Schneier on Security
A blog covering security and security technology.
« Friday Squid Blogging: Elbowed Squid |
| Mumbai Terrorists Used Google Earth, Boats, Food »
December 8, 2008
Interesting list of tourist scams:
I have only heard of this happening in Spain on the Costa del Sol, but it could happen anywhere. This scam depends on you paying a restaurant/bar bill in cash, usually with a €50 note. The waiter will take your payment, then return shortly after, apologetically telling you that the note is a fake and that you need to pay again. He will return the "fake" bill to you, and any change you're due. Of course, you gave him a REAL note, he gave you a FAKE note, and you gave him a second real note, so you paid €100 for a €50 meal. What I do now is write unobtrusively on all large notes I get, so I can challenge them if it happens to me.
Posted on December 8, 2008 at 6:54 AM
• 76 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I had a kid brother who went to Gran Canaria at the age of 8, spent an hour at the balcony watching a three-card monty scam or more interestingly where they stashed the money.
So when the police came and they ran, he climbed down, took the money and spend the rest of the afternoon watching them search all over the place.
Rather than defacing every note you use, you could just remember a couple of digits of the serial number before handing over a large note.
On second thought, memorizing digits doesn't make sense -- because then you would have no physical evidence to share with the would-be scammer. At best my solution would lead to a lot of disagreeing.
For checking your notes before you given them away:
There are special pens for writing on euro notes whose colour as transparent on real notes, but colours fake ones.
Further, there are very small UV flash lights. The UV light makes thin flourescent fibes visible (very colourful effect!) that are typically not in fake notes.
Also, a strong magnet does the trick (cheap ones are available online): real euro note ink is (weakly) magnetic.
Remember to keep the magnet far away from your wallet. Just in case you want to be able to use your creditcard in the future...
Actually you have no physical evidence for the writing thing either. You claim you wrote something on the bill, they say it's clean, and it's still your word against his. That you really did write something doesn't help because it's safely stashed somewhere you can't access, unless you get the police involved and can convince them to search the place.
If you have something convincing then you'll probably do alright simply because they won't want someone to make a big fuss. But if they are willing to argue with you, seems to me that you'd lose out either way.
Take a picture of the serial number of the note together with the bill. If the waiter brings back a fake note, ask for the original note back.
@ Michael Ash,
"But if they are willing to argue with you, seems to me that you'd lose out either way."
Actually probably not.
First off, and most importantly do not touch the note, then your fingerprints will not be on it. If the Police are called then the waiter is going to have a hard time explaining this away (abcense of physical evidence sometimes as good as having it).
Secondly this scam and it's variations (with credit cards etc) is not new. And the one thing they usually have in common is the owner or manager of the resteraunt is not in on it.
So stand up and argue loudly but politly with the waiter (no calling him a filthy crook etc) and demand loudly for the police to be called. Also loudly point out you are going to demand that the note be tested for finger prints as you have not touched it.
The manager / owner is going to give you 100 euroes to go away rather than have a whole nights income go down the pan.
You just have to remember stand your ground do not use rude words or expressions and demand the police (not the manager).
In most places in North/Weastern Europe and Northan America you will get your money back without any (real) problem.
As for other parts of the world you might be better off just swallowing the loss places like Turkey for instance have a very bad history of coruption in the entire legal system and those that live there can usually tell you atleast two or three horror stories about people they know getting on the wrong end of it.
"On second thought, memorizing digits doesn't make sense -- because then you would have no physical evidence to share with the would-be scammer. At best my solution would lead to a lot of disagreeing."
Bizarre. Someone posting as if they were me (the first Bob) pretending to change my mind. Why would anyone bother to do that?
Still proves nothing: the waiter could say you must have taking the picture with the real note, then replaced it with the fake note before he collected the bill. You'd basically have to film the serial number, and then pan back to show the waiter taking it away.
I suppose you could try to get a receipt (have the waiter sign a napkin with the serial number copied onto it). But this would confuse and inconvenience honest waiters, while failing to catch scammers (all it does is stop them scamming you personally). The cost probably exceeds the benefit.
You could limit your risk by asking the bank or bureau de change to give you nothing bigger than a 20.
"Bizarre. Someone posting as if they were me (the first Bob) pretending to change my mind. Why would anyone bother to do that?"
Must be some sort of identity theft scam.
A great list to compare to jail house scams. It's fascinating to see how these evolve and propagate. Individual crooks are not very creative, but it's a system that supports rapid dissemination and evolution of memes.
Perhaps crooks are good mimics?
As to the "identity theft case" above, maybe it was identity confusion?
The list in Bruce's link makes it look like it's one single person who fell victim of all those scams. If that were the case, my advice to them would be: "stay at home. forever."
Or just use a credit card to pay and avoid the issue altogether.
About the only way to reduce the "your word against theirs" factor would be to photo the restaurant bill next to the cash/serial number. Even then, they can always say that isn't the bill you gave them.
This is one reason that, when possible, I try to pay credit when I'm out of the country. Of course, anyone who would swipe a counterfiet bill would also not mind writing down a credit card number, but there is no theft protection on cash.
First thing to do if someone claims your bill is counterfiet would be to ask for a manager and ask the authorities be called. Seems a red flag to give someone back a counterfiet bill--more appropriate response would be to call the authorities. After all, it is a serious crime. If a business made a policy of reporting counterfiets, it would likely deter fraudsters.
Then again, they will always find a way.
"There are special pens for writing on euro notes whose colour as transparent on real notes, but colours fake ones."
Those pens detect starch, the idea being that real money is never printed on starch paper but fake money often is. The problem with those pens is that real money covered in starch will yield false positives, and fake money printed on real money paper will yield false negatives.
@bob, @HJohn, @Michael Ash, @et al...
You're missing the point... it doesn't matter whether you write on it, or memorize the digits... what matters is the waiter's REACTION.
If he comes back with a different bill, simply say, "that's not my bill. my bill said 'XYZ' on it. Please bring me back my original bill and I'll replace it."
If the waiter freaks out, there's a scam going on... then follow @Clive Robinson advice. Don't touch the bill, and insist to talk to the manager, or call the police yourself.
Cops are pretty good at sniffing out scam artists in hot tourist spots. In most parts of the world, you'll have the upper hand... unless the cops are in cahoots with the scammers, like in Eastern Europe.
The whole story makes no sense. If the waiter detects the note as false, of course he must not give it back to me but call the police and hand it over to them.
On the other hand, once he took the note and gave me back my change, I will never accept the blame because he won't be able to prove that the false note was mine. So I would certainly not pay the bill a second time but insist on calling the police if he makes a demand like that.
Another one from the list: "In London, only the familiar "black" cabs can be hailed from the street. If any other kind of car stops for you, tell them to get lost, no matter how insistent they may be."
Note however that licensed minicabs (company name and number on the car, fare meter, driver has photo-ID, car has a minicab plate on the back) can pick up passengers at minicab ranks, or who have phoned to book them. They just technically can't be hailed on the streets, since they aren't allowed to tout for business. In London, they therefore shouldn't pull over for you, but sometimes will if they aren't en route to a fare.
So a minicab, that isn't a "black cab" and hence isn't technically a "taxi", is rather less of a risk than some unlicensed dude driving around at night offering people lifts.
I had a con artist try in London (with an Australian accent, presumably fake) to get me to bet against him on US history. Fortunately the red flag went up when he said he didn't realize I was an American. I am pretty aware of which things I don't know and wouldn't bet against him [I bet a lot of Americans tourists, especially GIs would take the bet(s)] .
We spent an amusing morning with him trying to get me to take a sucker bet and me trying to "accidentally" catch him on my camcorder while videoing touristy things. It was a draw. I kept hoping I would see him again on subsequent visits so I could go up to him and say "Hey, did you ever come up with the other half of the 100 pounds you lost in that bet against me last week?" Figuring he would pay me the 50 to a) stay quiet and b) add credibility to his play with his current mark.
@bex: That was Bob and someone pretending to be Bob, not me.
Nah..."Movie Plot" story.
Penalties are too heavy for passing counterfeit currency. For any reasonable amount of turnover to balance the risk one would have to repeat the 'scam' numerous times. How long before a few of those marks hand the counterfeit to local authorities and someone connects the dots?
There are much easier and discrete ways of counterfeit laundering. Deposit USD1000 to egold account email@example.com for details...
As a researcher and documentarist of scams like this, I'd like to point out that most perpetrators of this type of "petty" (a term I detest) theft, particularly in Spain, are immigrants. Often illegal immigrants. It's worth pointing this out because of the reputation wrongly attached to the locals. If you're interested, see my article "Bottomfeeders of the Criminal Hierarchy," http://bobarno.com/thiefhunters/2008/02/... from which I quote:
"It’s a contentious political issue: law enforcement budget versus taxes, penal code versus perpetrator’s rights, unemployment, immigration. Same story in most of the world’s major cities and, therefore, street thieves abound, free to prey on the weakest, richest resource: the tourist. From a busy prosecutor’s perspective, or an overworked judge’s, or even an underpaid beat cop’s, pickpocketing is a pretty insignificant issue. Real bad guys are on the loose: murderers, kidnappers, rapists, drug-pushers. How much of a police force should be diverted to snag the bottomfeeders of the criminal hierarchy?
"Most countries blame illegal immigrants from poorer nations nearby. 'We can’t get rid of them,' said Inspector D’Amore Vincenzo, a frustrated policeman in Milan, Italy. 'When they’re caught without work cards, we give them 15 days to leave the country. Then they are released and what happens? They just don’t leave! And if they have no papers, no passports, the countries they come from will not accept the repatriation of these people.'"
These scammers fail in their attempts more often than they succeed. But they don't care about failures. In most cases, they'll quietly give back the original bill, the quicker to get on to the next attempt. The strong argument will come from the honest waiter, when your bill really is counterfit. I actually received a counterfit $100 from a bank when I lived in The Bahamas. It can happen.
I don't believe any of you Bobs are the real Bob. I'll have to call up Alice for confirmation.
ALWAYS USE CREDIT!
It's cheaper than currency exchange services, you can dispute charges, and you get cash back.
Cash is for suckers.
Watch out for people holding cell phones out. They're made to shatter. The trick is you drop it, and then they yell at you til you hand over €50 to pay for their phone that you broke.
If someone's got a jacket, newspaper, blanket, or any other obstruction on their forearm, they're probably a pickpocket.
If there are street performers, watch your stuff instead of them. They're meant to distract you from the pickpockets.
When I was in Europe, my sister and I wore those bags that cinch at the top on our backs. The only way to open them is to be able to undo the cinch at the top, which requires there being slack on the strings. Wearing it as a backpack, the strings are pulled fairly taut, enough that they'd have to lift the bag up a good foot to get enough slack to open it.
there's an easier version of this scam (apparently often used in Mexico): the waiter (or - more often - the employee of a gas station) is going to take your large bill and return with a smaller bill of the same color; claiming that you gave them too little. I even ran into one person that did this with coins. Unlike the counterfeit money scams this one has very little risk for the scammer. The way to counter it is to loudly and visibly count the money before handing it over.
My girlfriend and I were staying for two weeks in Costa de Sol/Costa de Luz this summer and we didn't get scammed a single time.
While I don't say, that the scenario isn't realistic, I think that the proposed solutions (marking banknotes, taking photos of serial numbers etc.) aren't worth the effort, considering the probability that it will actually happen (it didn't happen to us in two weeks).
I guess this probability is not much higher than getting robbed on the street or getting scammed in some unexpected way. If the restaurant has a bad enough moral standards to scam you in that way I wouldn't trust the freshness and quality of the food either - which can have much more dangerous effects on you ;-)
It seems that the trivial way to avoid this scam is to simply carry smaller denominations.
"If there are street performers, watch your stuff instead of them. They're meant to distract you from the pickpockets."
In fact the London Underground now licenses buskers to perform in tube stations. Presumably this is also meant to assist the pickpockets. I've even heard that some cities in the US organise public parades on holidays, especially Thanksgiving. These are intended almost exclusively to boost the local theft industry: they nearly got me that way the year I was in Chicago on Columbus Day. Fortunately those marching bands didn't have *me* fooled. I swallowed my wallet to keep it safe.
Over-cautious, at all? I guess I have the benefit that since I live near London, I have no particular reason to worry about pickpockets on holiday. They're unlikely to be much better than my locals.
"Wearing it as a backpack, the strings are pulled fairly taut, enough that they'd have to lift the bag up a good foot to get enough slack to open it."
In London and other places in the world they don't bother they simply use a surgical blade in a pencil or other common onject and slice the bag open at the bottom as an accomplice bumps into you or even steps back into you, so you dont notice the sudden loss in weight on your back.
The surgical blade is set far enough into an object so it is not that visable and is simply dropped if you challenge them then it's just another object on the ground.
If paying by cash: leave enough money to cover the bill plus a gratuity, wave it at the waiter, say keep the change and walk out.....
"write unobtrusively" or memorizing the serial numbers is the first step. At least the person will be convinced that he is being cheated. Else you will never know whether the claim is true or not.
Once you are convinced, the best thing you could do is spread the message and warn others of this potential breach of trust. If the restaurant is reputed then they will definitely take corrective measures (mostly this will be the handiwork of the staff and not the management team) Inform people around you in the restaurant of the breach so that they could be more careful.
@mailman: That link is from Rick Steves, who publishes guides for all over the world. His show in PBS is fantastic, and he offers local talks (in WA state) on various countries, with lots of tips to avoid lines, pay less, stay cheap, etc.
He's like the Bruce Schneier of Travel :)
@The list in Bruce's link makes it look like it's one single person who fell victim of all those scams. If that were the case, my advice to them would be: "stay at home. forever."
The accounts clearly tick back and forth from male to female, "naive midwesterner" to "lived in Europe for 8 years." It's obviously just a string of quotes from various people.
Better yet than all these lame attempts to covers one posterior, play the scam back at them -- advise the waiter to return your original bill because you are a bank inspector, police officer, whatever, and you will need the bill to retrace where it came from. Mention there's been suspicion of a scam being run from their resturant and you want to help them keep their otherwise good reputation. Put a bit of a scare back into them...
He forgot the "delayed change" scam in Venice. This one amazes me because it was (is?) done by public servants at the
Vaporetto ticket counters. It was beautiful in it's simplicity, most tourist didn't know one Lira note from another, and the change was in the ten thousands of Liras anyway. The guy in the ticket booth would hand you a lot of notes, but typically 20000 or 50000 Lira would be missing. If you just waited and looked at him, he would give you the rest (without any sign of embarrassment, of course).
"First off, and most importantly do not touch the note, then your fingerprints will not be on it."
I can assure you that no police officer anywhere in the world will even contemplate dusting for fingerprints over an alleged offence involving less than a thousand dollars.
"The manager / owner is going to give you 100 euroes to go away rather than have a whole nights income go down the pan."
This scam probably only pays off in a meaningful way when repeated a number of times. There will invariably be a few people who complain loudly to the management ("this can't be a fake! I got it from the ATM!, etc."). While a manager may be willing to give his employee the benefit of the doubt on the first or even second complaint, if there are repeated complaints involving the same waiter, the manager is going to suspect something is amiss. This leads me to believe that this scam is unlikely to be effective unless the manager simply doesn't care or is in on it himself. The risks associated with losing your waiter gig (where you have access to tips from tourists) probably aren't big enough to justify trying to pull a scam with a non-trivial chance of detection, and that must be repeated often to pay off. (After writing this, I see AnotherUrbanMyth has made the same point.)
Look, putting aside crazy and time-intensive ways to avoid getting ripped off, the best advice is to ensure you're not exposed to much loss in a worst case scenario. As other people have suggested: Don't carry much money, don't carry large bills, don't wear jewelery, wear your backpack on your front instead of your back, pay with a credit card and shift the risk to the credit card company.
Any lengthy trip through Latin American as a fair skinned North American is bound to provide you with stories about the ingenuity of thieves. The bottom line is that when you're living on $2 a day you have a totally different conception of risk and payoff. I'm not going to put my personal safety at jeopardy over $50, and they know it, which is why they get away with all this.
People in Peru counterfeit COINS. Don't even ask me how that is worthwhile. Taxi drivers would constantly give them to me as change. I'd just use them to "tip" the next driver as I hopped out of the vehicle.
The common one I experienced in Bolivia was the "mustard" scam: as you're walking through a crowd, someone "accidentally" spills a condiment (or a drink, or whatever) on you, then starts to profusely apologize and distract you while his buddy rips you off. Misdirection: oldest trick in the book. When it happened to me, I just kept walking with my hand on my wallet in the front pocket of my jeans. Maybe it was innocent and I was just another asshole gringo, but trust me, they hate Americans enough in Bolivia as it is...
The easiest way not to be scammed is not to look and act like a gullible American. If you carry expensive cameras out in the open, wear distinctive clothing, flashy jewelry and talk loudly - you become a scammer magnet. I've stayed in lots of major cities including Mexico city, LaPaz, London, Paris, Barcelona, Palermo, Bangkok and Hongkong - all without incident.
"I don't believe any of you Bobs are the real Bob. I'll have to call up Alice for confirmation." - Mckt
Can I listen in?
The obvious solution is not to pay unknown/untrusted vendors with large bills, and instead carry small bills and change.
Am I the only one skeptical of these accounts? Three of them were saved by the graces of their 'amazing' moneybelt(!thank god!), which happens to be on sale for $10.35 on his website, just around the corner.
Looks like this guy learned a thing or two from his scamming counterparts in the EU, haha.
> I can assure you that no police officer
> anywhere in the world will even
> contemplate dusting for fingerprints
> over an alleged offence involving less
> than a thousand dollars.
Wow. Speaking for every cop on the planet seems a little reckless, no?
A couple months ago I came upon some youths trying to steal bicycles from our garage. They weren't worth $200 combined, yet the police took fingerprints.
Oh dont be such an noisy busy-body Eve!
@Bob: "Bizarre. Someone posting as if they were me (the first Bob) pretending to change my mind. Why would anyone bother to do that?"
Bizarre. someone posting as if they were me (the first Bob) pretending I didn't change my mind. Why would anyone bother to do that?
@SteveJ "Over-cautious, at all?"
When I visit Las Vegas, one of my favorite things to do is to watch the crowds of people who watch the various public shows (Treasure Island, etc.).
The pickpockets working them are quite blatant and have spotters to warn them if police are about. If not, they go rampant during the finale. Imagine if you can, nondescript people running briskly from tourist to tourist, picking up backpacks and cutting purse straps.
The same thing can happen at amusement parks. I have (verbally) thwapped security guards who are watching the show instead of the crowd.
A little common sense can avoid many of these hazards. Tourists will go on making criminals rich, for lack of a little common sense.
Why not just make a conspicuous display of checking the anti-counterfeit markings on the bill prior to handing it to the waiter?
Two people claiming to be Bob (me) when in fact I am the real Bob. Give Alice a call, she'll confirm it.
Neither of those is the original Bob. The real Bob has been retired for 15 years, and is living like a king in Patagonia.
How can we be sure you are the real Alice?
> How can we be sure you are the real Alice?
Because I, unlike some other Alices, have a real English accent.
Why would you ask that cheating scammer Alice about Bob? She doesn't know him like I do.
I loved him first. Alice is the attacker. Not me. Not Eve.
"I can assure you that no police officer anywhere in the world will even contemplate dusting for fingerprints over an alleged offence involving less than a thousand dollars."
First off I know for a fact that in certain parts of Europe they will fingerprint as standard (and in places like Egypt where tourists are the life blood and the punishments for fleecing them are large the police have a semi-political incentive to do so).
But even if the police don't fingerprint as standard, is either the waiter or their manager going to take a gamble on this?
The simple fact of asking a police officer (who turns up) to get the note fingerprinted will pretty much convince them that what you are saying has some truth to it (showing your passport or verifiable ID will pretty much sinch it).
At the end of the day the waiter is going to go out on their own on this one. I realy do not think most managers are going to want the police involved as it will have a more negative impact on their business than the 50Euros being contested (importantly never ask for anything other than they accept you are telling the truth otherwise they may think you are trying to pull a scam and dig their heals in).
Two basic rules of thumb to avoid this sort of thing,
The first (has all ready been mentioned which) is don't carry high value notes and leave enough to give a sensible tip.
The second is always pay where you get the recipt and the change.
Importantly the second rule holds for Credit Cards as well never ever let them out of your sight and watch the person handeling it like a hawk.
Contary to what some people have posted paying by Credit Card does carry a risk. It depends on where you are where it was issued and how it was used (fraudulantly).
For instance, as some people in the UK found British Card Issuing Banks decided that under some circumstances the UK Consumer Credit Act was jurisdictionaly limited to the UK. So the biggy was they decided buying from abroad from within the UK was not covered but there where other tryons tried, the result various consumer groups took the card issuers to court. Your jurisdiction and banks / card issuers might decide their own variation on what is or is not covered based on what they think they can get away with...
And then there is that silly little 3 digit security number on the back of the card which you need to perform card not present transactions (unless you have commited it to memory/paper and removed it from your card).
Oh and if you are going to use cash spread it around your body, do people realy think muggers do not know about money belts. Seriously you would be better with it in the sole of your sock, as long as the mugger has something to run with.
if this multiple bob thing keeps up, we're gonna have to start hashing our names.
oh, and if i thought someone was trying to pickpocket me, i'd break their f'ing arm.
you have to challenge the waiter on his forensic skills and tell him let's call the expert from police dept. to settle the dispute.
It does sound like a movie plot threat: This would be a very inefficient way to laundry money, as many of the tourists would then be aware that they might have fake money, and might go to the police, etc. Can't take too long until they find that all those fake notes were detected in the same place...
He really is Bob. I asked Alice personally.
I think we also have to consider the probability of this sort of thing. Even when i have been to places where this sort of thing is "prevalent" it is still a very small risk over all.
In my life time (not all that long) I have had 2 wallets and a car stolen. My son just had his wallet stolen last week. Total value about 3000eu all up including changing locks etc.
The Insurance is not even close to that cheap!
Further to some other comments.
There are a lot of places where cash is the only way you can pay. The Pub below my apartment for example. So the only use CC is more of a case of YMMV....
I have heard about the knife bag trick a bit both for London and Paris. However how often is it really? Compared to just normal pick pocketing as well?
I can't imagine all the bystanders saying nothing, but then I have only spent a few weeks in both places.
So i just read everything on that page. I have done/been just about everything on that list more that once with no problem. Conductors have given my my tickets back. Taxi drivers have given correct change, people on the street are very helpful and steel nothing. Others in my cabin on the train keep an eye on my stuff. I walk down the back streets etc...
Some of those stories even sound made up. I mean we can all read numerals regardless of what we speak.
@Andrew: I agree that pickpockets exist and that steps need to be taken to protect your stuff. I disagree with the claim that street performers are only ever there as part of a scam.
If you also say that you shouldn't look at any tourist attractions, because the pickpockets will get you while you're distracted, then there isn't actually much point going on holiday at all.
What's necessary, surely, is to secure your valuables such that you can pay attention to interesting things, instead of spending all your time focussed on suspected thieves. Once you've done that, you can look at Vegas public shows, street performers, or anything else you like, with impunity.
"or anything else you like"
Actually, probably not the girlfriend of anyone bigger than you or who looks mean.
"I have heard about the knife bag trick a bit both for London and Paris. However how often is it really? Compared to just normal pick pocketing as well?"
It depends on a couple of things. The skill of the person and how crowded it is.
Conventional pickpocketing is quite a skill and requires considerable practice to get away with it these days as the "marks" take more care than they used to.
Pickpocketing also needs a bit of space for the "pass" to work and is difficult to do from behind people.
In a dense crowd the surgical blade wins hands down, it needs little skill, the person getting the attention is not the person commiting the crime but the "bumper" accomplic, and the crowd hides the "cutters" "stowing" activities.
In London's Oxford street "cutting" is on the rise whilst old style "picking" is declining. Also from video released for "TV Viewing" the "cutters" appear to be mainly African/Asian in origin where "pickers" appear to be more European.
I have been told by those responsable for security on the London Underground that on escalators for instance those of Afro Carabian origin, just don't care they just take from womens bags and hit them if they resist. Any serious resistance is dealt with by kicking the person down the escalator.
Then there is "steaming gangs" this is groups of youngsters who blatantly use knives and other weapons to thretan or disable anyone or everyone and they then take what they want. They frequently wear "hoodies n caps" and swap clothing around to make post attack identification difficult. The group also tends to operate in two parts, those that "take" and those that "hold" the stolen items, again this is to make arresst and conviction difficult. It appears they are now mugging other youngsters for their "Oyster Travel Cards" and giving other acomplasis their real Oyster Cards and modile phones to establish false alibies...
"They frequently wear "hoodies n caps" and swap clothing around to make post attack identification difficult."
How much did the cameras cost again? :)
"How much did the cameras cost again? :)"
Good question the UK is supposed to be the number one CCTV nation with 20 times the number of cameras per head of population than the next nation on the list (oddly not the US). And that 60% of them are in London (pop supposedly
Now I know the UK is supposed to have a GDP in the top ten (slightly above California ;) but only a population of 50-60 million
Now if you assume that each camera costs on average 200USD to get up and running...
!!!NMI!!! 64bit unsigned int overflow...
Yup it's to big to calculate even without the Pentium bug.
Hey, I can ask Alice about this Bob thing if you'd like.
No-one here has so far answered the question: How does one defeat this kind of attack? The solution proposed of writing unobtrusively on the bill may add some veracity to an excuse not to accept the new forged bill in return - but it doesn't defeat the attack, it only adds some weight to an argument.
Come on Schneiers'!!! The most obvious way of defeating this attack is to write on the bill in FRONT of the waiter. If he returns it, repeat the exercise. Then call the local law enforcement to witness the process; search the miscreant for forged bills, and throw that sucker in jail!
@ Stephen B,
"No-one here has so far answered the question: How does one defeat this kind of attack?"
Err I think some people have within the bounds of what is legal in the majority of jurisdictions.
Which brings me onto your suggestion,
"... is to write on the bill ..."
Is illegal in quite a few jurisdictions, and I'm reasonably sure that Bruce would not condon illegal activity as a security measure (after all that would be a crime as well in most places ;)
The simple solution is as has been noted,
Go to the till/register and pay in small denomination notes.
Not only does it by pass the waiter, there is insufficient percentage in small notes to make it worth while performing the attack.
So providing you leave an appropriate tip everybody (should) be happy...
Above Anonymous @7:33 is mine.
I once had my Palm Pilot picked from my pocket in the Prague Metro. (Try saying that 10 times fast.) Typical method: big guy gets in front of me and distracts me while his partner grabs it. On the same trip, on the train back from Prague to Vienna, my wife and I met a young couple who was returning from Italy, and who had the “flying baby” scam worked against them. The flying baby scam—which I had heard of, but thought was apocryphal—goes like this. A person walking down the street sees a woman cradling a baby approaching. As the woman nears, she stumbles and sends the baby flying. When the victim reaches out to catch the baby—which turns out to be a doll, of course—an untold number of urchins who are in cahoots with the baby tosser materialize, grab whatever they can, and then run. The moral of the story, I conclude, is that if you are walking in Europe and a baby comes flying out of nowhere, put your hands in your pockets and step aside.
How about writing on the bill "My name is Bob and I am a police officer working undercover. Please wink at me if you are aware of any illegal activities going on in this restaurant." :-)
I have lived here 3 years. My work mates have lived here there whole lives. We have never even heard of the baby scam.
I just got back from teaching in Brno and Prague, as I do this time of year. Again, i have never had a single incident.
Note I can only speak English so I came across as a tourist etc.
Does my anecdotal evidence cancel out yours?
How about ... you pass a genuine fake bill to the waiter, when he comes back to challenge you, you insist that the bill was real and ask for the police.
Cite this blog as a reference: "This is a well known scam you crook!"
Recently i was at a (highend) restaurant in Beijing and when i paid with a 100 yuan note, the waiter read back the last 5 digits of the serial number to me... I asked him why and he said "should we find this note to be fake, you'll know we haven't switched notes on you" That's a best practice if I've ever seen one....
Not really. Presumably, the counterfeiter knows the serial number he put on the bill. All he would have to do is recite the last 5 from the counterfeit and then return the fake bill to you. Best practice would be to have the patron read the last 5 digits and have the waiter confirm them before the bill leaves the table. Any competent sleight of hand artist could replace the bill while picking it up from the table so the customer would need to read the bill before the waiter touched it.
Scammers and phishers are everywhere, in real life, and on the internet, trying to find a way to separate you from your money.
Recently I have noticed a wave of SMS (text) messages asking for money. The other day I got one claiming to be my girlfriend - the writer said they had lost their wallet and phone and could I please transfer $1000 to such and such a bank account.
Another day I was having dinner with a friend who’s father called. My friend’s dad was worried sick - he had gotten a text message from someone claiming to be his son, asking for money because he was in trouble with corrupt cops. My friend laughed, screaming over the din of the convivial hotpot restaurant, that he was perfectly ok.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.