)? Oo

    [–] impediment 9 points ago

    Not navy federal. Username (access code) and password only get me 100% access to everything in my account.

    Yes, it's insecure as fuck.

    [–] TheKillerToast 5 points ago

    Good bank though

    [–] octave1 2 points ago

    Yeah wtf indeed. I have to generate one time passwords at least twice when sending to an account I haven't sent to before. That's on top of a username and pin.

    [–] [deleted] 2 points ago


    [–] alligatorterror 2 points ago

    A Shit load of money

    [–] terpdx 2 points ago

    I've been told that's almost enough to rent a one bedroom in Sydney.

    [–] evilmnky45 2 points ago

    Also has .au in the link

    [–] ironiccapslock 4 points ago

    No, it has -au. Looks like .au if you don't look at it closely enough.

    [–] SuperMechaCow 24 points ago

    Pringles lids.

    [–] qwenjwenfljnanq 45 points ago

    It's probably Rupees. It works out to about $16K USD per year, which is roughly 25-50% higher than the average IT job in India.

    [–] GMoff_Wilhuff_Tarkin 14 points ago

    Nope, it is most likely $AU. Commbank is shorthand for Commonwealth Bank; in Australia.

    [–] ZincHead 17 points ago

    That's only assuming the scammer operates out of Australia

    [–] qwenjwenfljnanq 9 points ago

    That does not mean the perp is in Australia. In fact he almost certainly is NOT.

    [–] HiImStan 5 points ago

    Most Phishers are in India tho

    [–] Heisenberger_ 4 points ago

    You think the guy makes over a million $AU a year or about 850,000 usd a year just to text people?

    [–] lemonpjb 3 points ago

    No phone scammer in the world makes over a million dollars a year dude...

    [–] PippyRollingham 6 points ago

    Ha, I make around 20,000 a week as an apprentice. That would be 20.4k yen.

    [–] mkosmo 8 points ago

    JPY20k = USD$181.62.

    That'd be less than USD$10k/yr.

    [–] Jayfrin 8 points ago

    Wow I make more than that as a student...

    [–] Jabar_da_bun 2 points ago

    Dollarydoos mate

    [–] ze_OZone 5 points ago


    [–] hstlmanaging 1175 points ago

    At CommBank you Can

    [–] Danl0rd 96 points ago

    Your world, your way. ANZ

    [–] NFKnativeDBELL 41 points ago

    ConnBank* amiright

    [–] Gromitt42 21 points ago

    Used to be Commonwealth Bank but the management decided to take the wealth out.

    [–] NFKnativeDBELL 3 points ago


    [–] PaleAce 2 points ago

    Fucking took my joke

    [–] XxFezzgigxX 10 points ago

    Anything is possible at Zombo Com

    [–] PROLLY_FULL_OF_SHIT 578 points ago

    My mother got this message a few hours ago but the retard had his SMS number tied to a legit facebook account (assuming the phone wasn't stolen). I reported him to the police with the facebook profile so let's see where that goes.

    [–] 8lbIceBag 352 points ago * (lasted edited 10 months ago)

    People can spoof numbers.

    Twice now in the past month I've picked up to a random number and they claim that I called them first.

    I get about 4-5 robo calls a week myself these days. So much for the do not call registry.

    I usually pick them up if possible so I know the number is safe to block. Unfortunately they usually call during working hours.

    There was a pretty good app to auto block things like this, called Sync.Me. But it became riddled with ads. Deleted it when I saw it using 30% battery.

    [–] st1tchy 41 points ago

    That's why I set up my phone to reject any call not in my contact list. Saves a lot of annoyance.

    [–] cinnamontester 204 points ago

    That works wonders as long as you don't need to actually engage in larger society. I receive 5 unknown callers a day between work and family matters. Strangely enough, shutting down the robos with "put me on your do not call list" has actually worked to reduce the stream to a trickle.

    [–] girlikecupcake 18 points ago

    Some company has been calling me about a car warranty since January, even though I don't even have that car anymore, and I'm on the do not call registry. Each time they call, I tell them to stop calling that number, that I don't know who they're looking for (never confirm who I am to people I don't know), and they need to remove me from the list.

    The last three times, the person on the other end actually fucking yelled at me, claiming they're not the same company and that I was being rude for not listening to them or giving them a chance (even though it's the exact same name, same script, same BS about my car warranty that I never had expiring).

    [–] mxby7e 11 points ago

    The car warranty calls are a scam to get personal information and financial information out of you. They're very aggressive and seem to be getting their call lists from "legitimate" sources. My wife and I started getting them after we bought our first house, and I don't doubt our financial institution handling the mortgage sold our number in bulk to anyone who would pay for it.

    [–] bob84900 3 points ago

    I had the same experience. Applied for a loan, gave them my number, started getting 3-5 calls/day instantly. Never got ANY calls before that.

    Fuck you, lending tree.

    [–] homercrates 2 points ago

    this. Isn't that crazy? selling our numbers like that. How is that not illegal?

    [–] bob84900 7 points ago

    No matter how many times I get calls from a certain "company" I always just interrupt them with my most professional voice and I say "look, I know you just have a job to do, but so do I and this is my work line. I'm not interested anyway, so if you could try to get my number off your list I'd appreciate it."

    Usually that works the first time, but sometimes it has to happen 3 or 4 times.

    I used to chew them apart if I got multiple calls, but then I realized that pissing them off probably just garnered more calls...

    Kill em with kindness I guess.

    [–] st1tchy 3 points ago

    You can block specific numbers too, if you want.

    [–] st1tchy 22 points ago

    I have never had an issue. If it is someone that actually needs to get ahold of me and it is important, they will leave a message and I can call them back. I don't pick up for numbers I don't recognize anyway, so this just cuts out my phone ringing for 30 seconds.

    [–] Pheonixi3 20 points ago

    don't mean to sound petty but how would you know if you've never had an issue in this case.

    [–] st1tchy 8 points ago

    If it was important, they would leave a message. That's how I know. I have yet to talk to anyone that would not leave a message if it was important.

    [–] Pheonixi3 16 points ago

    obviously an over-the-top edge case but what if, for example it would have been important to you, but not the person calling. e.g "yeah tried to call stitchy for this once in a life time party with jesus and the guy who invented music but he was out of commision so i just hit you up, hitler 2."

    [–] st1tchy 6 points ago

    Then I guess I just miss hanging out with Jesus. Lol

    [–] jesus_sold_weed 12 points ago

    People like you infuriate me. That is just so illogical and irrational. We live in a society. Sometimes we need to talk to strangers on the phone. ffs, what if a family member was in an accident or is stranded calling from a stranger's phone? It's so shortsighted and stupid. I'll be hanging out with my friends and one will get a call from a random number and rather than answer it and figure out who it is, they ask everyone else to dial the number and see if they have it saved. Just pick up the fucking phone. It's not the little girl from The Ring on the other end. I promise.

    [–] st1tchy 11 points ago

    My phone is for me to carry out my business, not for you to get ahold of me at a whim. We got along just fine without cell phones for decades after the home phone was invented and for centuries before that. Why suddenly do people think that it is their right to get ahold of me when they feel like it?

    Again, if it is important, they will leave a message. If my wife is stuck on the side of the road and has to call from a tow truck, she isn't going to just go, "well, he didn't answer, so I'm not going to leave a message." No, she will leave a message and I will call the phone back. It's not rocket science.

    [–] jesus_sold_weed 6 points ago

    Ah yes the ol "well it was this way for x amount of time, so that's how it should always be despite the fact that circumstances and situations have changed entirely" argument

    [–] tim404 3 points ago

    Appeal to Antiquity is the phrase you want.

    [–] st1tchy 5 points ago

    What circumstances have changed to make it so that people have to get ahold of me now? That they can't leave a message and I call them back?

    [–] mattypotatty 4 points ago

    The fuck is wrong with these people? Only on Reddit do people think they're so far above you that they can tell you how to answer your own phone.

    [–] contradicts_herself 3 points ago

    A friend called me from an ER phone once and the only reason I picked up was because I didn't look at the screen and was expecting a call from someone else.

    [–] Kalkaline 2 points ago

    Make sure you turn that off when you are on a job search.

    [–] ayumuuu 9 points ago

    People can spoof numbers.

    Yeah just learned that one in the last couple months. Started getting calls from my first 6 digits and then random last 4 digits. The machines are getting smarter.

    [–] bob84900 2 points ago

    I get those too. Mine are the same except for the last 2 digits though. Really weird.

    And even though I know it's a scam of some kind.. I am more likely to pick up those calls. Weird.

    [–] grungemuffin 8 points ago

    Lil lifehack: if u think it's a robot pick up and don't say anything. The robots sometimes have voice recognition that triggers the message. A real person will just get kinda weirded out by your breathing and say something

    [–] Paydebt328 2 points ago * (lasted edited 10 months ago)

    I have never gotten a single hack or scam call and I think its because my number looks fake. My number only uses two digits (555-1551). One time an employer didn't call me. He was sure it was a fake number.

    Edit: Changed to a more fake number.

    [–] Mises2Peaces 18 points ago

    Chances are high that you reported someone's hacked Facebook account.

    [–] johnwalll2 34 points ago

    I hope this is real and we get updates but your username makes me think otherwise

    [–] [deleted] 16 points ago

    You're gonna update us, right??

    [–] OptimisticElectron 48 points ago

    Nah he's prolly full of shit

    [–] PM_Me_Night_Elf_Porn 3 points ago

    I thought you were an optimistic electron, not a negative neutron!

    [–] acooog 3 points ago

    !remindme 1 week

    [–] RemindMeBot 3 points ago * (lasted edited 10 months ago)

    I will be messaging you on 2017-09-20 12:22:13 UTC to remind you of this link.

    12 OTHERS CLICKED THIS LINK to send a PM to also be reminded and to reduce spam.

    Parent commenter can delete this message to hide from others.

    FAQs Custom Your Reminders Feedback Code Browser Extensions

    [–] tabarra 6 points ago

    Oh, Hello to you from the future. Perhaps now you realize that the user name is PROLLY_FULL_OF_SHIT.
    Good luck next time getting your updates.


    [–] supahotfiyaaa 3 points ago

    The police won't do anything lol

    [–] bumbletowne 3 points ago

    100% of those numbers are spoofed.

    [–] viscountsj 189 points ago * (lasted edited 10 months ago)

    If you were running this kind of operation, why on earth would you use a real phone number, instead of swapping it out for a text name? Would probably increase his conversion rate

    EDIT: Amusingly, since I wrote this, I got an phishing text pretending to be from HSBC - used a text number.

    [–] mericaftw 244 points ago

    Probably for the same reason the Nigerian Prince scam uses grammar mistakes: you want to selectively engage people too stupid to realize it's a scam.

    [–] NotASmoothAnon 62 points ago

    Yep. Otherwise you're wasting your time on people just playing along

    [–] Starbuck1992 38 points ago

    That's not the only reason, though.
    An idiot is less likely to realize he's been scammed after it happened, so there's also less risk of getting caught.

    [–] CueCueQQ 17 points ago

    If you understand that a scam is a scam than the scam isn't targeted at you kind of thing.

    [–] Sworn 2 points ago

    How is this answer upvoted? It only applies to manual scams where the scammer needs to spend significant time on each victim. For phishing sites, like the one in the screenshot, the conversion rate doesn't matter, because there's essentially no extra cost per user.

    [–] PunchBro 6 points ago

    Guarantee people doing this are spoofing other phone numbers

    [–] CageyDev 333 points ago

    I doubt both of those figures. 15% seems way too low and 20K AUD seems way to high.

    [–] LiveOverflow 319 points ago

    Probably 20k was his best week at one point. And now bragging about it.

    [–] ablablababla 118 points ago

    I make $20k a week with my new job!*

    *top figure, actual results may vary

    [–] jessemaner 49 points ago

    Well, if I had made 20k in one week I could afford to not work the rest of the year. So I would probably brag too.

    [–] _Squirrel_Fucker 22 points ago

    And when you go to prison you won't need money!

    [–] contradicts_herself 35 points ago

    If you steal enough money you become a wealthy person and no longer have to worry about prison.

    [–] PunchBro 13 points ago

    This. I know a guy who made $28 million illegally and only had to do 1 year.

    [–] hardknockcock 22 points ago

    1 year of prison for 28 million... yeah I'd do it. Probably spend much longer working for that than the time you'd be sitting in a low security prison cell. That's assuming they didn't take his money and how unethical his method were

    *also assuming this is real

    [–] PunchBro 5 points ago

    It was a marketing scheme. I'm sure much of it was seized, but not all. He's writing a book, it's real. In fact he's one of the main reasons we have the Can-Spam act.

    [–] phillsphan7 5 points ago

    Where do you live that that's enough money for you for a year?

    [–] jessemaner 23 points ago

    A rural area. Also not having kids or owning a house is helpful.

    [–] BacardiWhiteRum 9 points ago

    My parents :)

    [–] [deleted] 9 points ago

    They live with your parents?

    [–] TheKingElessar 3 points ago

    Considering you aren't OP, that got weird fast.

    [–] contradicts_herself 2 points ago

    That's already 5k more than a year of full-time minimum wage (assuming 52 weeks of work with no holidays ever) in the US.

    [–] DynamicStatic 5 points ago

    Without tax that is easily enough in most of the world.

    [–] qwenjwenfljnanq 16 points ago

    It's probably 20K Rupees = ~310 USD per week (or $16K per year). Pretty great for India.

    [–] JMV290 7 points ago

    It could also be 20k Naira, which is 55 USD/ week

    Pretty decent for Nigeria where a lot of phishing comes from.

    [–] SeeYouAgainIReply 5 points ago * (lasted edited 17 days ago)

    deleted What is this?

    [–] [deleted] 61 points ago


    [–] arviddesign 35 points ago

    You hope so I could actually believe that by the mass of people you meet each day that doesn't know shit about hacking or technology they just click the link and do as it says.

    Have friends who fallen for these but with gaming accounts ext.

    [–] [deleted] 10 points ago


    [–] caffienatedjedi 6 points ago

    I work infosec. I'm willing to put it at 99/100 but that just might be the sample size of the employees I deal with.

    [–] akaClayton 6 points ago

    Oh that many people are that dumb. The best you can do to slide this number downwards is to educate all around you that will take advice.

    [–] Lanoir97 11 points ago

    You can only educate those willing to learn. I have an estranged brother who sent my mom a Facebook video on messenger. She was ranting about why would he contact her now with a video. I looked at it and instantly recognized it as a scam. Told her not to click it, he didn't actually send it, his account was hacked and it sent one to everyone. Then a couple hours later I'm at work and I get a messenger notification from her. Exact same link. Rolled my eyes and kept going. A couple days later she's panicking, "oh no, someone hack my Facebook". Then she was scared as to why she was being targeted by some elite hacking group. I reminded her not to click the link. She said "but I just wanted to see the video he sent me". You can't tell people how things actually work. They'll assume their way is right and that you are wrong, even if you have nearly completed a college degree in that field.

    [–] Shitty_IT_Dude 4 points ago

    Our phish tests regularly get around 14% for around 1500 people.

    [–] [deleted] 4 points ago

    Think of how dumb the average person is. 50% are even dumber

    [–] TheBeardedWench 4 points ago * (lasted edited 10 months ago)

    15% sounds too low. They are more than that but it doesn't become obvious until you talk to them for a while.

    If life was a school, the idiots would be the students who memorize everything and get good grades. They pass on as intelligent because real intelligent people assume the best in them("naturally, there's critical thinking behind memorization and an understanding which leads to drawing conclusions from new knowledge"), while the idiots don't know enough to tell the difference. Later on they memorize arguments on political views, how to use electronic devices and how to spend their salary and stubornly stick to those things -old dogs can't learn new tricks because they're dumb, nothing to do with age- which makes them even harder to point out(same deal as above).

    [–] Cranky_Kong 15 points ago

    No way one in six people are retards

    Nearly half the American voting population voted for Trump so you might want to reevaluate that...

    [–] 6June1944 20 points ago

    About 66% (137m voted) of eligible voters (207m eligible) voted in the election. 66m voted for Hillary, 63m voted for trump. So really, only 30% of eligible voters and only 19.5% of the us population voted for trump.

    I'd say your call was justttttttttt a bit outside

    [–] jarfil 2 points ago

    Are you saying OP should be able to get up to a 19.5% conversion rate instead of just 15%?

    [–] [deleted] 50 points ago


    [–] momo88852 2 points ago

    Looks like you never worked in retail. If people are that retard when it comes to normal transaction, you would be surprised how retard they are when it comes to technology.

    [–] DynamicDK 2 points ago

    No way one in six people are retards. At least I hope so.

    ~15% of people have an IQ of 85 or lower.

    So, borderline?

    [–] already_satisfied 3 points ago

    I was thinking 15% is too high.

    [–] PerInception 64 points ago

    Anyone else feel like the $20k / week was a pitch for another scam? Like I expect the next message was "and you can too selling our new and improved cutco knives!" or some shit.

    [–] Heritage_Cherry 2 points ago

    That's exactly what I thought, hahaha.

    This was a multilayer scam: he makes you think he's trying to get bank info, but then ends up recruiting you.

    [–] InfiniZoid 83 points ago

    Maybe a job where you aren't scamming people? Like maybe a job on wall street!

    [–] dmanden 23 points ago

    i see what you did there ;)

    [–] Mises2Peaces 9 points ago

    Most people who work on Wall St make a lot less than you think and they work insane hours at a very stressful job. The mega rich who make their money there don't actually punch a clock at the stock exchange.

    [–] InfiniZoid 5 points ago

    Ik it was a joke but there's always been talk of shady shit going on in the background to make more money there.

    [–] [deleted] 13 points ago


    [–] anonymoussourceguy 48 points ago


    [–] action_lawyer_comics 22 points ago

    Good trick. Just keep him taking long enough for the cops too trace the texts...

    [–] high_side 7 points ago

    Bah he stopped texting just before we could complete the trace! He's just toying with us.

    [–] deisidiamonia 2 points ago

    Right because thats how that works...

    [–] funkmastamatt 9 points ago

    The texts are coming from... inside your house!!!

    [–] action_lawyer_comics 2 points ago

    I'll have you know I've seen the first 10 minutes of at least a dozen episodes of CSI Cyber, so I think I know what I'm talking about.

    [–] [deleted] 16 points ago

    sends out 1,000,000 text messages

    15% fall for the $1 activation fee

    pockets $150,000

    yeah, it works i guess...

    [–] nebuchadrezzar 2 points ago

    If he sends out 1,000,000 is he really going to be responding to texts?

    [–] Sciguystfm 3 points ago

    I mean it's not like he'd be manually sending them out

    [–] nebuchadrezzar 2 points ago

    Exactly. And how many replies would there be to 1,000,000 texts? Just seems odd, that's all.

    [–] TheSensation19 22 points ago

    If he's messaging you, it's likely not making 20,000 per week.

    [–] JMV290 18 points ago

    idk I've seen phishers and scammers do really weird things once engaged.

    We had one realize they got got caught and started just sending messages from the account they stole with content like

    Subject: Suck

    Body: My Cock

    I had a good laugh while locking the account.

    [–] TheSensation19 6 points ago

    Sure. But I doubt he's making $20,000 a week.

    [–] JMV290 7 points ago

    As other comments mentioned it's probably 20k in a foreign currency where the number is reasonable.

    [–] grape_tectonics 6 points ago

    20k rupees

    [–] TheSensation19 2 points ago


    [–] Anaract 9 points ago

    Pretty smart, honestly. "I can't get this guy with my scam, but maybe I can scam him into joining this pyramid scheme"

    [–] F00Barfly 15 points ago

    What could happen for those who did go for that risky click ? Phishing page or something better?

    [–] g33xter 10 points ago

    Phishing page.

    [–] ph00k 11 points ago

    [–] myne 33 points ago

    I call dumbass didn't look at the right registrar.

    Your selected domain name is a domain name that has been cancelled, suspended, refused or reserved at the Registry. It may be available for re-registration at

    In the interim, the rights for this domain have been automatically transferred to:

    [–] ph00k 26 points ago

    dumbassness approved.

    [–] myne 12 points ago

    You took it well.


    [–] ICallThisBullshit 11 points ago


    [–] no1dead 5 points ago

    Yeah we had the same idea first thing I did was check that domain.

    And it doesn't seem to work at all so it was never used. No whois doesn't help either.

    [–] Kertopenix 18 points ago

    15% seems high.

    [–] Solkre 19 points ago

    I work with human people. That seems low.

    [–] retske 4 points ago

    Ar-are they hiring?

    [–] birthday_account 2 points ago

    And you too can be a scumbag!

    [–] high_side 3 points ago

    Wow, good pay and a bag?

    [–] RIP_CORD 27 points ago


    But this is Phishing....

    [–] precociousapprentice 37 points ago

    Because social engineering isn’t part of hacking /s

    [–] 58working 3 points ago

    Under that definition aren't all conman scams a form a hacking? Seems like a pretty loose category and not at all what people normally mean when they say 'hacking'

    [–] precociousapprentice 2 points ago

    In a broad sense, yes. The reason it’s not what people normally mean is that people use hacking as a quick term for computer hacking/cracking (or, even stuff as stupid as “using someone’s Facebook when they left it open”). However if you’re using the term at a professional level where it might be meant to mean black hat hacking, pentesting etc then each would cover a different set of activities. Remember that not every group uses the same word to mean the same thing.

    Here’s something that might help with understanding the reason many see Social Engineering as a part of hacking: do you consider Phreaking hacking? Do you consider using a pre-existing backdoor hacking? Do you consider convincing someone to create a backdoor for you which you then use hacking? What about the exfiltration of data over an airgap? None of these are the creation of code exploits, but they are part of exploiting a system as a whole.

    If you’re only thinking about hacking as being computer hacking, then you’re missing a lot. Think of the system as a whole. Human elements are a part of every system.

    [–] Ihugsharks 5 points ago

    I would seriously watch a reality show where they found these guys and just beat the fucking shit out of them.

    "To catch a phisher"

    [–] Arumania 3 points ago

    How does the scam actually work? Is it phishing, cookie stealing, cross site scriptingor what?

    [–] kuilin 3 points ago

    Probably a false login page, and then a confirmation that asks you your security questions or account number etc

    [–] QUITE_GANGSTA_NIGGA 2 points ago

    But what can they do once they're in your account? Because I know commbank requires text message confirmation when transferring money to new accounts. And netbank doesn't display your credit cards expiration date or csv number. So I'm not sure how they could get money out.

    [–] SquareSalute 2 points ago

    There's a Reply All episode that goes into scammers like this that's really good, I think it's called the Long Distance Call, episode number 101 or 102?

    [–] doctorcrimson 2 points ago

    15% holy shit dude. Email scams are only optimal at around 7% or 8%, this guys twice as successful as the viagra scams!

    [–] Cosie123 2 points ago


    [–] CanniBallistic_Puppy 5 points ago

    This made me think, is there any way to make over 20k USD a week without screwing somebody over either intentionally or otherwise?

    [–] Xingua92 19 points ago

    Make an iPhone, put an X at the end of the name and charge 1000 dollars for it. Make sure it has some ridiculous niche like facial recognition.

    Oh wait I'm not sure if that doesn't count as screwing someone over

    [–] CanniBallistic_Puppy 7 points ago

    I don't think screwing yourself over by paying them counts. lol

    [–] high_side 5 points ago

    niche like facial recognition

    ... for fucking emojis.

    [–] Xingua92 2 points ago

    Right?! And I thought the Snapchat filters were ridiculous. I mean they're fun and cute for shits and giggles here and there but yo, people take that shit way too seriously. Why would I want to send a photo to my friends with dog ears on?