I hate SEO, it has always been the bane of my existence. I changed careers over it. And now, of course, AI SEO is so easily abused by scammers. LLMs are so suspectible to picking up...
I hate SEO, it has always been the bane of my existence. I changed careers over it. And now, of course, AI SEO is so easily abused by scammers.
LLMs are so suspectible to picking up misinformation. And malicious actors are already using it for their purposes. Shaping opinions has become even easier, they don't weigh veracity of information sources the same way humans would.
It doesn't seem to be a completely new problem, but the way Google Search works now, it's been given a new twist.
Here's what happens: The unfortunate victim Googles a company name looking for a contact number, then calls the number thrown up by AI. This doesn't actually lead to the company in question, but rather to someone pretending to be that company, who then tries to take payment information or other sensitive details from the caller.
It's not clear exactly how these fake numbers are being planted, but the best guess is that they're being published in multiple low-profile places online, alongside the names of major companies. AI Overviews then comes along and scoops them up, without running the proper checks to verify the information.
[...]
Google says it's actively fighting these scammers and that it’s continuing to roll out updates that make its spam-detection systems stronger. “Our anti-spam protections are highly effective at keeping scams out of AI Overviews and showing official customer support numbers where possible,” the company said in a statement to WIRED.
Of course, it's not just happening on Google Search. Security researchers have shown how malicious text can be hidden in emails—and presumably documents as well—which is then scraped and summarized by the AI, and served up to the user who takes it as accurate and authentic. The issue is also showing up in other AI search engines.
If want to remove AI overview for yourself or relatives: https://tenbluelinks.org/ It uses the OpenSearch specification to announce the Google search engine with the Url param udm=14 appended...
It uses the OpenSearch specification to announce the Google search engine with the Url param udm=14 appended (which opts out of AI overview). You can do this directly on Desktop browsers + Firefox for Android, but Chrome for Android doesn't allow you to add/edit custom search engines except via OpenSearch
This is so great! I love it! There are (many) people that have to learn the lessons of life the hard way. AI scamming them (due to poor checls on AI side, probably) is one such lesson. I see many...
This is so great! I love it!
There are (many) people that have to learn the lessons of life the hard way. AI scamming them (due to poor checls on AI side, probably) is one such lesson.
I see many people using the AI the way I would - as a tool. But I also see many people use it the bad way - as something that is telling them the only truth there ever was (they don't question the answer and they don't fact check). I say the first group will likely not fall for the scam. The second... Well, take a guess.
I feel for people that get scammed, but sometimes they really go out and search for someone who would scam them. This "AI summary is great" will get many people scammed. As I said in the beginning of the comment - they will learn hard way not to trust everything.
And in the meantime banks employ HTTPS (for a long time, I know), they have apps that needs you to have them linked ideally by visitimg the bank and proving you are you and then authenticating every wire transfer and so on... Only to find out it is ultimately the user's error who killed the whole system... Because the user was lazy to go into the app or search the bank's website directly.
I'm in favor of educating people about risks too. The Internet is not safe. But it seems like you've gone past that to blaming the victim for making an understandable mistake. Learning things the...
I'm in favor of educating people about risks too. The Internet is not safe. But it seems like you've gone past that to blaming the victim for making an understandable mistake. Learning things the hard way is not justice.
I was thinking people that does things mindlessly. They see first thing that seems like what they searched for and they are done, that's it, that is what they go with. They don't care about fact...
I was thinking people that does things mindlessly. They see first thing that seems like what they searched for and they are done, that's it, that is what they go with. They don't care about fact checking anything, they don't employ their own intelligence to ask themselves if that really is what they wanted.
Now the other commebt about grandlarents fallinh for the scam, that's whole another story. It is often them who fall for it and that may simply be because they grew up in different times and internet may be a bit too much for them. They may not know what HTTPS is, why it matters, why not to write down PIN of their credit card (they should know that though). They can fall for this easily because they don't know enough about modern times. I don't want to seem like I think they are stupid! I will hopefully be old at some point too and I'm certain that new tech at the time will be over my head as well.
In that case, it may simply be our fault. We should teach them to not do certain things, to not believe everything they see (especially with today's AI generated content). I tell all my older relatives to turn down anything they hear on the phone. If someone pressures them, just hang up. My grandparents are not, how to put it, young enough to use internet, so that's one down for me. My parents do though. And I keep reminding them the same thing. Hell, I keep reminding my wife. I also try to teach this to my kids - use internet as a tool, not let them be driven by it. And employ critical thinking.
I may have worded my first comment too harshly. Yet there are still people out there that will and have to learn the hard way. They think they are the best, they know eversthing and these must simply hit their head straight into the wall before they even just think about not being right for once. The people that don't want our advices or opinions or lectures. For these I'm kinda glad that this happened. Not for others though.
It still seems like you're hoping that somehow the overconfident people you have little sympathy for will get scammed, instead of people you like? Occasionally it might happen, but as a general...
It still seems like you're hoping that somehow the overconfident people you have little sympathy for will get scammed, instead of people you like? Occasionally it might happen, but as a general rule, the world doesn't work that way. Scammers don't care about that. They go after whoever happens to be vulnerable.
Justice doesn't happen as a side effect of criminals doing crime. It won't happen unless people build the systems to make it happen.
Yes, I'm hoping for that. I know the world doesn't work this way and I know there will always be scammers trying new things. This AI summary hijack just seems so over the top - making victims call...
Yes, I'm hoping for that. I know the world doesn't work this way and I know there will always be scammers trying new things.
This AI summary hijack just seems so over the top - making victims call you by themselves instead of taking your luck by calling them (from scammer's perspective)...
I read about people getting scammed very often. They take those 20-50 thousand euro loans because scammer wants them to, then withdraw the money a hand it over to someone they never saw in some back alley so their money is safe (scammer said so). How do you help these people? Police talks about it all the time, you read it in news, you see it on TV where police once again talks about it, only to wake up and see that somebody fell for it again.
Often times the bank, the real bank, stops the transfer only to get a call from client (victim) that feels oppressed by the bank and want to.make the tranfer anyway. Bank personel than describes that they think this might be scam and advice not to send money, yet the client still wants them to and so they do as they are ordered. How do you help these people?
When I see ads on Facebook that look like some of our most known news websites yet they link to some weird domain on which you find this great investment opportunity wrapped in CSS style of the news website, I think that Facebook should really do something about it. If there was ONE person for our country that would personally look over every ad that us served here this one person could probably save many victims. But Favebook has tompay this person and this person would decline many ads because they are scam. This is the opposite of win-win scenario for Facebook. While I drag it here? Because big corporations - Meta in this case and Google.in AI summary one, are the ones who are reaponsible for that just as the scammers themselves are. They are part of the chain and they (at least Facebook) does get money from the scams (payment for ads).
There are various ways to scam people. Some are personal (phone calls), some are broad (ads) and some are targeted specifically (fake numbers in AI summary) and many others probably. Some.of.those can be mitigated easily, but we all know that money is on the first place and if corporations get money from it and aren't/can't be prosecuted, they are gonna go with it. Do I have to tell my relatives to not use Google, Facebook, Instagram etc. to not get scammed?
I wish I could help people not get scammed, but I don't really see how. Many people just don't listen.
I did see a news story about this: SF retiree loses $500K life savings to pig butcher scam despite warnings from family, friends I'm puzzled by how people can be taken in by obvious scams, but...
I'm puzzled by how people can be taken in by obvious scams, but apparently it's a thing that happens. Still, we should be on the side of the victims, not the scammers. Even when the victims seem to have a screw loose, they don't deserve it.
Yeah, we should be. I didn't mean that I'm with the scammers. Just that many people will fall for this AI summary thing as it is very easy for scammers to get to them. Still, I don't understand...
Yeah, we should be. I didn't mean that I'm with the scammers. Just that many people will fall for this AI summary thing as it is very easy for scammers to get to them.
Humans are wired to support our community, particularly family and close friends. We all know parents have a strong (although not universal) tendency to hold irrationally positive views of their...
Humans are wired to support our community, particularly family and close friends. We all know parents have a strong (although not universal) tendency to hold irrationally positive views of their children, and consider this a normal part of being human.
Scammers have found the social cues that trigger that "family illogic" circuit in many people. It can't be fought be logic, because it's not logical. It can be fought by cultivating the relationship between you and victim to meet whatever social need the victim is filling by their interactions with the scammer. Which is incredibly time consuming and emotionally draining, and often not practical, but just knowing the cause and a potential way out is a base on which to build.
At a higher level, better understanding of the social cues that make people susceptible to scams can inform policy that encourages community connections that trigger those cues, and fill the associated emotional needs, in a safe and positive way. We don't have great public policy examples yet, but supporting work to figure those out and implement them is a better reaction than victim-blaming people for, basically, being genetically human.
I think that this character that you have built up is a vanishingly small part of the population. We build up trusted sources, and until recently google was fairly reasonably one of them. To this...
I think that this character that you have built up is a vanishingly small part of the population.
We build up trusted sources, and until recently google was fairly reasonably one of them. To this day I sometimes check google maps to confirm a phone number.
If someone targets an attack against a small business, I could reasonably see them disputing ownership on maps, overriding the listed number, and using the SEO attack listed to agree with maps and my internal filter would struggle at least. Bonus points if they mock the real website from localcompany.com to local-company.com or something with the same content spare the phone number change.
The core issue is that we are losing any kind of trusted sources for this information. It takes time for our bullshit filters to catch up to these things.
Thank you for your reply! Your words summed up.many of my thoughts that I failed to pass along by myself. Yes, things like localcompany.com and local-company.com, trusting phone numbers o Google...
Thank you for your reply! Your words summed up.many of my thoughts that I failed to pass along by myself.
Yes, things like localcompany.com and local-company.com, trusting phone numbers o Google Maps etc. As you said, we started trusting our sources. But as this example shows, we should probably question even these trusted sources nowadays.
The thing is that, forgive me, us, the technically more advanced users (or how to call "us") have sometimes our own doubts about it. And when we do, what about Average Joes? They will likely fall for it. I'm not saying I won't, to be clear! I don't think I'm some super-human or anything. I just read about it a lot and I think I'm technically a bit ahead of Average Joe. But one day I may fall for it just as well.
Scammers are smart and they will always be. It's what makes their "trade" work, after all.
The core issue is that we are losing any kind of trusted sources for this information. It takes time for our bullshit filters to catch up to these things.
Thats't it, basically. I 100% agree. There are peoplebwho catch up faster, others catch up slower and some don't ever.
I don't like or agree with this take. For years people have been told to at least try getting information from google before reaching for help from others. How long has the Let Me Google That For...
I don't like or agree with this take.
For years people have been told to at least try getting information from google before reaching for help from others. How long has the Let Me Google That For You site been running?
Now when the tech illiterate grandparents google "what is the number for [their electrical company]" and don't know the difference between the AI summary, the fake sponsored results, and their actual first result three screens down on their phone, we are supposed to say "that'll teach you!"?
I have started replying elsewhere and kinda tackled your comment as well. Please have a look there (and if you want, reply on that one, please, so we keep it under one thread). Simply put - it's...
I have started replying elsewhere and kinda tackled your comment as well. Please have a look there (and if you want, reply on that one, please, so we keep it under one thread).
Simply put - it's our job to teach vulnerable people to defend themselves against such scams. But there are also people who think they are the best and know everything and don't want our help. No remorse for those.
There will always be people who will fall for it. I read about someone taking a loan then withdrawing the money from the bank, putting it inside plastic bag and handing it to person they never saw...
There will always be people who will fall for it. I read about someone taking a loan then withdrawing the money from the bank, putting it inside plastic bag and handing it to person they never saw in some back alley. You can't help those.
Now it's even easier - thanks to their laziness, they will call scammers by themselves, no need to try scams, just wait until the victim phones you.
It always was and always will be about talking people into something you want them to do. Some will fall for it, some won't. Scammers have their ways to be persuasive or to get to their victims in other more creative ways - just like this example shows when they "infiltrated" AI summary.
I hate SEO, it has always been the bane of my existence. I changed careers over it. And now, of course, AI SEO is so easily abused by scammers.
LLMs are so suspectible to picking up misinformation. And malicious actors are already using it for their purposes. Shaping opinions has become even easier, they don't weigh veracity of information sources the same way humans would.
https://archive.is/21iHN
From the article:
[...]
[...]
If want to remove AI overview for yourself or relatives: https://tenbluelinks.org/
It uses the OpenSearch specification to announce the Google search engine with the Url param udm=14 appended (which opts out of AI overview). You can do this directly on Desktop browsers + Firefox for Android, but Chrome for Android doesn't allow you to add/edit custom search engines except via OpenSearch
This is so great! I love it!
There are (many) people that have to learn the lessons of life the hard way. AI scamming them (due to poor checls on AI side, probably) is one such lesson.
I see many people using the AI the way I would - as a tool. But I also see many people use it the bad way - as something that is telling them the only truth there ever was (they don't question the answer and they don't fact check). I say the first group will likely not fall for the scam. The second... Well, take a guess.
I feel for people that get scammed, but sometimes they really go out and search for someone who would scam them. This "AI summary is great" will get many people scammed. As I said in the beginning of the comment - they will learn hard way not to trust everything.
And in the meantime banks employ HTTPS (for a long time, I know), they have apps that needs you to have them linked ideally by visitimg the bank and proving you are you and then authenticating every wire transfer and so on... Only to find out it is ultimately the user's error who killed the whole system... Because the user was lazy to go into the app or search the bank's website directly.
I'm in favor of educating people about risks too. The Internet is not safe. But it seems like you've gone past that to blaming the victim for making an understandable mistake. Learning things the hard way is not justice.
I was thinking people that does things mindlessly. They see first thing that seems like what they searched for and they are done, that's it, that is what they go with. They don't care about fact checking anything, they don't employ their own intelligence to ask themselves if that really is what they wanted.
Now the other commebt about grandlarents fallinh for the scam, that's whole another story. It is often them who fall for it and that may simply be because they grew up in different times and internet may be a bit too much for them. They may not know what HTTPS is, why it matters, why not to write down PIN of their credit card (they should know that though). They can fall for this easily because they don't know enough about modern times. I don't want to seem like I think they are stupid! I will hopefully be old at some point too and I'm certain that new tech at the time will be over my head as well.
In that case, it may simply be our fault. We should teach them to not do certain things, to not believe everything they see (especially with today's AI generated content). I tell all my older relatives to turn down anything they hear on the phone. If someone pressures them, just hang up. My grandparents are not, how to put it, young enough to use internet, so that's one down for me. My parents do though. And I keep reminding them the same thing. Hell, I keep reminding my wife. I also try to teach this to my kids - use internet as a tool, not let them be driven by it. And employ critical thinking.
I may have worded my first comment too harshly. Yet there are still people out there that will and have to learn the hard way. They think they are the best, they know eversthing and these must simply hit their head straight into the wall before they even just think about not being right for once. The people that don't want our advices or opinions or lectures. For these I'm kinda glad that this happened. Not for others though.
It still seems like you're hoping that somehow the overconfident people you have little sympathy for will get scammed, instead of people you like? Occasionally it might happen, but as a general rule, the world doesn't work that way. Scammers don't care about that. They go after whoever happens to be vulnerable.
Justice doesn't happen as a side effect of criminals doing crime. It won't happen unless people build the systems to make it happen.
Yes, I'm hoping for that. I know the world doesn't work this way and I know there will always be scammers trying new things.
This AI summary hijack just seems so over the top - making victims call you by themselves instead of taking your luck by calling them (from scammer's perspective)...
I read about people getting scammed very often. They take those 20-50 thousand euro loans because scammer wants them to, then withdraw the money a hand it over to someone they never saw in some back alley so their money is safe (scammer said so). How do you help these people? Police talks about it all the time, you read it in news, you see it on TV where police once again talks about it, only to wake up and see that somebody fell for it again.
Often times the bank, the real bank, stops the transfer only to get a call from client (victim) that feels oppressed by the bank and want to.make the tranfer anyway. Bank personel than describes that they think this might be scam and advice not to send money, yet the client still wants them to and so they do as they are ordered. How do you help these people?
When I see ads on Facebook that look like some of our most known news websites yet they link to some weird domain on which you find this great investment opportunity wrapped in CSS style of the news website, I think that Facebook should really do something about it. If there was ONE person for our country that would personally look over every ad that us served here this one person could probably save many victims. But Favebook has tompay this person and this person would decline many ads because they are scam. This is the opposite of win-win scenario for Facebook. While I drag it here? Because big corporations - Meta in this case and Google.in AI summary one, are the ones who are reaponsible for that just as the scammers themselves are. They are part of the chain and they (at least Facebook) does get money from the scams (payment for ads).
There are various ways to scam people. Some are personal (phone calls), some are broad (ads) and some are targeted specifically (fake numbers in AI summary) and many others probably. Some.of.those can be mitigated easily, but we all know that money is on the first place and if corporations get money from it and aren't/can't be prosecuted, they are gonna go with it. Do I have to tell my relatives to not use Google, Facebook, Instagram etc. to not get scammed?
I wish I could help people not get scammed, but I don't really see how. Many people just don't listen.
I did see a news story about this:
SF retiree loses $500K life savings to pig butcher scam despite warnings from family, friends
I'm puzzled by how people can be taken in by obvious scams, but apparently it's a thing that happens. Still, we should be on the side of the victims, not the scammers. Even when the victims seem to have a screw loose, they don't deserve it.
Yeah, we should be. I didn't mean that I'm with the scammers. Just that many people will fall for this AI summary thing as it is very easy for scammers to get to them.
Still, I don't understand some of those victims.
Humans are wired to support our community, particularly family and close friends. We all know parents have a strong (although not universal) tendency to hold irrationally positive views of their children, and consider this a normal part of being human.
Scammers have found the social cues that trigger that "family illogic" circuit in many people. It can't be fought be logic, because it's not logical. It can be fought by cultivating the relationship between you and victim to meet whatever social need the victim is filling by their interactions with the scammer. Which is incredibly time consuming and emotionally draining, and often not practical, but just knowing the cause and a potential way out is a base on which to build.
At a higher level, better understanding of the social cues that make people susceptible to scams can inform policy that encourages community connections that trigger those cues, and fill the associated emotional needs, in a safe and positive way. We don't have great public policy examples yet, but supporting work to figure those out and implement them is a better reaction than victim-blaming people for, basically, being genetically human.
I think that this character that you have built up is a vanishingly small part of the population.
We build up trusted sources, and until recently google was fairly reasonably one of them. To this day I sometimes check google maps to confirm a phone number.
If someone targets an attack against a small business, I could reasonably see them disputing ownership on maps, overriding the listed number, and using the SEO attack listed to agree with maps and my internal filter would struggle at least. Bonus points if they mock the real website from localcompany.com to local-company.com or something with the same content spare the phone number change.
The core issue is that we are losing any kind of trusted sources for this information. It takes time for our bullshit filters to catch up to these things.
Thank you for your reply! Your words summed up.many of my thoughts that I failed to pass along by myself.
Yes, things like localcompany.com and local-company.com, trusting phone numbers o Google Maps etc. As you said, we started trusting our sources. But as this example shows, we should probably question even these trusted sources nowadays.
The thing is that, forgive me, us, the technically more advanced users (or how to call "us") have sometimes our own doubts about it. And when we do, what about Average Joes? They will likely fall for it. I'm not saying I won't, to be clear! I don't think I'm some super-human or anything. I just read about it a lot and I think I'm technically a bit ahead of Average Joe. But one day I may fall for it just as well.
Scammers are smart and they will always be. It's what makes their "trade" work, after all.
Thats't it, basically. I 100% agree. There are peoplebwho catch up faster, others catch up slower and some don't ever.
I don't like or agree with this take.
For years people have been told to at least try getting information from google before reaching for help from others. How long has the Let Me Google That For You site been running?
Now when the tech illiterate grandparents google "what is the number for [their electrical company]" and don't know the difference between the AI summary, the fake sponsored results, and their actual first result three screens down on their phone, we are supposed to say "that'll teach you!"?
I have started replying elsewhere and kinda tackled your comment as well. Please have a look there (and if you want, reply on that one, please, so we keep it under one thread).
Simply put - it's our job to teach vulnerable people to defend themselves against such scams. But there are also people who think they are the best and know everything and don't want our help. No remorse for those.
If people learn to not be scammed, why are there highly successful scam centres?
There will always be people who will fall for it. I read about someone taking a loan then withdrawing the money from the bank, putting it inside plastic bag and handing it to person they never saw in some back alley. You can't help those.
Now it's even easier - thanks to their laziness, they will call scammers by themselves, no need to try scams, just wait until the victim phones you.
It always was and always will be about talking people into something you want them to do. Some will fall for it, some won't. Scammers have their ways to be persuasive or to get to their victims in other more creative ways - just like this example shows when they "infiltrated" AI summary.