They don't even need to actually vibecode the emails. Some scam reached my gmail inbox for the french railway company advantage card at a "too low to believe" price. They just downloaded an original email, replaced content urls to their own host and all links to their scam page. Yes, all links even the socials lol. There's one link that was removed instead of replaced (but the text was still there): the unsubscribe notice. I didn't check the page but the email was well done since it just was an edited official one and if the page was equally made I'm sure at least some people got scammed there.
The (now possibly vibe-coded) email clients hiding link destinations and the real senders' addresses as well as making it very hard to see the actual message content including all headers don't help either. Scammers might get the visible body content very convincing, but one look at the Received: and From: headers is still a reliable way to discern.
definitely a big issue especially with all the big places now vibe coding and leaking all our damned data in plaintext. a lot of people are getting hit real hard now. its not a joke or overstatement.
I've noticed a gigantic uptick in text messages and phone calls where people try to bypass the call screening. It may get to the point where I'll only want to see comms from people in an allowlist.
My standard response in such cases is “Hello unknown number, who are you and why should I not immediately hang up?”.
The response “Am I speaking to…” gets cut off with “Nope, you answer my questions first”. If they _must_ speak to Mr [MySurname] I claim to be my PA and that they aren't talking to him(me) without convincing me they aren't a junk call first. If I have a few minutes to spare, it can be quite an entertaining little game keeping them on the line so they can't be conning someone more vulnerable. Unfortunately must junk calls these days are either initially automated or the humans are wise to people like me being a waste of their time so they hang up cutting that fun short.
I solved this by renting small office that has reception and they handle deliveries. They are not far and so if I get something I get a text and then I collect when is convenient for me. I really hate waiting for couriers to ring, so it's a massive stress relief.
This is hardly new, and it goes far beyond spam emails. Most of the content produced and consumed on the internet is now done by machines. A human may or may not benefit from directing a machine to do this, and the ways they do are often highly opaque, with several layers of indirection. It doesn't take a genius to see that this is ushering in a new era of scams and spam.
"AI" companies are responsible for this mess. They should be held accountable for digging us out of it.
That LLMs are enabling more use cases to hurt us than help us is too obvious to deny. But too many people think they're going to be the ones getting rich from it so they pretend it's not the case.
They don't even need to actually vibecode the emails. Some scam reached my gmail inbox for the french railway company advantage card at a "too low to believe" price. They just downloaded an original email, replaced content urls to their own host and all links to their scam page. Yes, all links even the socials lol. There's one link that was removed instead of replaced (but the text was still there): the unsubscribe notice. I didn't check the page but the email was well done since it just was an edited official one and if the page was equally made I'm sure at least some people got scammed there.
At this point, if you give out your email and not aliases; it is on YOU.
The (now possibly vibe-coded) email clients hiding link destinations and the real senders' addresses as well as making it very hard to see the actual message content including all headers don't help either. Scammers might get the visible body content very convincing, but one look at the Received: and From: headers is still a reliable way to discern.
It is better to use the term phishing for spam that is attempting to comprimise your security, over just trying to sell something.
LLMs are interesting for phishing as they allow personalisation. Spam is no longer, well exactly the Monty Python meaning.
Blacklisting Phone numbers and IP are gonna become extreme now, to the point it wont allow any unknown number/email without `karma` to reach anyone.
definitely a big issue especially with all the big places now vibe coding and leaking all our damned data in plaintext. a lot of people are getting hit real hard now. its not a joke or overstatement.
I've noticed a gigantic uptick in text messages and phone calls where people try to bypass the call screening. It may get to the point where I'll only want to see comms from people in an allowlist.
I don't answer the phone from anyone I don't know. If it is something important, they'll find a way to reach me.
Same, except for when I’m expecting a delivery, then I tend to answer calls from unknown numbers.
My standard response in such cases is “Hello unknown number, who are you and why should I not immediately hang up?”.
The response “Am I speaking to…” gets cut off with “Nope, you answer my questions first”. If they _must_ speak to Mr [MySurname] I claim to be my PA and that they aren't talking to him(me) without convincing me they aren't a junk call first. If I have a few minutes to spare, it can be quite an entertaining little game keeping them on the line so they can't be conning someone more vulnerable. Unfortunately must junk calls these days are either initially automated or the humans are wise to people like me being a waste of their time so they hang up cutting that fun short.
I solved this by renting small office that has reception and they handle deliveries. They are not far and so if I get something I get a text and then I collect when is convenient for me. I really hate waiting for couriers to ring, so it's a massive stress relief.
This is hardly new, and it goes far beyond spam emails. Most of the content produced and consumed on the internet is now done by machines. A human may or may not benefit from directing a machine to do this, and the ways they do are often highly opaque, with several layers of indirection. It doesn't take a genius to see that this is ushering in a new era of scams and spam.
"AI" companies are responsible for this mess. They should be held accountable for digging us out of it.
That LLMs are enabling more use cases to hurt us than help us is too obvious to deny. But too many people think they're going to be the ones getting rich from it so they pretend it's not the case.
Full circle.
... does't matter if they got flagged as spam.