- Apr 2024
-
www.thecut.com www.thecut.com
-
Want more stories like this one?
So, the closest I ever got to being scammed was while I was sleep deprived working on Loop Thesis shortly after leaving Oracle. A door-to-door salesperson came to my apt from one of the 3rd-party energy sourcing companies that are really scummy trying to act like they were from PECO, and they were acting like they were trying to get me through some administrative process that would have moved my PECO account over to them, where presumably they would over-charge me. I was sleep deprived and half delirious and was halfway through the transfer process before I figured out what was going on.
What saved me was a couple of things:
A) they had me call up PECO to start the transfer and when the person on the line asked about stuff, I noticed that they really didn't want her to be on speaker phone while I was answering and asking my own questions. They kept kind of angrily gesturing for me to mute the phone. And it's really hard to manage multiple people in a scam at the same time, especially when one of them is just a random PECO employee.
B) PECO asked questions. They were like "here's the process you're going through", and then I immediately said, "huh, well that doesn't make sense, I thought I was doing Y" and then the scammer was like "don't tell them that!"
C) At the point where I stopped trusting them, I just told them to go away and I would look things up myself and I stopped engaging. I stopped saying "but why would X happen, you said Y, that doesn't make sense." And just said, "no, I'll look this up later, sorry" over and over again until they left.
and that was shortly before I made a policy of just, even if someone makes me think I want something, I still wait 24 hours to do it. But to me, that emphasizes that not having a situation be in control of the scammer is important. If I lived with anyone else, getting them on the line would have blocked the scam. The PECO person asking any questions at all could block the scam. Being like "there is never a legitimate reason for you to stand next to me and coach me while I do a thing" would block the scam.
My point being, you don't actually need to know what's real and what's not, that's not the defense against scams. The defense against scams is:
A) Not letting them start the conversation -- ie, you always call back, schedule an apt, write an email.
B) Not letting them control the conversation -- ie, you always have someone else there, you always research without them present, you always force them to use a medium like text, you never let them stay on the line for too long or walk you through things step-by-step.
C) Not making impulse decisions period -- you have a universal policy that you wait before you do a thing, because then you have moments of clarity while you're waiting. And you never break that policy even when it seems like you should, because the whole point is that you don't trust yourself to know when to break the policy.
And I really genuinely believe those steps will work in many cases regardless of how savvy someone is or isn't, and it feels like the approach to scammers right now is that we tell people to just be smarter, and it's like saying "why are people dying in cars? Should we add airbags and make people use turn signals or should we just yell 'be more aware' at them?"
-
I still don’t believe that what happened to me could happen to anyone
I still feel like who the heck cares. I mean, I get the instinct to want to know that your weaknesses aren't unique, but it just doesn't matter. Where was all this tribalism and need to confirm normalcy while you were being told not to talk to your husband?
I don't know, maybe I'm being mean about that.
-
For now, I just don’t answer my phone.
I mean, this is a throwaway line, but I'm kind of upset that there are no real tips here. Like... don't. Don't answer your phone if you can avoid it.
That's not a haha funny line at the end, tell people not to answer their phone!
-
It also mattered that I was kept on the phone for so long. People start to break down cognitively after a few hours of interrogation.
YES!!!
-
It was my brother, the lawyer, who pointed out that what I had experienced sounded a lot like a coerced confession.
Yes!
-
it was probably when they read me my Social Security number. Now I know that all kinds of personal information — your email address, your kids’ names and birthdays, even your pets’ names — are commonly sold on the dark web.
Thank you banks for continuing to use this information for account security, giving people the impression that it is secure and private. Your contributions are always appreciated /s
-
maybe I wasn’t such a moron.
I don't think this is helpful anyway, everyone wants everyone to tell each other that they're smart. Who hecking cares, good security practices and security habits work for everyone and anyone, regardless of what ablest terms you want to label them with.
-
They gave me instructions to freeze my credit, file reports with the FBI and FTC, and run anti-virus software on my laptop to check for malware, which I did.
Freeze credit anyway. Long conversation, everyone's credit should always be frozen.
run anti-virus
Thank you banks, your contribution to the world of security is always appreciated /s
As opposed to doing things like adding proper 2FA or training your tellers to not randomly hand people 50,000 without asking followup questions that would very quickly shake someone out of a delusion.
-
Then it all came crashing back, a fresh humiliation, and I curled into the fetal position. I felt violated, unreliable; I couldn’t trust myself. Were my tendencies toward people-pleasing, rule following, and conflict aversion far worse than I’d ever thought, even pathological? I imagined other people’s reactions. She’s always been a little careless. She seems unhinged. I considered keeping the whole thing a secret. I worried it would harm my professional reputation. I still do.
This is the issue, like.. I don't want to be mean about it because this is exactly what hecking happens, and people don't talk about the scams because they get embarrassed and talking about what's happening is how you avoid losing your grip on reality for long enough to prevent them.
So it's like... I don't want to be mean because susceptibility to scams is not a character flaw, and it is so obvious outside of scams what's going on and all you need is anyone outside of the scam to look at it and laugh and say "what the heck are they talking about." And embarrassment isn't helpful for that.
-
That I’d been trying to protect him suddenly seemed so idiotic I couldn’t even say it out loud.
Okay, the rest of this is going to be depressing.
-
I saw the whole day peel away, like the layers of an onion — Michael, the FTC officer, the Amazon call — revealing my real life, raw and exposed, at the center.
Just 10 minutes off of the phone, that is all it would have taken.
-
I took my son trick-or-treating, my phone on speaker in my pocket.
what the heck
-
As I walked back inside, Michael texted me a photo of a Treasury check made out to me for $50,000 and told me a hard copy would be hand-delivered to me in the morning.
you said you were a financial expert though...
-
He frowned and silently mouthed, “What?”
Be respectful of your partners and their privacy, but also if something like this ever happens, #$&@ing GO WITH THEM.
-
I gnawed on a granola bar at my desk, he got chatty and asked about my job. I told him I was going to Washington, D.C., later that week. “Oh, great. You could come to my office in Langley,” he said. “Where are you staying?”
Some casual talk before you're investigated for money laundering and before the cartel kills you.
This is also why Michael is just keeping her on the phone for hours and hours. It's just painful to read. Like, there's no defense at this point, just hang up the phone for 10 minutes and this would come crashing down, but she can't.
-
Or maybe I had lost my grip on reality so completely that I was willing to resign myself to this new version of it
Right. I mean, no shame, but literally this is what's happening. And this is why habits -- so you always do 3rd-party confirmation, you always get someone else's perspective, you always wait a day before doing something.
Because human beings lose their grip on reality sometimes, and then you have a habit that stops you from losing 50,000 dollars when you do lose your grip on reality.
-
“I’ll need to see your colleague’s badge,” I said. “I’m not just going to give $50,000 of my money to someone I don’t know.” “Undercover agents don’t carry badges,” he said, as if I’d asked the CIA to bring me a Happy Meal. “They’re undercover. Remember, you are probably being watched. The criminals cannot know that a CIA agent is there.”
There's something insulting about a scammer being like, "no, we're not going to make a fake badge to show you, stop being so needy, how far do you expect us to go to get your 50,000 dollars?"
-
You are being charged with money laundering. If we secure this cash and then issue you a government check under your new Social Security number, that will be considered clean money.”
You said you were financially savvy!!!!!!! You said it! You said you talked to experts!
-
“Why can’t I just use this cash?” I asked. “Why do you have to take it and give me a check?”
So close, come on.
Don't ask them the questions, you think about the questions yourself. If you don't trust someone, you don't ask them questions to justify things. You research externally. Always externally.
-
But it doesn’t seem like I have any other choice
But you DO
-
A picture of Michael’s badge appeared on my phone. I had no way of verifying it; it could easily have been Photoshopped.
Right? And you'll do something with that information?
-
Do you really want to take that risk with a young child?”
Now we're back to the people trying to kill your kids. Are you being investigated by the government, or is the cartel after you, or was your Amazon account hacked. You are not obligated to believe all 3 simultaneously.
-
He sighed. “I’m sending you a photo of my badge right now,”
Case in point
-
“I don’t even believe that you’re a CIA agent,” I said. “What you’re asking me to do is completely unreasonable.”
You don't argue with them and you don't ask open-ended questions. YOU set up the standard.
Otherwise they get to decide what the proof is.
-
“I need to speak with Michael,” I told the woman on the phone.
AAAAAA So close!!!
When you have that moment of clarify, call someone else!! Not the original person!
-
As I walked back to my apartment, something jolted me out of my trance, and I became furious. No government agency would establish this as “protocol.” It was preposterous.
This is why we wait! Clarity comes with time!
-
Michael was bursting with praise.
I'm sure he was.
-
Michael was on speakerphone in my pocket.
No.
-
My son would be home soon, and I had to fix this mess
I wonder if this is like an angle of susceptibility here, she keeps saying that she needs to fix everything. You're not going to fix a CIA investigation and a cartel and stalkers in an evening. That is not a thing.
But like, what happens to get someone into the position where they think, "well, but I need this resolved this evening before trick or treating?" What is going on that someone immediately jumps to that line of reasoning, and she keeps mentioning it -- I need to just fix this quickly.
I feel like that's the trap maybe? Sort of goes without saying, but waiting 24 hours to just do anything is also a really good defense here, and it feels like that defense got bypassed by playing into a "I need to solve the problem right now" part of her personality.
-
It’s impossible to explain why I accepted this logic
Agreed. I don't mean that in a nasty way, just like... oof.
-
“You can’t send a complete stranger to my home,” I said, my voice rising. “My 2-year-old son will be here.”
Wha? This is the thing you get hung up on?
-
He asked me how much cash I thought I would need to support myself for a year if necessary. My assets could be frozen for up to two years if the investigation dragged on, he added. There could be a trial; I might need to testify. These things take time. “I don’t know, $50,000?” I said.
I don't know that I can keep reading this, this is just escalating to a wild degree, there's nothing to add.
-
“Unfortunately, no,” he said. “You must follow my directions very carefully. We do not have much time.”
This again. Why the ever-loving heck not, what time don't you have?
I understand why they're doing this, I understand why it works, it's just frustrating to read.
-
But also not completely out of the realm of possibility.
Ah, #$&*X
-
It was far-fetched. Ridiculous
Yes, yes.
-
They would also deactivate my compromised Social Security number and get me a new one.
Come on.
-
In the eyes of the law, there was no difference between the “real” and the fraudulent ones, he said.
I mean, no that's not true, at all, but we've already established that she doesn't know that.
-
“My office is in Langley,” he said. “We don’t have enough time. We need to act immediately.
"It's so lucky that Amazon forwarded your case number, or else you would be dead this very night."
-
“Can I just come to your office and sort this out in person?” I said. “It’s getting late, and I need to take my son trick-or-treating soon.”
I'm sorry, do you believe you are being investigated for federal crimes while the cartel monitors your every movement, or not? Like, I can't believe I'm arguing for the scammers here, but you ostensibly believe people are trying to kill your family, right? Like...
-
It was a nonstarter.
I cannot figure out whether she's terrified or not.
"A raid would be very inconvenient right now, is there something else we can do?"
-
“If you talk to an attorney, I cannot help you anymore,” Michael said sternly. “You will be considered noncooperative. Your home will be raided, and your assets will be seized. You may be arrested. It’s your choice.”
wfeoefwiohafjdsfkjlewoihewio
She's just fully pulled in now, nothing is getting through, it's too late. This is not how ANYTHING works.
-
He then repeated the point Calvin had made about my phone and computer being hacked and monitored by the criminals who had stolen my identity.
PUBLIC PHONE CALL!!!
-
“You are being investigated for major federal crimes,”
Since #$&@ing when!?
-
feeling stupid.
You need to be more derisive about the world around you. You're not stupid, why are they asking you to jump through hoops. How come you can't do your job without me lying to my husband. I demand to speak to your manager, who I assume is the president.
-
I admitted that I had texted my husband. “You must reassure him that everything is fine,” Michael said. “In many cases like this, we have to investigate the spouse as well, and the less he knows, the less he is implicated
meh, not a thing. Nothing to add here, they're just going to lie to her in quick succession.
-
“It’s a government number,” he said, almost indignant. “It cannot be spoofed.” I wasn’t sure if this was true and tried Googling it, but Michael was already onto his next point.
They can be spoofed, but sympathy here because "they just move on" is a way to get caught. This is why text-based communication is preferable in situations like this, I don't want to be on a phone call where someone can just push past a point. I want to be able to sit and obsess about it for 3 hours and then send an email.
But sympathy on this point, you're either assertive enough to say, "no wait, we're not moving on" or you're not. And like... I'm not. That's why I stay off the phone.
-
“How do I know you’re not just spoofing this?” I asked.
Good instinct!
-
“I completely understand,” he said calmly. He told me to go to the FTC home page and look up the main phone number. “Now hang up the phone, and I will call you from that number right now.” I
See above, phone number spoofing. This is exactly the scenario I was talking about.
-
“I’m going to need more than that,” I said. “I have no reason to believe that any of what you’re saying is real.”
Come on, good instinct but like... You don't ask "how can I believe you." That gives them the opportunity to suggest what the proof is. Which is exactly what happens next.
-
I knew I should probably talk to a lawyer or maybe call the police, though I was doubtful that they would help. What was I going to say — “My identity was stolen, and I think I’m somehow in danger”?
YES!
If you have a contact number with the hecking CIA, then give the police that information. What are you talking about?
-
Still, I had not seen a shred of evidence. I checked my bank accounts, credit cards, and credit score; nothing looked out of the ordinary.
You're so close.
-
They hadn’t asked for my personal details; they already knew them. I hadn’t been told to click on anything.
They transferred your call, asked for your bank information, and gave you another number.
When people ask you to click on things, what they're doing is saying "here is the location of a thing, you can totally trust me that the thing is what I say it is."
That is just like phone numbers! Phone numbers are links! Calling a phone number is clicking on a link!
-
It had occurred to me that the whole story might be made up or an elaborate mistake. But no one had asked me for money or told me to buy crypto; they’d only encouraged me not to share my banking information.
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-
If it was a scam, I couldn’t see the angle.
AAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-
I Googled the number. Nothing.
You were so close, you were right next to the finish line all you had to do was step over the line, and then instead you hacked off your leg with a table saw instead.
-
His voice took on a more urgent tone. “You must have worked very hard to save all that money,” he said. “Do not share your bank-account information with anyone. I am going to help you keep your money safe.”
I'm sorry, go back to "my communications are being monitored and I'm going to be killed by the cartel."
I mean... okay, less actionable advice than above, but like... if someone from Amazon calls you and then somebody says that your life is in danger and then says "we need to protect your 80,000 dollars" and uses very weird language like "you must have worked very hard for that money" which is the type of thing that only a scammer would ever say about money, because normal people don't think "I bet you earned your money legitimately" is a compliment... that person might be a scammer!
-
Calvin wanted to know how much money I currently had in my bank accounts
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-
remembered another story about a man who got stuck on a no-fly list after his personal information was used by a terrorist group.
And then he was killed by the cartel!
-
I thought of an old This American Life episode about a woman whose Social Security card was stolen. No matter how many times she closed her bank accounts and opened new ones, her identity thief kept draining them, destroying her credit and her sanity. (It turned out to be her boyfriend.)
Two things:
A) our financial system is a mess and that actually contributes to scams, because people get confused about what's possible to do. It's true that identity theft can be a nightmare, and that makes people more scared of it than they should be, and the problem because reinforcing. Mostly because banks are terrible at security and credit unions don't care about protecting data or correcting mistakes.
B) Just because This American Life reported it was her boyfriend does not mean that the vast majority of ID theft isn't random. Most of it's random, this American Life just picked up on it because it was noteworthy and a more dramatic story, which is irresponsible on their part if they didn't try to clarify the reality for most people.
-
You should assume you are in danger and being watched.
Drug PSA except for public wifi.
"Shaunda used public wifi once at a bar, and then her family was killed by the cartel. Wifi, not even once."
-
I quickly deleted the text messages I had sent my husband a few minutes earlier.
Side note, this isn't a thing.
If someone is surveilling you, you can not just delete a text message. This is too long of a conversation to get into.
-
“I believe you, but even so, your communications are probably under surveillance,” Calvin said. “You cannot talk to him about this.”
My brother in Christ, you are on a #$&#) public phone call!
"You are being surveilled, so I made sure to call your personal phone number on an unencrypted network after being transferred by Amazon."
AAAAAAAAAAAAAAAAAAAAAAAAAAAA
-
I told him I was quite sure that my husband, who works for an affordable-housing nonprofit and makes meticulous spreadsheets for our child-care expenses, was not a secret drug smuggler.
She's getting like... pulled in. By saying "my husband isn't a drug smuggler" she's conceding that there might be a drug smuggler.
Also holy heck, please take a step back and realize this started with an Amazon ref saying, "mind if I refer you to the FTC" When was the point you suddenly started believing you were on a call with the FBI?
-
Calvin told me to listen carefully. “The first thing you must do is not tell anyone what is going on. Everyone around you is a suspect.”
This is not how identity theft works. This isn't child kidnapping, identity theft is usually someone you don't know.
-
“I’m in deep shit,” I texted my husband. “My identity was stolen and it seems really bad.”
Always text someone else, having someone else in the loop is the defense against irrational behavior.
-
“Ah,” he said. “That’s unfortunate. It’s how many of these breaches start.”
No it's not, public wifi is not as dangerous as many people believe. And I'm more cautious about public wifi than most people. We all use HTTPS now, there are reasons why I don't like to connect to public wifi, but identity theft isn't one of them.
-
Google led me to truthfinder.com, which asked for my credit-card information — nope.
Good instinct.
-
He texted me a drug-bust photo of bags of pills and money stacked on a table. He told me that there were warrants out for my arrest in Maryland and Texas and that I was being charged with cybercrimes, money laundering, and drug trafficking.
Absolutely wild escalation.
-
He texted me a photo of her ID
This is not a thing anyone would do. When I got into a car accident and the other person wrote down a fake phone number and ghosted me because they didn't have insurance, the insurance company that they used to have would give me zero information about them. Which... they shouldn't have! They did the correct thing in that situation, you don't randomly give information out.
The FTC would not just text you a photo of someone's ID even if that person was a criminal. Companies don't do this, government agents wouldn't do it.
-
Then he read me the last four digits of my Social Security number, my home address, and my date of birth to confirm that they were correct.
I'm empathetic to not catching the red flag here, but "here's your identity, can you confirm that it's correct" is a big red flag. That's not how confirmations work, you would need to give that information to him, not the other way around.
But again, shouldn't be in this call to begin with. Never give any information unless you initiated the call to a number you looked up.
-
gave me his badge number, and had me write down his direct phone line in case I needed to contact him again
No, extension. He doesn't get to give you a phone number, he gives you an extension and a name, and you call back using the number on Google and ask for that name/extension.
I realize I'm hammering this and preaching to the choir, but like.. bullet-proof way to avoid a large number of phone scams. But it has to be habitual, it has to be a policy that you always do.
-
Krista transferred the call
See above, Krista does not transfer the call. Krista gives you an extension or case number, you hang up and you look up the number for the Federal Trade Commission online.
-
It had become so pervasive that the company was working with a liaison at the Federal Trade Commission and was referring defrauded customers to him.
Now see, the mistake here is assuming that Amazon would willingly work with the Federal Trade Commission :)
-
and recommended that I check my credit cards. I did, and everything looked normal.
You don't check this information with them on the phone, not if they called you. Check it separately, then call Amazon customer service back using the number on the website.
This is something to do universally -- not when a call feels suspicious, just as a general policy always initiate the call yourself. What's bad is that not all businesses will tell you to do this, but if I tell a business "for security I need to hang up and call you back" I have never had a business be upset about that, they all understand. Should be universal practice even if you're 100% sure it's not a scam, it's about forming a habit.
-
I had not. I checked my Amazon account. My order history showed diapers and groceries, no iPads. The woman, who said her name was Krista, told me the purchases had been made under my business account. “I don’t have a business account,” I said. “Hmm,” she said. “Our system shows that you have two.”
So first real red flag here, and actual practical advice beyond just "be suspicious" -- getting a call to say "did you do X" is fine. But the moment that you start looking into account details, you should start the call.
So what I would want someone to do in this situation is say "no, I didn't make those purchases." Then when you go to check the account or say "where did they come from" -- even if the call is 100% from Amazon, you end the call and call Amazon back. That's part of what the case-ID number is for. You never go into account details over a phone call unless you made the call.
So ideally, in a situation like this you say, "no, I didn't make the purchases. Go ahead and feeze the account, and I'll call back for more details."
Then you hang up, look up the phone number yourself online and call that number. Don't use a phone number you're given, you get the number yourself and you initiate the call -- basically this is an almost sure-fire way to avoid impersonation attacks for businesses. There is very little most scammers can do to counter this strategy.
-
The caller ID said it was Amazon.
Okay, good advice time which hopefully the article goes into: caller IDs can be faked, they're self-reported. I'm not privy of the full technical details, but you should never look at Caller ID as a trustworthy signal of who a caller is, think of them like return addresses on envelopes -- they often are accurate, but they don't have to be.
-
with a vague accent
is this necessary?
-
I am listed as an emergency contact for several friends — and their kids. I vote, floss, cook, and exercise
This is light teasing, I understand the frustration trying to say "I'm not the person who you think about when you think about someone falling for scams."
So not trying to seriously criticize, but "I wouldn't fall for a scam, I vote and floss" is really funny to me.
"Oh yeah? If my life wasn't put together, then why am I flossing?! Could a lonely person do that?"
-
I interview money experts all the time and take their advice seriously.
Wait, didn't you say you were financially savvy?
-
cam victims tend to be single, lonely, and economically insecure with low financial literacy. I am none of those things. I’m closer to the opposite.
You're about to describe a very embarrassing event in your life, so maybe hold off on starting out by insulting other scam victims?
-
Another study found that well-educated people or those with good jobs were just as vulnerable to scams as everyone else.
Also true
-
Younger adults — Gen Z, millennials, and Gen X — are 34 percent more likely to report losing money to fraud compared with those over 60, according to a recent report from the Federal Trade Commission.
This is true
-
When I’ve told people this story, most of them say the same thing: You don’t seem like the type of person this would happen to.
[citation needed]
-
Why didn’t I text my husband, or my brother (a lawyer), or my best friend (also a lawyer), or my parents, or one of the many other people who would have helped me? Why did I hand over all that money — the contents of my savings account, strictly for emergencies — without a bigger fight?
So this I'm just straight-up sympathetic to because "why didn't I do X" has to feel pretty awful.
-
a cruel and violating one
Sometimes when people use these phrases to talk about social interactions they're exaggerating, but "your family might die" does actually feel pretty cruel and violating as far as scams go.
-
He told me my home was being watched, my laptop had been hacked, and we were in imminent danger.
So this is less of a traditional scam and more of an extremely wild "they're going to kill you" scam? Which may make me a bit more sympathetic because I feel like if I was actually worried that my family was going to die I wouldn't be thinking rationally either. I have literally never been in that position.
That being said... how in the actual heck do we go from "Amazon scams" to "the terrorists are closing in on you right now"?
-
2-year-old son was playing in our living room.
This is the concerning part, assuming that he didn't just guess.
-
The man on the phone knew my home address, my Social Security number, the names of my family members
None of this is surprising, this kind of stuff is easy for criminals to find.
-
“Do not look at the driver or talk to him. Put the box through the window, say ‘thank you,’ and go back inside.”
NO TALKING! But do say thank you, being a driver is hard. So many criminals are just using Uber now.
-
“You won’t be hurt,” he answered. “Just keep doing exactly as I say.
When you learn how to interact with scam victims by watching Die Hard.
-
- Jul 2017
-
www.foxnews.com www.foxnews.com
-
generate fake FCC filings, or advance their big government agenda.
Most evidence I've seen online indicates that there's been a fair amount of fake filings from everyone, with the majority of spam likely coming from the "against" side.
This is (one of the reasons) why it's better to do controlled studies rather than asking people to voluntarily submit their own opinions. Most of the studies I have seen suggest that both Republicans and Democrats broadly support a data agnostic Internet.
-
Under these regulations, government bureaucrats can decide what websites they can prioritize or punish and what broadband infrastructure investments are worth.
That is quite literally the opposite of what Network Neutrality does. A common carrier, by definition, does not prioritize or punish any content.
Net Neutrality advocates want the exact same thing you do - an Internet where no one, even the government, can arbitrarily decide that one website or service gets an artificial competitive advantage over another.
-
-
developers.google.com developers.google.com
-
For notifying the user of events (e.g. calendaring sites), the Notifications API should be used.
That is a heck of a large privilege to grant a site just so it can avoid showing you a popup on the page itself.
-
-
-
And again, this is just checking client-side, third-party JavaScript libraries for known vulnerabilities.
Which is why this needs to be taken with a grain of salt. These numbers are frightening until you realize how little impact the actual vulnerable parts of code are going to have on most websites.
Of the jQuery vulnerabilities linked, 4 are XSS attacks and 1 is a denial of server attack against sites that use jQuery to compile templates on the server.
In all cases, the site is only vulnerable to the extent that it accepts user input and uses it either serverside or clientside across multiple users.
Do you really think that all of these libraries are doing that? Absolutely, some of them are. But most sites are using jQuery because they don't know how
document.querySelectorAll
works, not because they're loading user-submitted comments from a server.
-