Rick Moen
2018-12-07 19:14:17 UTC
For four years, San Mateo County Office of Emergency Services has been
quietly building up a 'SMC Alert' system to notify county residents of
road closures, fires, major storm-caused flooding, tsunami warnings,
downed power lines, evacuation routes, locations of emergency shelters,
sightings of dangerous wildlife (mostly mountain lions), etc.
Notifications are by policy kept to the minimum, and opt-in (SMS, voice
calll, or e-mail). The need for such systems was underlined by the
2017 North Bay fires such as the one that devastated Santa Rosa, where
the death count was tragically inflated by people being unaware that a
wildfire was bearing down on them, literally dying in fires when they
could easily have evacuated if given warnings.
I signed up (www.smcalert.info) for the SMS messages about a year ago.
When I did, and noted that -- as with all SMS texts -- they don't even
try to authenticate them, I immediately saw the likelihood of pending
trouble. SMC Alert SMS posts originate from, the county says, one of
two displayed sending numbers, 89361 or 87844. Are you going to
remember that? Nope, nor anyone else.
The scammers finally spotted the opportunity a couple of days ago:
Dear Foster City Residents,
As part of our safety requirements by California Law, our officers
conduct an annual inspection of San Mateo County, including all
residential areas, the exterior of any communties and business
operations. A portion of the annnual inspection may also include a
random visit to units within the [missing text] inspection.
A member of our team will accompany the representative during the
inspection so there is a need for you to be at home. We must request
that all pets be secured and that your alarm system be deactivated.
Please be advised that you cannot refuse the inspector access to any
units within the community during this process. Any fines levied due
to an alarm system that is [rest of text omitted]
Text is said to have declared itself to be from the (non-existent)
'San Mateo County Security System'.
Reproduced (partial) text of the scam SMS is from KTVU-TV coverage,
http://www.ktvu.com/news/sheriffs-office-warns-of-scam-involving-san-mateo-co-alert-system
It's a pity KTVU-TV didn't reproduce the full text, as analysing those
is often enlightening and entertaining. A couple of comments:
1. Con artists often focus on projecting a tone of authority, but with
a story that's paper-thin and doesn't make sense if you bother to spend
even a moment thinking about it. For example: 'A member of our team
will accompany the representative during the inspection so there is a
need for you to be at home.' That doesn't actually make any sense at
all. It's basically word salad.
2. These guys are usually pretty illiterate, thus the pompous but
illiterate capitalising of 'Law'.
Even though the county is now trying to put out the word about these
criminals, probably the scam SMS did its intentioned job, which was to
soften up the target gullible residents' and business people's
suspicions when some burglar with a clipboard comes knocking and
demanding to be admitted to do a 'safety inspection'.
Police demanding entry are required to have search warrants (e.g., slide
them under the door upon request), otherwise the correct answer is 'No,
I'm not opening the door, and no, you may not enter.' Others may not
lawfully demand entry at all, and the correct action is to immediately
call the police emergency number and not let them in.
(There is an exception for police _not_ needing a warrant called
'exigent circumstances' establishing probable cause without a warrant,
e.g., where they're in hot pursuit of a felon.
https://en.wikipedia.org/wiki/Exigent_circumstance
You still don't need to open the door. Just don't stand in the way,
and know that you might need to install a new doorframe if it really is
the police and they really want in.)
The authorities' message has been limited to:
1. Don't believe an emergency services SMS if it comes from a regular
telephone number instead of one of the pair of special five-digit ones.
2. If in doubt about whether to let someone in, check with 911 _first_.
Well, OK, as far as that goes -- but the problem with this approach is
that it's (as usual) chasing after the _last_ scam. It's more useful to
learn how to not fall for the next one. Con artists' entire gig
involves inventing very slightly plausible stories and rushing the
public into falling for them through haste and incaution, not bothering
to think. It's their metier.
The _broader_ protection you get is by insisting on stopping to think,
refusing to be rushed, and always having a strong default of 'no' if
anything smells funny. No, you may not come in. No, you may not search
my car. No, you may not 'ask just a few questions': Give me your card
and I'll have an attorney give you a call. No, I'm not paying that.
No, I'm not going where you told me to. No, I'm not going to take your
word for that. No, I'm not going to tell you any part of my credit card
number or access codes. No, I'm not answering questions: You called
me, so the first order of business is for you to indentify yourself and
state your business.
And remember the classics: 'Officer, am I free to go?' and 'I'll not be
answering questions.'
http://www.ktvu.com/news/sheriffs-office-warns-of-scam-involving-san-mateo-co-alert-system#/
https://www.almanacnews.com/news/2018/12/05/sheriffs-office-warns-of-scam-involving-smc-alert-system
https://www.sfgate.com/news/bayarea/article/Sheriff-s-Office-Warns-Of-Scam-Involving-Smc-13442327.php
https://brisbaneca.org/news/scam-involving-smc-alert
https://patch.com/california/millbrae/s/gkfid/scammers-targeting-residences-needing-alert-system-access
https://www.mercurynews.com/2018/12/04/san-mateo-co-sheriffs-office-warns-of-scam-involving-smc-alert-system/
quietly building up a 'SMC Alert' system to notify county residents of
road closures, fires, major storm-caused flooding, tsunami warnings,
downed power lines, evacuation routes, locations of emergency shelters,
sightings of dangerous wildlife (mostly mountain lions), etc.
Notifications are by policy kept to the minimum, and opt-in (SMS, voice
calll, or e-mail). The need for such systems was underlined by the
2017 North Bay fires such as the one that devastated Santa Rosa, where
the death count was tragically inflated by people being unaware that a
wildfire was bearing down on them, literally dying in fires when they
could easily have evacuated if given warnings.
I signed up (www.smcalert.info) for the SMS messages about a year ago.
When I did, and noted that -- as with all SMS texts -- they don't even
try to authenticate them, I immediately saw the likelihood of pending
trouble. SMC Alert SMS posts originate from, the county says, one of
two displayed sending numbers, 89361 or 87844. Are you going to
remember that? Nope, nor anyone else.
The scammers finally spotted the opportunity a couple of days ago:
Dear Foster City Residents,
As part of our safety requirements by California Law, our officers
conduct an annual inspection of San Mateo County, including all
residential areas, the exterior of any communties and business
operations. A portion of the annnual inspection may also include a
random visit to units within the [missing text] inspection.
A member of our team will accompany the representative during the
inspection so there is a need for you to be at home. We must request
that all pets be secured and that your alarm system be deactivated.
Please be advised that you cannot refuse the inspector access to any
units within the community during this process. Any fines levied due
to an alarm system that is [rest of text omitted]
Text is said to have declared itself to be from the (non-existent)
'San Mateo County Security System'.
Reproduced (partial) text of the scam SMS is from KTVU-TV coverage,
http://www.ktvu.com/news/sheriffs-office-warns-of-scam-involving-san-mateo-co-alert-system
It's a pity KTVU-TV didn't reproduce the full text, as analysing those
is often enlightening and entertaining. A couple of comments:
1. Con artists often focus on projecting a tone of authority, but with
a story that's paper-thin and doesn't make sense if you bother to spend
even a moment thinking about it. For example: 'A member of our team
will accompany the representative during the inspection so there is a
need for you to be at home.' That doesn't actually make any sense at
all. It's basically word salad.
2. These guys are usually pretty illiterate, thus the pompous but
illiterate capitalising of 'Law'.
Even though the county is now trying to put out the word about these
criminals, probably the scam SMS did its intentioned job, which was to
soften up the target gullible residents' and business people's
suspicions when some burglar with a clipboard comes knocking and
demanding to be admitted to do a 'safety inspection'.
Police demanding entry are required to have search warrants (e.g., slide
them under the door upon request), otherwise the correct answer is 'No,
I'm not opening the door, and no, you may not enter.' Others may not
lawfully demand entry at all, and the correct action is to immediately
call the police emergency number and not let them in.
(There is an exception for police _not_ needing a warrant called
'exigent circumstances' establishing probable cause without a warrant,
e.g., where they're in hot pursuit of a felon.
https://en.wikipedia.org/wiki/Exigent_circumstance
You still don't need to open the door. Just don't stand in the way,
and know that you might need to install a new doorframe if it really is
the police and they really want in.)
The authorities' message has been limited to:
1. Don't believe an emergency services SMS if it comes from a regular
telephone number instead of one of the pair of special five-digit ones.
2. If in doubt about whether to let someone in, check with 911 _first_.
Well, OK, as far as that goes -- but the problem with this approach is
that it's (as usual) chasing after the _last_ scam. It's more useful to
learn how to not fall for the next one. Con artists' entire gig
involves inventing very slightly plausible stories and rushing the
public into falling for them through haste and incaution, not bothering
to think. It's their metier.
The _broader_ protection you get is by insisting on stopping to think,
refusing to be rushed, and always having a strong default of 'no' if
anything smells funny. No, you may not come in. No, you may not search
my car. No, you may not 'ask just a few questions': Give me your card
and I'll have an attorney give you a call. No, I'm not paying that.
No, I'm not going where you told me to. No, I'm not going to take your
word for that. No, I'm not going to tell you any part of my credit card
number or access codes. No, I'm not answering questions: You called
me, so the first order of business is for you to indentify yourself and
state your business.
And remember the classics: 'Officer, am I free to go?' and 'I'll not be
answering questions.'
http://www.ktvu.com/news/sheriffs-office-warns-of-scam-involving-san-mateo-co-alert-system#/
https://www.almanacnews.com/news/2018/12/05/sheriffs-office-warns-of-scam-involving-smc-alert-system
https://www.sfgate.com/news/bayarea/article/Sheriff-s-Office-Warns-Of-Scam-Involving-Smc-13442327.php
https://brisbaneca.org/news/scam-involving-smc-alert
https://patch.com/california/millbrae/s/gkfid/scammers-targeting-residences-needing-alert-system-access
https://www.mercurynews.com/2018/12/04/san-mateo-co-sheriffs-office-warns-of-scam-involving-smc-alert-system/