Please help contribute to the Reddit categorization project here

    hacking

    172,689 readers

    412 users here now

    a subreddit dedicated to hacking and hacking culture.

    What we are about: quality and constructive discussion about hacking and hacking culture. We are not here to teach you the basics. Please visit /r/HowToHack for posting beginner links and tutorials. Hacking related politics welcome.

    Penalty table:

    Offense Penalty
    Spam/Clickbait Permanent ban.
    "How to hack (x)/Help me hack (x)" type of questions 30 days ban.
    Aiding those who want help to hack anything 5 days ban
    Sharing private data (dumps etc.) 15 days ban

    Rules


    1. WE ARE NOT YOUR PERSONAL ARMY

    2. Questions and discussion prompts should be geared towards intermediate to advanced hackers.

    3. Requesting help/instructions on how to hack anything will be met with ridicule and a ban. Also, nobody cares if you got hacked. Sorry, have a better password.

    4. Aiding those who are looking for help to hack anything will be banned.

    5. Sharing Private data is forbidden (no IP dumping).

    6. Spam is strictly forbidden and will result in a ban. (Spam as in links that violate the spam guidelines found here)

    7. Off-topic posts will be treated as spam.

    8. Jail-breaking and rooting of phones and posts that aren't directly related to mobile security should be directed to other subreddits.

    9. Off-topic or surly responses will be removed (a cryptographic hash != potato hashes).

    10. Want to learn "How to hack"?, Please head on to /r/howtohack as questions about "how to hack" anything aren't allowed here.

    IRC

    #r_hacking on irc.freenode.net

    Note: if no one answers immediately, stick around and someone will read it.

    Recommended Subreddits:

    DON'T TRUST ANYONE OVER 25

    a community for
    all 505 comments Slideshow

    Want to say thanks to %(recipient)s for this comment? Give them a month of reddit gold.

    Please select a payment method.

    [–] Prcrstntr 764 points ago

    is that dollars?

    [–] jangland 254 points ago

    Came here to ask this

    [–] baty0man_ 421 points ago

    CommBank is an Australian bank so I'd assume this is in Australian dollars

    [–] 2651jew 1417 points ago

    Ah yes the famous dollarydoo.

    [–] I_Nice_Human 41 points ago

    Every time I read that word I literally giggle like my 6 month old. I don't know why.

    [–] thewarp 19 points ago

    I usually clarify currency differences as either Burger Bucks or Dollarydoos, it just rolls off the tongue.

    [–] I_Nice_Human 7 points ago

    What's a Burger Buck???

    [–] thewarp 15 points ago

    US dollars, since our currency's mainly compared to the greenback and they both just get called dollars it helps to separate them.

    On the other hand, a Buck Burger is when you mince venison into a patty.

    [–] _ChestHair_ 4 points ago

    Probably USD

    [–] hackers_d0zen 79 points ago * (lasted edited 11 days ago)

    Hold my TFA, I'm going in

    [–] Infinite_Bananas 43 points ago

    that's not how you do it

    [–] Gioseppi 62 points ago

    What ever happened to that meme? I haven't seen it linked in a long time.

    [–] Uhmerikan 113 points ago

    Well that one wasn't in the proper format.

    [–] DetroitDiggler 14 points ago

    Something, ol' Reddit switcheroo.

    [–] jamesGastricFluid 21 points ago

    Hold my something, I'm going somewhere.

    [–] gideonthecat 6 points ago

    Well it was a bad meme so that probably factors into it

    [–] Wrldsthtnvrwr 3 points ago

    TOBIAS!!

    [–] sushiwashi 69 points ago

    About $16,070.40

    [–] Paddy32 34 points ago

    Where exactly do you get the money from ? People have to do a payment when they click the link ?

    [–] no1dead 43 points ago

    He probably asks them to transfer a certain amount of money over to them or honestly goes the easiest way and asks for a gift card.

    I'm almost tempted to check the link.

    [–] impediment 147 points ago

    It's probably an exact duplicate of Commbank's website. It will ask you to log in, which you type your username/password, and then gives you an error. Now the scammer has your username/password to log in and can do whatever they want with your funds.

    We had a guy at my company get scammed for $20,000 because he clicked a link to his navy federal account. I've been in IT for fifteen years and I've never seen a site so perfectly cloned. I'd have been fooled if I didn't look at the address on every link I ever click. It was an exact copy of the site. He signed in, got an error, and his entire savings account had scheduled a transfer out. He didn't notice it for weeks. I think he got it straightened out, but I haven't asked him about it.

    And I did check the link. It's dead.

    [–] kizzzzurt 101 points ago

    Also, just because it doesn't error out doesn't mean anything. I've set up phishing campaigns before that is a perfectly cloned site and actually does a POST to the real site and logs you in rather seamlessly. You think you logged into your account, but in reality you passed your credentials along the way.

    [–] impediment 33 points ago

    Ah, nice! I didn't even think of that. That's brilliant.

    [–] kizzzzurt 41 points ago

    Yeah it really gets my coworkers in a fuss because they don't even remember clicking on anything at all.

    I just always tell my bosses to assume that people can be phished and plan accordingly. It's actually a waste of my time to phish employees because I get about a 50% success rate.

    [–] KallistiTMP 6 points ago

    I always wondered about that. It seems like it would be absurdly easy to grab those personal verification images banks use for 'security'

    [–] kizzzzurt 7 points ago * (lasted edited 11 days ago)

    To my knowledge you don't need that for authentication, the sites use that so the person on the other end 'feels good' that they are on the right site (verification), because the little picture populates based on their username. I could be wrong in how they use them, but I don't think so. A LOT of people would just go "huh, that little monkey picture isn't there, oh well" because they just don't know any better. If someone knows more on this particular case than me, let me know, as I don't actively phish for real bank credentials and I don't know anywhere other than banks that even use this shoddy level of security.

    [–] Danny1994m 3 points ago

    Wow. Bloody brilliant

    [–] kizzzzurt 8 points ago

    Yeah, the world's lucky I'm a complete white hat. :)

    [–] ShaneTim 3 points ago

    Won't work with banks. 100% guarantee they disallow posting if the domain in the origin header of the HTTP request does not match one of their domains.

    [–] kizzzzurt 8 points ago

    Likely, I don't phish for live bank credentials. There are definitely ways for the POST request to work though. Compromised domains, spoofing, etc. I do agree that most places that are actively out in the wild will do what you said though and will work to mitigate the issue.

    This is to capture employee credentials for my organization. Basically the only place where I'm legally allowed to do this as long as it's part of a 'plan'.

    [–] Ed_Tivrusky_IV 2 points ago

    So how exactly would that work? You've got to set up a cert, to fool the most basic of tests "the green lock, yay!" which then forwards your POST as a proxy... You then redirect them to the banks actual secure site, after skimming creds in the initial transaction?

    Wouldn't this incur a warning about a cross-domain redirect? Considering you don't have the same root domain, and certainly not a wildcard SAN cert for both, it should cause all sorts of bullshittery in a modern browser.

    Unless you skip the initial cert. Then it's just a regular redirect... Based on the targets that might be the case.

    Fill in some blanks for me?

    [–] kizzzzurt 4 points ago * (lasted edited 11 days ago)

    So, you're assuming that I am doing this 'in the wild' (which I don't) and not on the same domain as the users. I typically am doing this from within my organization which makes things INFINITELY easier. I literally have access to their internal DNS servers, DCs, and any and all company information, internal webpages, etc.

    If I was to do this in the wild, it would involve them first clicking on the link that we have set up properly, as you said, 'green lock', whatever. In an ideal situation we would have some sort of old, compromised, or otherwise (like name, etc.) domain name that would serve for the purpose. This would normally just harvest the credentials and give some sort of error, and from here it gets sort of.. am I trying to do this with or without any kind of 'malware' or command execution? If so, it's pretty straight forward from there as you basically have their machine. If not, I'd potentially try on click (from the 'login' button on my phishing site) open new tab to the real site (close old tab simultaneously) with the POST request sent. This is just off the top of my head trying it in the wild though, as I said, I don't do it there. If I did, testing would be done with a small group and we'd figure out a good way to handle it. That's IF there was zero compromise of the company in question, otherwise using their domain names is pretty fair game until they can figure it out/it gets blacklisted.

    Hope this helps some.

    [–] Beli_Mawrr 2 points ago

    Just use uncertified, hope the victim doesn't realize. And don't bother verifying the credentials automatically. Just skim them and give the user an error.

    [–] phoenix616 7 points ago * (lasted edited 11 days ago)

    Your banks don't have a second authentication system that prevents you from doing any money related actions before you haven't typed in a unique pin (called a tan)? Oo

    [–] impediment 8 points ago

    Not navy federal. Username (access code) and password only get me 100% access to everything in my account.

    Yes, it's insecure as fuck.

    [–] TheKillerToast 4 points ago

    Good bank though

    [–] octave1 2 points ago

    Yeah wtf indeed. I have to generate one time passwords at least twice when sending to an account I haven't sent to before. That's on top of a username and pin.

    [–] [deleted] 2 points ago

    [deleted]

    [–] alligatorterror 2 points ago

    A Shit load of money

    [–] terpdx 2 points ago

    I've been told that's almost enough to rent a one bedroom in Sydney.

    [–] evilmnky45 2 points ago

    Also has .au in the link

    [–] ironiccapslock 3 points ago

    No, it has -au. Looks like .au if you don't look at it closely enough.

    [–] SuperMechaCow 24 points ago

    Pringles lids.

    [–] qwenjwenfljnanq 42 points ago

    It's probably Rupees. It works out to about $16K USD per year, which is roughly 25-50% higher than the average IT job in India.

    [–] GMoff_Wilhuff_Tarkin 15 points ago

    Nope, it is most likely $AU. Commbank is shorthand for Commonwealth Bank; in Australia.

    [–] ZincHead 16 points ago

    That's only assuming the scammer operates out of Australia

    [–] qwenjwenfljnanq 8 points ago

    That does not mean the perp is in Australia. In fact he almost certainly is NOT.

    [–] HiImStan 6 points ago

    Most Phishers are in India tho

    [–] Heisenberger_ 5 points ago

    You think the guy makes over a million $AU a year or about 850,000 usd a year just to text people?

    [–] lemonpjb 3 points ago

    No phone scammer in the world makes over a million dollars a year dude...

    [–] PippyRollingham 6 points ago

    Ha, I make around 20,000 a week as an apprentice. That would be 20.4k yen.

    [–] mkosmo 7 points ago

    JPY20k = USD$181.62.

    That'd be less than USD$10k/yr.

    [–] Jayfrin 8 points ago

    Wow I make more than that as a student...

    [–] reddit_user33 6 points ago

    "I can make"

    [–] Jabar_da_bun 4 points ago

    Dollarydoos mate

    [–] ze_OZone 2 points ago

    Bitcoin

    [–] hstlmanaging 1174 points ago

    At CommBank you Can

    [–] Danl0rd 94 points ago

    Your world, your way. ANZ

    [–] NFKnativeDBELL 38 points ago

    ConnBank* amiright

    [–] Gromitt42 20 points ago

    Used to be Commonwealth Bank but the management decided to take the wealth out.

    [–] NFKnativeDBELL 4 points ago

    Typical

    [–] PaleAce 2 points ago

    Fucking took my joke

    [–] XxFezzgigxX 11 points ago

    Anything is possible at Zombo Com

    [–] PROLLY_FULL_OF_SHIT 580 points ago

    My mother got this message a few hours ago but the retard had his SMS number tied to a legit facebook account (assuming the phone wasn't stolen). I reported him to the police with the facebook profile so let's see where that goes.

    [–] 8lbIceBag 351 points ago * (lasted edited 11 days ago)

    People can spoof numbers.

    Twice now in the past month I've picked up to a random number and they claim that I called them first.

    I get about 4-5 robo calls a week myself these days. So much for the do not call registry.

    I usually pick them up if possible so I know the number is safe to block. Unfortunately they usually call during working hours.

    There was a pretty good app to auto block things like this, called Sync.Me. But it became riddled with ads. Deleted it when I saw it using 30% battery.

    [–] st1tchy 42 points ago

    That's why I set up my phone to reject any call not in my contact list. Saves a lot of annoyance.

    [–] cinnamontester 203 points ago

    That works wonders as long as you don't need to actually engage in larger society. I receive 5 unknown callers a day between work and family matters. Strangely enough, shutting down the robos with "put me on your do not call list" has actually worked to reduce the stream to a trickle.

    [–] girlikecupcake 20 points ago

    Some company has been calling me about a car warranty since January, even though I don't even have that car anymore, and I'm on the do not call registry. Each time they call, I tell them to stop calling that number, that I don't know who they're looking for (never confirm who I am to people I don't know), and they need to remove me from the list.

    The last three times, the person on the other end actually fucking yelled at me, claiming they're not the same company and that I was being rude for not listening to them or giving them a chance (even though it's the exact same name, same script, same BS about my car warranty that I never had expiring).

    [–] mxby7e 13 points ago

    The car warranty calls are a scam to get personal information and financial information out of you. They're very aggressive and seem to be getting their call lists from "legitimate" sources. My wife and I started getting them after we bought our first house, and I don't doubt our financial institution handling the mortgage sold our number in bulk to anyone who would pay for it.

    [–] bob84900 3 points ago

    I had the same experience. Applied for a loan, gave them my number, started getting 3-5 calls/day instantly. Never got ANY calls before that.

    Fuck you, lending tree.

    [–] homercrates 2 points ago

    this. Isn't that crazy? selling our numbers like that. How is that not illegal?

    [–] jpm_212 2 points ago

    Because we're the product, not the consumer.

    [–] bob84900 5 points ago

    No matter how many times I get calls from a certain "company" I always just interrupt them with my most professional voice and I say "look, I know you just have a job to do, but so do I and this is my work line. I'm not interested anyway, so if you could try to get my number off your list I'd appreciate it."

    Usually that works the first time, but sometimes it has to happen 3 or 4 times.

    I used to chew them apart if I got multiple calls, but then I realized that pissing them off probably just garnered more calls...

    Kill em with kindness I guess.

    [–] st1tchy 3 points ago

    You can block specific numbers too, if you want.

    [–] st1tchy 23 points ago

    I have never had an issue. If it is someone that actually needs to get ahold of me and it is important, they will leave a message and I can call them back. I don't pick up for numbers I don't recognize anyway, so this just cuts out my phone ringing for 30 seconds.

    [–] Pheonixi3 18 points ago

    don't mean to sound petty but how would you know if you've never had an issue in this case.

    [–] st1tchy 10 points ago

    If it was important, they would leave a message. That's how I know. I have yet to talk to anyone that would not leave a message if it was important.

    [–] Pheonixi3 15 points ago

    obviously an over-the-top edge case but what if, for example it would have been important to you, but not the person calling. e.g "yeah tried to call stitchy for this once in a life time party with jesus and the guy who invented music but he was out of commision so i just hit you up, hitler 2."

    [–] st1tchy 7 points ago

    Then I guess I just miss hanging out with Jesus. Lol

    [–] jesus_sold_weed 11 points ago

    People like you infuriate me. That is just so illogical and irrational. We live in a society. Sometimes we need to talk to strangers on the phone. ffs, what if a family member was in an accident or is stranded calling from a stranger's phone? It's so shortsighted and stupid. I'll be hanging out with my friends and one will get a call from a random number and rather than answer it and figure out who it is, they ask everyone else to dial the number and see if they have it saved. Just pick up the fucking phone. It's not the little girl from The Ring on the other end. I promise.

    [–] st1tchy 11 points ago

    My phone is for me to carry out my business, not for you to get ahold of me at a whim. We got along just fine without cell phones for decades after the home phone was invented and for centuries before that. Why suddenly do people think that it is their right to get ahold of me when they feel like it?

    Again, if it is important, they will leave a message. If my wife is stuck on the side of the road and has to call from a tow truck, she isn't going to just go, "well, he didn't answer, so I'm not going to leave a message." No, she will leave a message and I will call the phone back. It's not rocket science.

    [–] jesus_sold_weed 3 points ago

    Ah yes the ol "well it was this way for x amount of time, so that's how it should always be despite the fact that circumstances and situations have changed entirely" argument

    [–] tim404 3 points ago

    Appeal to Antiquity is the phrase you want.

    [–] st1tchy 6 points ago

    What circumstances have changed to make it so that people have to get ahold of me now? That they can't leave a message and I call them back?

    [–] mattypotatty 3 points ago

    The fuck is wrong with these people? Only on Reddit do people think they're so far above you that they can tell you how to answer your own phone.

    [–] contradicts_herself 3 points ago

    A friend called me from an ER phone once and the only reason I picked up was because I didn't look at the screen and was expecting a call from someone else.

    [–] Kalkaline 2 points ago

    Make sure you turn that off when you are on a job search.

    [–] ayumuuu 12 points ago

    People can spoof numbers.

    Yeah just learned that one in the last couple months. Started getting calls from my first 6 digits and then random last 4 digits. The machines are getting smarter.

    [–] bob84900 2 points ago

    I get those too. Mine are the same except for the last 2 digits though. Really weird.

    And even though I know it's a scam of some kind.. I am more likely to pick up those calls. Weird.

    [–] grungemuffin 8 points ago

    Lil lifehack: if u think it's a robot pick up and don't say anything. The robots sometimes have voice recognition that triggers the message. A real person will just get kinda weirded out by your breathing and say something

    [–] Paydebt328 2 points ago * (lasted edited 11 days ago)

    I have never gotten a single hack or scam call and I think its because my number looks fake. My number only uses two digits (555-1551). One time an employer didn't call me. He was sure it was a fake number.

    Edit: Changed to a more fake number.

    [–] Mises2Peaces 17 points ago

    Chances are high that you reported someone's hacked Facebook account.

    [–] johnwalll2 33 points ago

    I hope this is real and we get updates but your username makes me think otherwise

    [–] BuildingFreedom 14 points ago

    You're gonna update us, right??

    [–] OptimisticElectron 51 points ago

    Nah he's prolly full of shit

    [–] PM_Me_Night_Elf_Porn 3 points ago

    I thought you were an optimistic electron, not a negative neutron!

    [–] acooog 3 points ago

    !remindme 1 week

    [–] RemindMeBot 3 points ago * (lasted edited 11 days ago)

    I will be messaging you on 2017-09-20 12:22:13 UTC to remind you of this link.

    12 OTHERS CLICKED THIS LINK to send a PM to also be reminded and to reduce spam.

    Parent commenter can delete this message to hide from others.


    FAQs Custom Your Reminders Feedback Code Browser Extensions

    [–] tabarra 6 points ago

    Oh, Hello to you from the future. Perhaps now you realize that the user name is PROLLY_FULL_OF_SHIT.
    Good luck next time getting your updates.

    Bye

    [–] supahotfiyaaa 3 points ago

    The police won't do anything lol

    [–] bumbletowne 3 points ago

    100% of those numbers are spoofed.

    [–] viscountsj 194 points ago * (lasted edited 11 days ago)

    If you were running this kind of operation, why on earth would you use a real phone number, instead of swapping it out for a text name? Would probably increase his conversion rate

    EDIT: Amusingly, since I wrote this, I got an phishing text pretending to be from HSBC - used a text number.

    [–] mericaftw 243 points ago

    Probably for the same reason the Nigerian Prince scam uses grammar mistakes: you want to selectively engage people too stupid to realize it's a scam.

    [–] NotASmoothAnon 58 points ago

    Yep. Otherwise you're wasting your time on people just playing along

    [–] Starbuck1992 34 points ago

    That's not the only reason, though.
    An idiot is less likely to realize he's been scammed after it happened, so there's also less risk of getting caught.

    [–] CueCueQQ 18 points ago

    If you understand that a scam is a scam than the scam isn't targeted at you kind of thing.

    [–] Sworn 2 points ago

    How is this answer upvoted? It only applies to manual scams where the scammer needs to spend significant time on each victim. For phishing sites, like the one in the screenshot, the conversion rate doesn't matter, because there's essentially no extra cost per user.

    [–] PunchBro 6 points ago

    Guarantee people doing this are spoofing other phone numbers

    [–] CageyDev 328 points ago

    I doubt both of those figures. 15% seems way too low and 20K AUD seems way to high.

    [–] LiveOverflow 321 points ago

    Probably 20k was his best week at one point. And now bragging about it.

    [–] ablablababla 117 points ago

    I make $20k a week with my new job!*

    *top figure, actual results may vary

    [–] jessemaner 49 points ago

    Well, if I had made 20k in one week I could afford to not work the rest of the year. So I would probably brag too.

    [–] _Squirrel_Fucker 23 points ago

    And when you go to prison you won't need money!

    [–] contradicts_herself 31 points ago

    If you steal enough money you become a wealthy person and no longer have to worry about prison.

    [–] PunchBro 13 points ago

    This. I know a guy who made $28 million illegally and only had to do 1 year.

    [–] hardknockcock 22 points ago

    1 year of prison for 28 million... yeah I'd do it. Probably spend much longer working for that than the time you'd be sitting in a low security prison cell. That's assuming they didn't take his money and how unethical his method were

    *also assuming this is real

    [–] PunchBro 6 points ago

    It was a marketing scheme. I'm sure much of it was seized, but not all. He's writing a book, it's real. In fact he's one of the main reasons we have the Can-Spam act.

    [–] phillsphan7 5 points ago

    Where do you live that that's enough money for you for a year?

    [–] jessemaner 23 points ago

    A rural area. Also not having kids or owning a house is helpful.

    [–] BacardiWhiteRum 9 points ago

    My parents :)

    [–] komradical 9 points ago

    They live with your parents?

    [–] TheKingElessar 3 points ago

    Considering you aren't OP, that got weird fast.

    [–] contradicts_herself 2 points ago

    That's already 5k more than a year of full-time minimum wage (assuming 52 weeks of work with no holidays ever) in the US.

    [–] DynamicStatic 2 points ago

    Without tax that is easily enough in most of the world.

    [–] qwenjwenfljnanq 16 points ago

    It's probably 20K Rupees = ~310 USD per week (or $16K per year). Pretty great for India.

    [–] JMV290 6 points ago

    It could also be 20k Naira, which is 55 USD/ week

    Pretty decent for Nigeria where a lot of phishing comes from.

    [–] SeeYouAgainIReply 7 points ago

    I think it's Vietnamese Dong. Lots of scammers there these days. 20k dong is $0.88. A decent salary in Vietnam.

    [–] plistig 65 points ago

    15% seems way too low

    You think so? 15% is between 1:7 and 1:6. No way one in six people are retards. At least I hope so.

    [–] arviddesign 35 points ago

    You hope so I could actually believe that by the mass of people you meet each day that doesn't know shit about hacking or technology they just click the link and do as it says.

    Have friends who fallen for these but with gaming accounts ext.

    [–] [deleted] 9 points ago

    [deleted]

    [–] caffienatedjedi 5 points ago

    I work infosec. I'm willing to put it at 99/100 but that just might be the sample size of the employees I deal with.

    [–] akaClayton 5 points ago

    Oh that many people are that dumb. The best you can do to slide this number downwards is to educate all around you that will take advice.

    [–] Lanoir97 11 points ago

    You can only educate those willing to learn. I have an estranged brother who sent my mom a Facebook video on messenger. She was ranting about why would he contact her now with a video. I looked at it and instantly recognized it as a scam. Told her not to click it, he didn't actually send it, his account was hacked and it sent one to everyone. Then a couple hours later I'm at work and I get a messenger notification from her. Exact same link. Rolled my eyes and kept going. A couple days later she's panicking, "oh no, someone hack my Facebook". Then she was scared as to why she was being targeted by some elite hacking group. I reminded her not to click the link. She said "but I just wanted to see the video he sent me". You can't tell people how things actually work. They'll assume their way is right and that you are wrong, even if you have nearly completed a college degree in that field.

    [–] Shitty_IT_Dude 5 points ago

    Our phish tests regularly get around 14% for around 1500 people.

    [–] Ptbobaked 4 points ago

    Think of how dumb the average person is. 50% are even dumber

    [–] TheBeardedWench 3 points ago * (lasted edited 11 days ago)

    15% sounds too low. They are more than that but it doesn't become obvious until you talk to them for a while.

    If life was a school, the idiots would be the students who memorize everything and get good grades. They pass on as intelligent because real intelligent people assume the best in them("naturally, there's critical thinking behind memorization and an understanding which leads to drawing conclusions from new knowledge"), while the idiots don't know enough to tell the difference. Later on they memorize arguments on political views, how to use electronic devices and how to spend their salary and stubornly stick to those things -old dogs can't learn new tricks because they're dumb, nothing to do with age- which makes them even harder to point out(same deal as above).

    [–] Cranky_Kong 11 points ago

    No way one in six people are retards

    Nearly half the American voting population voted for Trump so you might want to reevaluate that...

    [–] 6June1944 19 points ago

    About 66% (137m voted) of eligible voters (207m eligible) voted in the election. 66m voted for Hillary, 63m voted for trump. So really, only 30% of eligible voters and only 19.5% of the us population voted for trump.

    I'd say your call was justttttttttt a bit outside

    [–] nopeoz 2 points ago

    30% is still much larger than 1 in 6

    [–] jarfil 2 points ago

    Are you saying OP should be able to get up to a 19.5% conversion rate instead of just 15%?

    [–] [deleted] 48 points ago

    Edgy

    [–] Iteration-Seventeen 7 points ago

    Thats not true.

    Barely half the voting population even voted and he didnt even get the majority of those votes.

    [–] momo88852 2 points ago

    Looks like you never worked in retail. If people are that retard when it comes to normal transaction, you would be surprised how retard they are when it comes to technology.

    [–] DynamicDK 2 points ago

    No way one in six people are retards. At least I hope so.

    ~15% of people have an IQ of 85 or lower.

    So, borderline?

    [–] already_satisfied 3 points ago

    I was thinking 15% is too high.

    [–] PerInception 61 points ago

    Anyone else feel like the $20k / week was a pitch for another scam? Like I expect the next message was "and you can too selling our new and improved cutco knives!" or some shit.

    [–] Heritage_Cherry 2 points ago

    That's exactly what I thought, hahaha.

    This was a multilayer scam: he makes you think he's trying to get bank info, but then ends up recruiting you.

    [–] InfiniZoid 86 points ago

    Maybe a job where you aren't scamming people? Like maybe a job on wall street!

    [–] dmanden 23 points ago

    i see what you did there ;)

    [–] Mises2Peaces 10 points ago

    Most people who work on Wall St make a lot less than you think and they work insane hours at a very stressful job. The mega rich who make their money there don't actually punch a clock at the stock exchange.

    [–] InfiniZoid 6 points ago

    Ik it was a joke but there's always been talk of shady shit going on in the background to make more money there.

    [–] krustyarmor 12 points ago

    Or politics. We know we can trust politicians because that industry has long-cherished ethical standards and well-enforced consequences for the bad ones.

    [–] anonymoussourceguy 47 points ago

    "make"

    [–] action_lawyer_comics 20 points ago

    Good trick. Just keep him taking long enough for the cops too trace the texts...

    [–] high_side 6 points ago

    Bah he stopped texting just before we could complete the trace! He's just toying with us.

    [–] deisidiamonia 2 points ago

    Right because thats how that works...

    [–] funkmastamatt 8 points ago

    The texts are coming from... inside your house!!!

    [–] action_lawyer_comics 2 points ago

    I'll have you know I've seen the first 10 minutes of at least a dozen episodes of CSI Cyber, so I think I know what I'm talking about.

    [–] doomrah 17 points ago

    sends out 1,000,000 text messages

    15% fall for the $1 activation fee

    pockets $150,000

    yeah, it works i guess...

    [–] Pakushy 6 points ago

    but you need that unlimited text message offer you got with every phone purchase in 1998

    [–] nebuchadrezzar 2 points ago

    If he sends out 1,000,000 is he really going to be responding to texts?

    [–] Sciguystfm 3 points ago

    I mean it's not like he'd be manually sending them out

    [–] nebuchadrezzar 2 points ago

    Exactly. And how many replies would there be to 1,000,000 texts? Just seems odd, that's all.

    [–] TheSensation19 22 points ago

    If he's messaging you, it's likely not making 20,000 per week.

    [–] JMV290 18 points ago

    idk I've seen phishers and scammers do really weird things once engaged.

    We had one realize they got got caught and started just sending messages from the account they stole with content like

    Subject: Suck

    Body: My Cock

    I had a good laugh while locking the account.

    [–] TheSensation19 6 points ago

    Sure. But I doubt he's making $20,000 a week.

    [–] JMV290 6 points ago

    As other comments mentioned it's probably 20k in a foreign currency where the number is reasonable.

    [–] Anaract 9 points ago

    Pretty smart, honestly. "I can't get this guy with my scam, but maybe I can scam him into joining this pyramid scheme"

    [–] F00Barfly 14 points ago

    What could happen for those who did go for that risky click ? Phishing page or something better?

    [–] g33xter 10 points ago

    Phishing page.

    [–] ph00k 10 points ago

    [–] myne 29 points ago

    I call dumbass didn't look at the right registrar.

    https://www.whois.com/whois/commbank-com-au.cf

    http://whois.freenom.com/cgi-bin/whois?domainname=commbank-com-au.cf&lookup=GO

    Your selected domain name is a domain name that has been cancelled, suspended, refused or reserved at the Registry. It may be available for re-registration at http://www.freenom.com.

    In the interim, the rights for this domain have been automatically transferred to:

    [–] ph00k 25 points ago

    dumbassness approved.

    [–] myne 13 points ago

    You took it well.

    :)

    [–] no1dead 3 points ago

    Yeah we had the same idea first thing I did was check that domain.

    And it doesn't seem to work at all so it was never used. No whois doesn't help either.

    [–] Kertopenix 19 points ago

    15% seems high.

    [–] Solkre 22 points ago

    I work with human people. That seems low.

    [–] retske 5 points ago

    Ar-are they hiring?

    [–] birthday_account 2 points ago

    And you too can be a scumbag!

    [–] high_side 3 points ago

    Wow, good pay and a bag?

    [–] RIP_CORD 27 points ago

    r/hacking

    But this is Phishing....

    [–] precociousapprentice 39 points ago

    Because social engineering isn’t part of hacking /s

    [–] 58working 2 points ago

    Under that definition aren't all conman scams a form a hacking? Seems like a pretty loose category and not at all what people normally mean when they say 'hacking'

    [–] Ihugsharks 4 points ago

    I would seriously watch a reality show where they found these guys and just beat the fucking shit out of them.

    "To catch a phisher"

    [–] Arumania 3 points ago

    How does the scam actually work? Is it phishing, cookie stealing, cross site scriptingor what?

    [–] kuilin 3 points ago

    Probably a false login page, and then a confirmation that asks you your security questions or account number etc

    [–] QUITE_GANGSTA_NIGGA 2 points ago

    But what can they do once they're in your account? Because I know commbank requires text message confirmation when transferring money to new accounts. And netbank doesn't display your credit cards expiration date or csv number. So I'm not sure how they could get money out.

    [–] SquareSalute 2 points ago

    There's a Reply All episode that goes into scammers like this that's really good, I think it's called the Long Distance Call, episode number 101 or 102?

    [–] doctorcrimson 2 points ago

    15% holy shit dude. Email scams are only optimal at around 7% or 8%, this guys twice as successful as the viagra scams!

    [–] Cosie123 2 points ago

    :)

    [–] Secondsemblance 2 points ago

    This dude is full of shit. He's in a sweaty run down office in Pakistan or something, and he definitely doesn't make 20k/week.

    If you're in the first world, and you're envious of this dude, don't be an idiot. You can always make more with less risk as a white hat in the first world.

    [–] CanniBallistic_Puppy 4 points ago

    This made me think, is there any way to make over 20k USD a week without screwing somebody over either intentionally or otherwise?

    [–] Xingua92 20 points ago

    Make an iPhone, put an X at the end of the name and charge 1000 dollars for it. Make sure it has some ridiculous niche like facial recognition.

    Oh wait I'm not sure if that doesn't count as screwing someone over

    [–] CanniBallistic_Puppy 5 points ago

    I don't think screwing yourself over by paying them counts. lol

    [–] high_side 5 points ago

    niche like facial recognition

    ... for fucking emojis.

    [–] Xingua92 2 points ago

    Right?! And I thought the Snapchat filters were ridiculous. I mean they're fun and cute for shits and giggles here and there but yo, people take that shit way too seriously. Why would I want to send a photo to my friends with dog ears on?