I know of a Thai person who fell for an "e-work" scam over the last year.
The hook was that you pre-pay some amount, do some trival work, then get like 500% return on your "investment". So they filter+train their mark by having them sign up for whatever financial transfer workflow, and figure out how gullable they are by giving them some payouts. A big part of this is some chat-group where lots of other fake-workers post comments saying how nervious/risky it seems and how sometimes the payment is delayed but they all eventually get paid. Eventually they let the mark sign up for some high-value amount, like equivalent of a few thousand USD. When the mark doesn't get paid, they contact the "technical support" team that then tries to social engineer the victim to loose even more money transferring funds the wrong direction (the scammers picked financial apps that make this mistake easiest).
I kind of find it unbelievable that people fall for this stuff, but the obvious proof is that enough people do :(
> I kind of find it unbelievable that people fall for this stuff
I remember reading a headline that being poor is equivalent to losing about 5 IQ points. Don’t know how true that is, but my intuition tells me that most people financially struggle, spend a lot of extra time worrying about money, and in general act a little more desperate and would be a little more aware/skeptical if their stress + financial situation allowed it.
After a few years working in cybersecurity, I viewed EVERYTHING through the lens of “is someone lying to me?”. Emails, text messages, downloading software from a website/App Store, job offers, investment opportunities, etc.the surface area is limitless. There’s exactly zero chance that even an experienced professional with excellent eyesight, who reads up on the newest scams, who doesn’t have lots of family / social events to care for, etc will never get hacked/scammed.
Even in the cybersecurity industry, almost all companies have abandoned the idea that there will never be a breach, and have moved towards thinking about resiliency, where any breaches that do happen are minimized or closed quickly/automatically.
That’s a lot of words to say: even though I thought I would never get scammed, once I spent more time educating myself about how it happens, it seems obvious to me that scams work a percentage of the time and the scale of attempts is enormous.
> is someone lying to me?”. Emails, text messages, downloading software from a website/App Store
And incredibly, someone usually is. Most software download sites have so many UI elements saying "Download", on their downloads page, but only one of them is the legit software you want, and others are some random software that paid money to the website to be there to... probably try to get themselves installed and scam you some more.
I just checked the Google "play" store: searching for "Temu" (I know, dumb, but there was an ad on the main screen of the store), in the page of search results, the first install button is for the sponsored Alibaba app...
Even billion dollar businesses are... trying to scam you. "Don't be evil" no more indeed.
I think the subtext of what I wrote in that paragraph was about the additional cognitive load of having to worry about every little action. For most people who are less informed about scams/cybersecurity, there is a lower cognitive load tax on their mind/attention. Or put another way, the heuristics they use are at a different point on the tradeoff curve between effort/resources and accuracy.
> After a few years working in cybersecurity, I viewed EVERYTHING through the lens of “is someone lying to me?”
Oh thank you for highlighting that, I've had some instance where I'd suddenly have the urgent feeling that something I'm experiencing is a hoax and I couldn't tell why this suddenly surfaced back then, but I guess years of exposure to security does that to one.
A few years ago, I wrote a blog post about my approach to risk management[0].
I generally look at risk as a two-dimensional graph, with the axes being Probability and Severity, and the action strategies as being Prevention, Mitigation, and Remedy.
If we get realistic about likelihood and impact, we can figure out how to reduce the damage.
One trick a wealthy friend of mine uses, is keeping a small checking account, that he fills with just enough cash from his brokerage, so that even if his cards/accounts get pwned, he can't lose that much.
I have followed one simple principle for the last 16 years and have been incident-free. The communication with every business I am affiliated with in any way is one-way - I contact them. I never answer any calls or texts and I never answer any emails. no exceptions. It is amazing how much this simple rule just works. To fall for most scams you have to make a mistake which almost always involves you getting something, call, text, email…
> I remember reading a headline that being poor is equivalent to losing about 5 IQ points.
Poor people also spend a lot of time using cash equivalents rather than credit.
There is a big advantage to using credit. For example, I don't worry too much about fraud on my credit card as the reversibility means that the banking system is taking care of it. If a suspicious transaction hits my ATM card, the bank absolutely jumps on it since it simply doesn't match my patterns of usage.
On the other hand, if you are using your ATM card or cash transfer apps all the time, you're a ripe target for getting scammed. The protections are much weaker and the reversibility (if any) is much worse.
This doesn't even get into the fact that, as a poor person, the people you are transacting with are also stuck in the same system for various reasons of various levels of dubiousness.
At the risk of accidentally demonizing the poor, I remember reading a think piece that could be summarized as “morals/ethics are a luxury only the rich can afford.” The gist is that if you can’t afford to quit your job on the spot and not worry about paying rent this month, you will always be victim to your boss’s unethical actions lowering your ethical standards.
As an engineer, I have frequently challenged myself to empathize with the VW emissions scandal engineers, who were pressured to meet unrealistic emissions and deadlines. The managers didn’t have to explicitly tell them to build emissions testing defectors — they came up with that as an engineering solution to the requirements they were given. I ask myself: at what point would you have quit, and hopefully told the authorities?
Also more recent example is the staff of the submarine that went down to the site of the Titanic and imploded. The CEO was apparently an unbelievable bully and took extraordinary risks, but the staff didn’t quit. One of them was a Scottish immigrant who moved his whole family to take the job. He was also worried about being blacklisted from the entire private sector submarine industry. There was a lot of friction to being able to exercise his highest ethical standards.
Thailand is more or less at war with Cambodian war lords, who have tens of thousands of poor English speakers from around the world living in captivity, their passports taken away, running long term scams over the internet. When they have no money and no power to run, is it fair to blame the low level scammers for having fallen for a job scam months or years ago?
The more financial pressure you are under, the more likely you are to tolerate an unethical environment.
Always seemed to me that the correct response to this scam is to recruit everyone you know to go through just the first step of the scam and then quit while they’re ahead. Like taking a casino’s offer of free food and then leaving without gambling.
IIRC they chat group was using LINE, where the scammers can delete messages / kick people at will. So more people joining just to make a few bucks from the initial payout just increases the credibility of the operation.
Also the initial "tasks" the mark performs are worth only like a few USD. not worth anybody's time except for certain types of vulnerable people who not-coincidentally make good victims.
Just an anecdote but this happens in the west too. I literally woke up today to some spam Telegram "job offer" group that was vibrating my phone like crazy. And all of this in my native language of just a few million speakers. I wish I took some screenshots before trashing it, but the messages were just as you described.
There was a post on HN where someone followed through with a scam like this. It was very weird, the scammer walked the victim through some setup on their computer. They may have actually been selling video views and likes and other social media and advertising engagement fakery ... the process was surprisingly complex and the victim had an account page tracking their activity and payouts.
Even the best of people can fall for scams. It depends on how much you need the money. No one starts off thinking they are going to be scammed. The design ensures people enter this trap slowly. When people are hesitant they are given a taste of success - the 500%. Some people tap out here. Others want to continue to try their luck. But often they are stopped with reverse psychology that there are no low pay jobs and they need to pitch in more money.
I was once explaining to someone in the US why transactions in Mexico and Brazil take a tumble and start to be rejected at a much higher rate than usual due to banks being more stringent after 10 PM as its much more likely these would be fraud/scam/crime in general in these countries and they were amazed that this was a thing.
Its sad that these scams are so widespread today that a heavy handed approach like this is necessary. Unfortunately doing these attacks is incredibly cheap :(
It's probably one of the biggest criticism about PIX, the Brazilian method of transferring money: it's too easy. Early on, kidnappers started taking people off the streets and forcing them to transfer all their money, because victims had no choice but to give their password, and there was no limit on the transfer amount.
Criminals always find a way Decades ago, there was a popular activity called "Paseos Millonarios" (More or less, Millionare Rides) where criminals at night picked up a victim coming out of an ATM, and took him to several other ATMs around, everytime drawing non-suspicious amounts of money. The criminals didn't even need the PIN. They neither entered the ATM hut because only the card holder was sent in.
The final solution was disabling the ATM network durimg night, except the ones located in safe places. Showing you are drawing money in a hurry in a lone hut in the night was a bad idea, anyways.
Unlimited amount? Sure, I can easily see some non-standard situation where its very beneficial (ie once-a-decade home reconstruction). But only on a limited account having only the amount I don't mind exposing, which normally is very low.
To be honest, in my country I can also transfer all my liquid money (not countings stocks etc) with just my phone. The difference is that i'm not afraid of being kidnapped (it's safe here). And anyway, how much does normal person hold in the cash account? People living month-to-month don't have much anyway, while people with savings usually keep them in stocks/bonds/etc.
That is simply not true. I know people who can have millions in their cash account.
Also sometimes you need to liquidate your money and put it in cash account, for example down payment for an upcoming home purchase.
Perhaps similar to the situation where if you block internet traffic from a region or country ... you really do reduce the amount of malicious traffic and attacks an application sees, significantly. To the point that if you can, it's surprisingly effective.
Unfortunately the number of different financial scams is the highest in the world in these countries. US and EU the banks wouldn’t have the capabilities either, it’s simply too much to deal with. You can’t flag everything as fraud.
It’s also a different kind of enemy. The biggest crime organization in Brazil has switched their primary focus from drug running to financial scams. They invest millions and set up legitimate companies with hundreds of employees to facilitate these schemes.
I live in Thailand, many expat accounts have been closed down, making it very hard to pay bills etc. in the country. That will form part of the 3 million. Huge overreaction that will dent the economy and will no doubt be flip-flopped on in a few months time.
It’s important to note that many of the expat accounts have been closed down due to the laxity of individual bank branches in enforcing their own policies, which were taken advantage of by nefarious actors. Many expats attempt to open bank accounts on tourist visas (which include the recently popular Destination Thailand Visa for digital nomads) without proper identification, and though allowed in the past, is now being restricted. One can argue about the classification of visas and the dissonance between economic goals and immigration policy, but for Thais, this is a long overdue enforcement action especially as it regards to scams targeting an older generation. Yes, it significantly impacts honest expats looking to stay beyond the short-term, but there is a way to doing things in Thailand that requires guests to adapt to their hosts, of which accepting the reality of Thailand’s political situations is an important part.
They’re trying to reduce non-technical people or elder scams and fraud.
A scam network takes over phones, tricks people on friends lists to follow directions so their phone can be remotely controlled (Apple and Android). Then the cycle repeats and they try to drain bank accounts in the process.
Thailand is placing 50k maximums for digital transfers then adjusting over time based on … 50k baht = $1,575 USD
In Denmark I have a daily on my bank account of 50,000 dkr - about 8,000 usd. If I want to do a money transfer larger than that I have to call my bank and answer a bunch of questions to verify my identity.
If somebody held a gun to your head, is there a wayto answer the questions differently such that the money transfer is faked? I doubt so, so it's quite similar. I guess it's harder to talk under duress.
I opened that link expecting to be outraged but instead finding myself sympathetic to their solution.
High value transfers should be subject to additional scrutiny to confirm it’s legitimate.
The hard part is making sure you balance that well enough so that you’re protecting against malaise without the bank then becoming a consumer problem themselves.
It will be interesting to see how well this works.
It does say those were tied to “mules”, so freezing those accounts is the right course of action.
In fact the last thing you want to do is give criminals warning that you’re going to freeze their accounts. I’d imagine that would be extremely counterproductive for everyone bar those criminals.
Believed to be tied to "mules" unless their classification method has zero false positives. If it does have false positives then those non-mules have a right to complain.
Everyone has the right to complain about practically anything they want.
But that doesn’t mean that freezing an account suspected of fraud isn’t the right course of action.
Yeah there’s going to be false positives. However that’s precisely why you freeze the account: to allow you time to follow due process and investigation. If you assumed the process was infallible then you wouldn’t need to freeze the account; you would just skip straight to the punishment and remediation stages ;)
If two people accounts were unjustly frozen (and they have to do some work to unlock them), and at the same time two hundred people life savings were saved, would that be OK with you?
I don't know about them, but there are plenty of ways for law enforcement to get mule account numbers. After all that's the whole point - actual criminals don't have to reveal their own identity, instead they convince a "mule" to (knowingly or not) participate in a crime.
The article is unclear about when the freezings took place, but the sentence starting with "By July" seems to suggest that 3 million is the cumulative total of all the accounts that were frozen from January to July. So it probably wasn't a sudden mass freezing, just constant whack-a-mole.
Article's not an image, it's regular HTML text content. The site just uses some extremely obnoxious JavaScript that blocks text selection, right-clicking, and the view-source and developer tools keyboard shortcuts. The latter is especially pointless since anyone who knows about those features also knows that they can be accessed via the browser menu, which JavaScript can't block.
A browser is a 'User agent', as in it is supposed to act on MY behalf, and things in my intent and benefit. Similar agents are real estate agents, or attorneys as my agent.
So... For something that is MY agent, why are browsers creating, and instituting anti-agent choices against my will?
Barring excuses of "following the spec", I should be able to easily disable my user-agent's execution of said onerous code.
(I'm ignoring this for Google chrome. They're an adtech company, and they won in court as a monopoly. Fuck them.)
Sometimes not being able to select is useful. You can trivially create a user style that overrides user-select: none if you'd like, something that isn't possible in most gui software.
>A browser is a 'User agent', as in it is supposed to act on MY behalf
It's supposed to implement the spec. Why are you and many other people on this site so attached over the wording of "user agent"? It is supposed to mean the software making the request, it doesn't mean anything more than that.
New customers will be defined as "high-risk" with, a separate classification from "vulnerable" which is for under 15s and over 65s.
The limit for these "high-risk" customers is 50000 baht a day, which is surely going to be inconvenient to deal with if you ever need it, e.g. for medical bills.
Medical bills are usually a lot more reasonable than that in Thailand - we have a competitive healthcare market that’s backstopped by a public hospitals and a public
universal healthcare system.
High value transfer is relative to the person making it. For some people, moving $1k-$5k daily is as normal as it is for a college kid moving $10-$50 daily. Then for some people $10k-$50k is the norm.
I wonder in the crypto based future if there will be any safeguards to avoid scams and fraud. Instant settlement is not a good thing for me, Ideally any transaction over $1000 should take a week and can be cancelled. Transactions over $100k I'd like to go to a physical location and prove my identity.
In many cryptocurrencies, you can cancel a transaction before the first confirmation by paying a (relatively) small fee. Your other points defeat the purpose of most crypto, though.
> Transactions that are computationally impractical to reverse would protect sellers from fraud, and routine escrow mechanisms could easily be implemented to protect buyers.
Emphasis added.
It is conceptually possible to create a crypto "credit card". But given that existing transactions are already slow, expensive, and complicated to integrate - I can't see it being attractive.
There's also the issue of trust. Escrow merchants need to be highly-trusted by both sides. They also need regulation and insurance. Those things are all in short-supply in cryptoland.
Escrow doesn't magically solve the problem, a way to mediate disputes would be required. That probably will fail in very similar ways to the way the systems we have today fail.
Of course, if the sender can cancel transactions at their discretion, that enables another class of frauds. The solution has to lie in some trusted centralized party outside the payment system [0]. Chia can't solve this. A banking system and legal system can.
[0] Goharshady, A. K. (2021). Irrationality, Extortion, or Trusted Third-parties: Why it is Impossible to Buy and Sell Physical Goods Securely on the Blockchain (arXiv:2110.09857). http://arxiv.org/abs/2110.09857
Vaults are a proposed Bitcoin construct that allow you to have similar features. In order to work, it requires some breaking changes which may or may not ever happen.
> Bank of Thailand (BOT) will meet with commercial banks and the Anti-Online Scam Operations Centre (AOC) on Monday to address growing complaints about the wrongful freezing of bank accounts.. after small retailers and individuals reported being abruptly cut off from their funds without warning or recourse.. Assistant BOT Governor.. acknowledged that current procedures for identifying and freezing suspected “mule accounts” need refinement to prevent harming innocent customers. Many account holders have taken to social media to express frustration over being unable to access their money or conduct business after transfers from unknown sources triggered automated freezes.
What's the real reason? Fraud has been around forever now. How is it that people were able to create so many mule accounts in the first place? What sort of KYC was going on? Why start limiting bank accounts without warning?
So many questions...
Update: my Thai friend just wrote me this:
"Not in trouble, it's the Chinese and Russians money laundering. Every Russian has had their accounts suspended, this was about half a year ago, now they are slowly doing the Chinese and Brits too. Vietnam is not much better, also suspending all foreigners accounts until you can prove you have a trc here."
Many tourists from Hong Kong/China/Taiwan were kidnapped from Thailand to work in scam centres in Cambodia, to the point it gave Thailand a bad name and affected their tourism income
> How is it that people were able to create so many mule accounts in the first place? What sort of KYC was going on?
They pay a low-income/no-income person a small fee (possibly monthly) to let them borrow their account. Sadly, people who would fall into this are not hard to find in Thailand.
> What sort of KYC was going on?
There are accounts that are grandfathered in and don’t require KYC but have been able to access online banking, etc. Mine is such, and my bank (BAY) is discontinuing that particular loophole at the end of this month. (I'm in Thailand right now to do this KYC, despite having not come back here for the last 6 years.)
I remember opening a bank account in a green one, while being on a tourist visa. Don't remember how they even established my address or anything beyond basic id. No real followup on source of funds or anything either. Wire comes in, cash goes out, nobody asks questions. It wasn't even before 9/11, it was 2015.
Thailand’s a very good place to get money out of you’re foreign organized crime in general - the fig leaf of “I’m buying an usually expensive condo/villa/yacht” is a good excuse.
We've been having a similar fraud issue here in South Korea as well. These criminals call vulnerable people, impersonate bankers or government officials, and social-engineer them into trasferring money. Some even pretend to have kidnapped your child, play AI-generated voice of a sobbing kid, and demand ransom.
Fraud has always been around, but I think a few recent developments have exacerbated the problem. KYC has been relaxed a lot since Covid, so you can open a whole bunch of accounts with just an image of an ID card. Lots of elderly people now have access to mobile banking, so they don't have to visit a physical branch where a clerk can flag suspicious transfer requests.
Bank accounts in South Korea now start with a daily transfer limit of 1 million won (about $700), even lower than the 50k bhat limit that the Thai government has instituted.
KK Park – a vast, heavily guarded complex stretching for 210 hectares (520 acres) along the churning Moei River that forms Myanmar’s border with Thailand.. with its on-site hospital, restaurants, bank and neat lines of villas with manicured lawns, looks more like the campus of a Silicon Valley tech company than what it really is: the frontline of a multibillion-dollar criminal fraud industry fuelled by human trafficking and brutal violence.. Myanmar, Cambodia and Laos have in recent years become havens for transnational crime syndicates running scam centres such as KK Park, which use enslaved workers to run complex online fraud and scamming schemes that generate huge profits.
China's Silk Road ends in Sihanoukville Cambodia. If you've ever been there, you've seen the eco-devastation and utter disregard for human life along the entire road.
Does "MM" usually stand for "million"? In German we have "Millionen" and then "Milliarden", but in English that is "Billion", so "MM" cannot stand for "Milliarden" either. And "Mega" already is *10^6, but only has 1 "M". So at first naturally I read "Million Million", but then thought: "What? There is no way they have that many accounts!"
It is a very confusing way to write the number and no explanation seems to fit, other than "There is a second 'M' to avoid clash with the company name '3M'.". Is that the explanation?
To represent one million in finance, the abbreviation “MM” is widely used. This notation originates from “mille mille,” meaning “thousand thousands” in Latin, equating to one million. This clarity makes “MM” a preferred choice in financial statements and reports.
I feel like the mille notation might have been usable before trillions started getting thrown around. Nowadays, k, M, B, and T seem like clearer suffixes than M, MM, MMM, and MMMM.
I’m in finance and exclusively use the M and K to reference millions and thousands. Everyone says the MM is more accurate and I get that from a Roman numeral perspective it may be (if you ignore that it actually means 2000), yet I’ve never once encountered anyone using M as a thousand in the writing or reading of financial figures. I think it’s primarily a financial news, journalism/writing style, I rarely see it in business at all. Sometimes I see MM from the PE/banker guys and that’s about the only time I see it IRL.
Ok, I see where the "actually 2000" misconception would come from. A mile is 2000 steps, and "mile" comes from "mille".
But "mille" means 1000. Specifically, it was the distance covered by 1000 paces from a marching Roman soldier. It's more consistent to measure paces than steps in the face of left/right asymmetries, so it's the unit implied when you just say you're marching 1000.
SI prefixes should always be preferred, as they're more widely understood and have consistency, but finance bros use M for "mille" instead, meaning thousand, when they should use K.
The truncated headline is extremely misleading; it makes it sound like they're having a currency crisis, rather than this being an anti-fraud measure. (I'm not finding any indications in other sources that there is a currency crisis or that the anti-fraud rationale is pretextual, though I could have missed something.)
(ETA: HN title has been re-edited, previously didn't have the "to curb fraud" clause.)
When discussing the headline on HN, can you please quote the headline that you are discussing? Headlines are commonly edited by mods without any history, so it's hard to tell if you're discussing the current headline or something else.
That’s not only closure, that’s global currency control. Every account is now subjected to a transfer limit.
Even if the anti-fraud motif is genuine, that’s a pretty extreme amount of control. Not that it’s in any way strange coming from Thailand. Foreign exchange and capital inflow and outflow are already controlled.
> Assistant [Bank of Thailand] Governor.. acknowledged that current procedures for identifying and freezing suspected “mule accounts” need refinement to prevent harming innocent customers. Many account holders have taken to social media to express frustration...
The abbreviation “M” for million can lead to confusion in finance. Historically, “M” derives from the Latin word “mille,” meaning “thousand.” As such, it has traditionally been used in some accounting or construction contexts to denote a thousand. For example, $5M could historically represent $5,000, creating ambiguity.
To represent one million in finance, the abbreviation “MM” is widely used. This notation originates from “mille mille,” meaning “thousand thousands” in Latin, equating to one million. This clarity makes “MM” a preferred choice in financial statements and reports.
Other abbreviations for million, such as “mn” or “mln,” are also encountered.. The Financial Times, for example, adopted “mn” for millions to improve accessibility for text-to-speech software. While these alternatives exist, “MM” remains a prevalent and widely understood abbreviation for million in American finance.
> Over the past two weeks, Indonesia has been rocked by some of the most widespread unrest in recent memory, with mass demonstrations erupting across Jakarta and other major cities. The protests are the result of long-running economic strain, political discontent, and public outrage at perceived elite entitlement.
Its basically a worldwide proletariat uprising against the elite. And the current article hits people in the pocketbooks. And any protestors who are gaining popularity will undoubtedly be in those 3 million accounts blocked.
I'm relieved to see another educated person doing this.
It's gotten worse for me lately, where I keep mixing up train stations and locations with similar names or characteristics, so I can totally imagine hearing Thailand and thinking about Indonesia instead.
I know of a Thai person who fell for an "e-work" scam over the last year.
The hook was that you pre-pay some amount, do some trival work, then get like 500% return on your "investment". So they filter+train their mark by having them sign up for whatever financial transfer workflow, and figure out how gullable they are by giving them some payouts. A big part of this is some chat-group where lots of other fake-workers post comments saying how nervious/risky it seems and how sometimes the payment is delayed but they all eventually get paid. Eventually they let the mark sign up for some high-value amount, like equivalent of a few thousand USD. When the mark doesn't get paid, they contact the "technical support" team that then tries to social engineer the victim to loose even more money transferring funds the wrong direction (the scammers picked financial apps that make this mistake easiest).
I kind of find it unbelievable that people fall for this stuff, but the obvious proof is that enough people do :(
> I kind of find it unbelievable that people fall for this stuff
I remember reading a headline that being poor is equivalent to losing about 5 IQ points. Don’t know how true that is, but my intuition tells me that most people financially struggle, spend a lot of extra time worrying about money, and in general act a little more desperate and would be a little more aware/skeptical if their stress + financial situation allowed it.
After a few years working in cybersecurity, I viewed EVERYTHING through the lens of “is someone lying to me?”. Emails, text messages, downloading software from a website/App Store, job offers, investment opportunities, etc.the surface area is limitless. There’s exactly zero chance that even an experienced professional with excellent eyesight, who reads up on the newest scams, who doesn’t have lots of family / social events to care for, etc will never get hacked/scammed.
Even in the cybersecurity industry, almost all companies have abandoned the idea that there will never be a breach, and have moved towards thinking about resiliency, where any breaches that do happen are minimized or closed quickly/automatically.
That’s a lot of words to say: even though I thought I would never get scammed, once I spent more time educating myself about how it happens, it seems obvious to me that scams work a percentage of the time and the scale of attempts is enormous.
> is someone lying to me?”. Emails, text messages, downloading software from a website/App Store
And incredibly, someone usually is. Most software download sites have so many UI elements saying "Download", on their downloads page, but only one of them is the legit software you want, and others are some random software that paid money to the website to be there to... probably try to get themselves installed and scam you some more.
I just checked the Google "play" store: searching for "Temu" (I know, dumb, but there was an ad on the main screen of the store), in the page of search results, the first install button is for the sponsored Alibaba app...
Even billion dollar businesses are... trying to scam you. "Don't be evil" no more indeed.
PS "full self-driving", also a scam..
I think the subtext of what I wrote in that paragraph was about the additional cognitive load of having to worry about every little action. For most people who are less informed about scams/cybersecurity, there is a lower cognitive load tax on their mind/attention. Or put another way, the heuristics they use are at a different point on the tradeoff curve between effort/resources and accuracy.
> After a few years working in cybersecurity, I viewed EVERYTHING through the lens of “is someone lying to me?”
Oh thank you for highlighting that, I've had some instance where I'd suddenly have the urgent feeling that something I'm experiencing is a hoax and I couldn't tell why this suddenly surfaced back then, but I guess years of exposure to security does that to one.
exactly this. anyone - regardless of who they are - can fall for a scam. and for exact reason stated in your last sentence!
A few years ago, I wrote a blog post about my approach to risk management[0].
I generally look at risk as a two-dimensional graph, with the axes being Probability and Severity, and the action strategies as being Prevention, Mitigation, and Remedy.
If we get realistic about likelihood and impact, we can figure out how to reduce the damage.
One trick a wealthy friend of mine uses, is keeping a small checking account, that he fills with just enough cash from his brokerage, so that even if his cards/accounts get pwned, he can't lose that much.
[0] https://littlegreenviper.com/risky-business/
I have followed one simple principle for the last 16 years and have been incident-free. The communication with every business I am affiliated with in any way is one-way - I contact them. I never answer any calls or texts and I never answer any emails. no exceptions. It is amazing how much this simple rule just works. To fall for most scams you have to make a mistake which almost always involves you getting something, call, text, email…
> I remember reading a headline that being poor is equivalent to losing about 5 IQ points.
Poor people also spend a lot of time using cash equivalents rather than credit.
There is a big advantage to using credit. For example, I don't worry too much about fraud on my credit card as the reversibility means that the banking system is taking care of it. If a suspicious transaction hits my ATM card, the bank absolutely jumps on it since it simply doesn't match my patterns of usage.
On the other hand, if you are using your ATM card or cash transfer apps all the time, you're a ripe target for getting scammed. The protections are much weaker and the reversibility (if any) is much worse.
This doesn't even get into the fact that, as a poor person, the people you are transacting with are also stuck in the same system for various reasons of various levels of dubiousness.
Different take:
At the risk of accidentally demonizing the poor, I remember reading a think piece that could be summarized as “morals/ethics are a luxury only the rich can afford.” The gist is that if you can’t afford to quit your job on the spot and not worry about paying rent this month, you will always be victim to your boss’s unethical actions lowering your ethical standards.
As an engineer, I have frequently challenged myself to empathize with the VW emissions scandal engineers, who were pressured to meet unrealistic emissions and deadlines. The managers didn’t have to explicitly tell them to build emissions testing defectors — they came up with that as an engineering solution to the requirements they were given. I ask myself: at what point would you have quit, and hopefully told the authorities?
Also more recent example is the staff of the submarine that went down to the site of the Titanic and imploded. The CEO was apparently an unbelievable bully and took extraordinary risks, but the staff didn’t quit. One of them was a Scottish immigrant who moved his whole family to take the job. He was also worried about being blacklisted from the entire private sector submarine industry. There was a lot of friction to being able to exercise his highest ethical standards.
Thailand is more or less at war with Cambodian war lords, who have tens of thousands of poor English speakers from around the world living in captivity, their passports taken away, running long term scams over the internet. When they have no money and no power to run, is it fair to blame the low level scammers for having fallen for a job scam months or years ago?
The more financial pressure you are under, the more likely you are to tolerate an unethical environment.
Always seemed to me that the correct response to this scam is to recruit everyone you know to go through just the first step of the scam and then quit while they’re ahead. Like taking a casino’s offer of free food and then leaving without gambling.
IIRC they chat group was using LINE, where the scammers can delete messages / kick people at will. So more people joining just to make a few bucks from the initial payout just increases the credibility of the operation.
Also the initial "tasks" the mark performs are worth only like a few USD. not worth anybody's time except for certain types of vulnerable people who not-coincidentally make good victims.
Just an anecdote but this happens in the west too. I literally woke up today to some spam Telegram "job offer" group that was vibrating my phone like crazy. And all of this in my native language of just a few million speakers. I wish I took some screenshots before trashing it, but the messages were just as you described.
There was a post on HN where someone followed through with a scam like this. It was very weird, the scammer walked the victim through some setup on their computer. They may have actually been selling video views and likes and other social media and advertising engagement fakery ... the process was surprisingly complex and the victim had an account page tracking their activity and payouts.
Even the best of people can fall for scams. It depends on how much you need the money. No one starts off thinking they are going to be scammed. The design ensures people enter this trap slowly. When people are hesitant they are given a taste of success - the 500%. Some people tap out here. Others want to continue to try their luck. But often they are stopped with reverse psychology that there are no low pay jobs and they need to pitch in more money.
I was once explaining to someone in the US why transactions in Mexico and Brazil take a tumble and start to be rejected at a much higher rate than usual due to banks being more stringent after 10 PM as its much more likely these would be fraud/scam/crime in general in these countries and they were amazed that this was a thing.
Its sad that these scams are so widespread today that a heavy handed approach like this is necessary. Unfortunately doing these attacks is incredibly cheap :(
It's probably one of the biggest criticism about PIX, the Brazilian method of transferring money: it's too easy. Early on, kidnappers started taking people off the streets and forcing them to transfer all their money, because victims had no choice but to give their password, and there was no limit on the transfer amount.
Criminals always find a way Decades ago, there was a popular activity called "Paseos Millonarios" (More or less, Millionare Rides) where criminals at night picked up a victim coming out of an ATM, and took him to several other ATMs around, everytime drawing non-suspicious amounts of money. The criminals didn't even need the PIN. They neither entered the ATM hut because only the card holder was sent in.
The final solution was disabling the ATM network durimg night, except the ones located in safe places. Showing you are drawing money in a hurry in a lone hut in the night was a bad idea, anyways.
Daily limit for ATM withdrawals exists in New Zealand (NZD2000 I think).
Why did they visit multiple ATMs?
Many highly-sophisticated technical solutions are still vulnerable to the "wrench attack". https://xkcd.com/538/
Unfortunately, whenever governments try to solve the wrench attack, they do so by removing the end user's control over their own stuff.
Yes, but the Central Bank of Brazil caught up quickly.
Unlimited amount? Sure, I can easily see some non-standard situation where its very beneficial (ie once-a-decade home reconstruction). But only on a limited account having only the amount I don't mind exposing, which normally is very low.
>it's too easy
To be honest, in my country I can also transfer all my liquid money (not countings stocks etc) with just my phone. The difference is that i'm not afraid of being kidnapped (it's safe here). And anyway, how much does normal person hold in the cash account? People living month-to-month don't have much anyway, while people with savings usually keep them in stocks/bonds/etc.
That is simply not true. I know people who can have millions in their cash account. Also sometimes you need to liquidate your money and put it in cash account, for example down payment for an upcoming home purchase.
Perhaps similar to the situation where if you block internet traffic from a region or country ... you really do reduce the amount of malicious traffic and attacks an application sees, significantly. To the point that if you can, it's surprisingly effective.
To me it suggests they don't have the technical- and financial means to detect fraud.
Unfortunately the number of different financial scams is the highest in the world in these countries. US and EU the banks wouldn’t have the capabilities either, it’s simply too much to deal with. You can’t flag everything as fraud.
It’s also a different kind of enemy. The biggest crime organization in Brazil has switched their primary focus from drug running to financial scams. They invest millions and set up legitimate companies with hundreds of employees to facilitate these schemes.
Three things need to change to reduce it:
1. Banks need to own the risk, not the customer 2. Banks need to spend to defend 3. Laws need to make organized fraud catastrophically criminal.
There is a reason Singapore does not have this problem.
I live in Thailand, many expat accounts have been closed down, making it very hard to pay bills etc. in the country. That will form part of the 3 million. Huge overreaction that will dent the economy and will no doubt be flip-flopped on in a few months time.
It’s important to note that many of the expat accounts have been closed down due to the laxity of individual bank branches in enforcing their own policies, which were taken advantage of by nefarious actors. Many expats attempt to open bank accounts on tourist visas (which include the recently popular Destination Thailand Visa for digital nomads) without proper identification, and though allowed in the past, is now being restricted. One can argue about the classification of visas and the dissonance between economic goals and immigration policy, but for Thais, this is a long overdue enforcement action especially as it regards to scams targeting an older generation. Yes, it significantly impacts honest expats looking to stay beyond the short-term, but there is a way to doing things in Thailand that requires guests to adapt to their hosts, of which accepting the reality of Thailand’s political situations is an important part.
> will no doubt be flip-flopped on in a few months time
As emergency measures usually are.
They’re trying to reduce non-technical people or elder scams and fraud.
A scam network takes over phones, tricks people on friends lists to follow directions so their phone can be remotely controlled (Apple and Android). Then the cycle repeats and they try to drain bank accounts in the process.
Thailand is placing 50k maximums for digital transfers then adjusting over time based on … 50k baht = $1,575 USD
In Denmark I have a daily on my bank account of 50,000 dkr - about 8,000 usd. If I want to do a money transfer larger than that I have to call my bank and answer a bunch of questions to verify my identity.
If somebody held a gun to your head, is there a wayto answer the questions differently such that the money transfer is faked? I doubt so, so it's quite similar. I guess it's harder to talk under duress.
Meanwhile, SMS 2FA is still the standard for security in Thailand :(
How do you remotely control an iPhone?
It’s a built in feature of FaceTime.
https://support.apple.com/guide/iphone/request-give-remote-c...
eSIM. Been discussed on here. Nothing being done to address it so far as I can see. Eg fake QR code.
RDP? TeamViewer? Jump?
I opened that link expecting to be outraged but instead finding myself sympathetic to their solution.
High value transfers should be subject to additional scrutiny to confirm it’s legitimate.
The hard part is making sure you balance that well enough so that you’re protecting against malaise without the bank then becoming a consumer problem themselves.
It will be interesting to see how well this works.
They froze tons of accounts without warning, it was not just a matter of setting daily limits
It does say those were tied to “mules”, so freezing those accounts is the right course of action.
In fact the last thing you want to do is give criminals warning that you’re going to freeze their accounts. I’d imagine that would be extremely counterproductive for everyone bar those criminals.
Believed to be tied to "mules" unless their classification method has zero false positives. If it does have false positives then those non-mules have a right to complain.
Everyone has the right to complain about practically anything they want.
But that doesn’t mean that freezing an account suspected of fraud isn’t the right course of action.
Yeah there’s going to be false positives. However that’s precisely why you freeze the account: to allow you time to follow due process and investigation. If you assumed the process was infallible then you wouldn’t need to freeze the account; you would just skip straight to the punishment and remediation stages ;)
What is the threshold?
If two people accounts were unjustly frozen (and they have to do some work to unlock them), and at the same time two hundred people life savings were saved, would that be OK with you?
I don't know about them, but there are plenty of ways for law enforcement to get mule account numbers. After all that's the whole point - actual criminals don't have to reveal their own identity, instead they convince a "mule" to (knowingly or not) participate in a crime.
They used to just kill without trial those believed to be tied to drug deals too.
The article is unclear about when the freezings took place, but the sentence starting with "By July" seems to suggest that 3 million is the cumulative total of all the accounts that were frozen from January to July. So it probably wasn't a sudden mass freezing, just constant whack-a-mole.
I feel that 3 million is a lot even over a six month period. Over 16,000 accounts per day.
If I understand correctly*, they froze 3 million accounts tied to 177K mules.
Couldn't find anything that indicated there was a mass freezing of legitimate accounts, or a singular complaint of an incident of that happening.
* Can't copy paste...is the article an image!?
Article's not an image, it's regular HTML text content. The site just uses some extremely obnoxious JavaScript that blocks text selection, right-clicking, and the view-source and developer tools keyboard shortcuts. The latter is especially pointless since anyone who knows about those features also knows that they can be accessed via the browser menu, which JavaScript can't block.
Or, at least in iOS/macOS, just take a screenshot, then select the text from there.
Here https://news.ycombinator.com/item?id=45241082
> is the article an image!?
I can't check right now, but I'm guessing they set `user-select: none` in CSS.
About that.
A browser is a 'User agent', as in it is supposed to act on MY behalf, and things in my intent and benefit. Similar agents are real estate agents, or attorneys as my agent.
So... For something that is MY agent, why are browsers creating, and instituting anti-agent choices against my will?
Barring excuses of "following the spec", I should be able to easily disable my user-agent's execution of said onerous code.
(I'm ignoring this for Google chrome. They're an adtech company, and they won in court as a monopoly. Fuck them.)
Sometimes not being able to select is useful. You can trivially create a user style that overrides user-select: none if you'd like, something that isn't possible in most gui software.
>A browser is a 'User agent', as in it is supposed to act on MY behalf
It's supposed to implement the spec. Why are you and many other people on this site so attached over the wording of "user agent"? It is supposed to mean the software making the request, it doesn't mean anything more than that.
New customers will be defined as "high-risk" with, a separate classification from "vulnerable" which is for under 15s and over 65s. The limit for these "high-risk" customers is 50000 baht a day, which is surely going to be inconvenient to deal with if you ever need it, e.g. for medical bills.
Medical providers are probably okay with getting paid in 50,000-baht daily installments if necessary?
1 344,17 Euro
Which to me seems entirely reasonable limit. Such transactions are relatively rare.
Medical bills are usually a lot more reasonable than that in Thailand - we have a competitive healthcare market that’s backstopped by a public hospitals and a public universal healthcare system.
The article also said that you can apply to make larger transfers and the process gets approved within a few hours (so basically “same day”.
That means unusual payments like home purchases can be approved. But fraud is significantly harder…at least in theory.
That’s two months of the country median income. I’m pretty sure medical providers will be okay.
That’s mostly annoying for inter accounts movement if you move money around a bit but I think you would get higher capacity if you are concerned.
High value transfer is relative to the person making it. For some people, moving $1k-$5k daily is as normal as it is for a college kid moving $10-$50 daily. Then for some people $10k-$50k is the norm.
I wonder in the crypto based future if there will be any safeguards to avoid scams and fraud. Instant settlement is not a good thing for me, Ideally any transaction over $1000 should take a week and can be cancelled. Transactions over $100k I'd like to go to a physical location and prove my identity.
In many cryptocurrencies, you can cancel a transaction before the first confirmation by paying a (relatively) small fee. Your other points defeat the purpose of most crypto, though.
The original Bitcoin paper says:
> Transactions that are computationally impractical to reverse would protect sellers from fraud, and routine escrow mechanisms could easily be implemented to protect buyers.
Emphasis added.
It is conceptually possible to create a crypto "credit card". But given that existing transactions are already slow, expensive, and complicated to integrate - I can't see it being attractive.
There's also the issue of trust. Escrow merchants need to be highly-trusted by both sides. They also need regulation and insurance. Those things are all in short-supply in cryptoland.
Escrow doesn't magically solve the problem, a way to mediate disputes would be required. That probably will fail in very similar ways to the way the systems we have today fail.
Eventually you can only solve this by arresting the criminals
With layer 2, probably centralized, payment networks. Layer 1 is too "low level" for most transactions.
These are exactly the types of things Chia is working on, and at least to some degree, are in production.
Of course, if the sender can cancel transactions at their discretion, that enables another class of frauds. The solution has to lie in some trusted centralized party outside the payment system [0]. Chia can't solve this. A banking system and legal system can.
[0] Goharshady, A. K. (2021). Irrationality, Extortion, or Trusted Third-parties: Why it is Impossible to Buy and Sell Physical Goods Securely on the Blockchain (arXiv:2110.09857). http://arxiv.org/abs/2110.09857
It’s amazing watching the crypto folks slowly reinvent the entire banking industry.
Also kinda pointless though.
With crypto, if you are not using a cold wallet when having a big balance, then the problem exclusively is you.
Vaults are a proposed Bitcoin construct that allow you to have similar features. In order to work, it requires some breaking changes which may or may not ever happen.
September 14th, https://www.thailandnews.co/2025/09/bank-of-thailand-seeks-f...
> Bank of Thailand (BOT) will meet with commercial banks and the Anti-Online Scam Operations Centre (AOC) on Monday to address growing complaints about the wrongful freezing of bank accounts.. after small retailers and individuals reported being abruptly cut off from their funds without warning or recourse.. Assistant BOT Governor.. acknowledged that current procedures for identifying and freezing suspected “mule accounts” need refinement to prevent harming innocent customers. Many account holders have taken to social media to express frustration over being unable to access their money or conduct business after transfers from unknown sources triggered automated freezes.
> Assistant BOT Governor
Good name for an AI agent orchestration framework.
New technocratic control repackage just dropped: "scam losses"
How about stopping the scam centres in Cambodia altogether
3 million accounts (the original text), not "3M"[1] accounts.
1. https://en.wikipedia.org/wiki/3M
> By July, 3 million accounts have been closed
this wasn't a swift action overnight
they could be blocking this many accounts on a yearly basis just from scam reports at the police station
or more which seems to be the case recently, but not overnight
this is bad article
For reference, banks in the United States flag all transactions above $10,000, and repeat transactions that appear to be skirting this threshold.
Also worth thinking about inflation with this one.
The $10,000 figure originated with the 1970 Bank Secrecy Act[1]. Back then, that was a lot of money.
If it had kept up with plain old vanilla government-reported inflation, the number would be closer to $83,000 today[2].
---
[1] https://www.fincen.gov/resources/statutes-and-regulations/ba...
[2] https://www.dollartimes.com/inflation/inflation.php?amount=1...
Big Mac Index suggests more like 30x
Maybe I'm too suspicious but Thailandb is not a democratic country, was recently in an armed conflict. Could there be something more to this?
What's the real reason? Fraud has been around forever now. How is it that people were able to create so many mule accounts in the first place? What sort of KYC was going on? Why start limiting bank accounts without warning?
So many questions...
Update: my Thai friend just wrote me this:
"Not in trouble, it's the Chinese and Russians money laundering. Every Russian has had their accounts suspended, this was about half a year ago, now they are slowly doing the Chinese and Brits too. Vietnam is not much better, also suspending all foreigners accounts until you can prove you have a trc here."
Update2: just saw this on IG… https://www.instagram.com/p/DOZM0ZOkUAy/
Many tourists from Hong Kong/China/Taiwan were kidnapped from Thailand to work in scam centres in Cambodia, to the point it gave Thailand a bad name and affected their tourism income
May 2025, "Vietnam to close 86M bank accounts for lack of biometric data", 20 comments, https://news.ycombinator.com/item?id=45201549
> How is it that people were able to create so many mule accounts in the first place? What sort of KYC was going on?
They pay a low-income/no-income person a small fee (possibly monthly) to let them borrow their account. Sadly, people who would fall into this are not hard to find in Thailand.
> What sort of KYC was going on?
There are accounts that are grandfathered in and don’t require KYC but have been able to access online banking, etc. Mine is such, and my bank (BAY) is discontinuing that particular loophole at the end of this month. (I'm in Thailand right now to do this KYC, despite having not come back here for the last 6 years.)
I remember opening a bank account in a green one, while being on a tourist visa. Don't remember how they even established my address or anything beyond basic id. No real followup on source of funds or anything either. Wire comes in, cash goes out, nobody asks questions. It wasn't even before 9/11, it was 2015.
Thailand’s a very good place to get money out of you’re foreign organized crime in general - the fig leaf of “I’m buying an usually expensive condo/villa/yacht” is a good excuse.
We've been having a similar fraud issue here in South Korea as well. These criminals call vulnerable people, impersonate bankers or government officials, and social-engineer them into trasferring money. Some even pretend to have kidnapped your child, play AI-generated voice of a sobbing kid, and demand ransom.
Fraud has always been around, but I think a few recent developments have exacerbated the problem. KYC has been relaxed a lot since Covid, so you can open a whole bunch of accounts with just an image of an ID card. Lots of elderly people now have access to mobile banking, so they don't have to visit a physical branch where a clerk can flag suspicious transfer requests.
Bank accounts in South Korea now start with a daily transfer limit of 1 million won (about $700), even lower than the 50k bhat limit that the Thai government has instituted.
https://www.theguardian.com/global-development/2025/sep/08/m...
This!
China's Silk Road ends in Sihanoukville Cambodia. If you've ever been there, you've seen the eco-devastation and utter disregard for human life along the entire road.
Great news.
Does "MM" usually stand for "million"? In German we have "Millionen" and then "Milliarden", but in English that is "Billion", so "MM" cannot stand for "Milliarden" either. And "Mega" already is *10^6, but only has 1 "M". So at first naturally I read "Million Million", but then thought: "What? There is no way they have that many accounts!"
It is a very confusing way to write the number and no explanation seems to fit, other than "There is a second 'M' to avoid clash with the company name '3M'.". Is that the explanation?
https://news.ycombinator.com/item?id=45240304#45241147
I feel like the mille notation might have been usable before trillions started getting thrown around. Nowadays, k, M, B, and T seem like clearer suffixes than M, MM, MMM, and MMMM.
For this specific thread, 3MM also disambiguates 3M the company, https://news.ycombinator.com/item?id=45240769
It is to avoid confusing with "M", mīlle -- Latin for "thousand". Quite common in financial world still.
I've worked in trading in NY, London, and Singapore for nearly 20 years and have never seen anyone actually write M to mean "thousands".
"Thousand" is always "k" or "K". "Million" is "M", "MM", "m", "mn", or "mln".
It comes from finance - the rest of us just use "M" for million. I believe it's from Roman numerals (MM = thousand * thousand).
I’m in finance and exclusively use the M and K to reference millions and thousands. Everyone says the MM is more accurate and I get that from a Roman numeral perspective it may be (if you ignore that it actually means 2000), yet I’ve never once encountered anyone using M as a thousand in the writing or reading of financial figures. I think it’s primarily a financial news, journalism/writing style, I rarely see it in business at all. Sometimes I see MM from the PE/banker guys and that’s about the only time I see it IRL.
Ok, I see where the "actually 2000" misconception would come from. A mile is 2000 steps, and "mile" comes from "mille".
But "mille" means 1000. Specifically, it was the distance covered by 1000 paces from a marching Roman soldier. It's more consistent to measure paces than steps in the face of left/right asymmetries, so it's the unit implied when you just say you're marching 1000.
The funny thing is, that MM in roman numerals means 2000.
Megameters, naturally
Mm
Just accounting nerds sniping normal people who try to express numbers, smh.
I say we just should go with engineer notation 3e6 is unambiguous. And say 100 million could be simple e8.
SI prefixes should always be preferred, as they're more widely understood and have consistency, but finance bros use M for "mille" instead, meaning thousand, when they should use K.
IIRC it’s Roman numerals for thousand thousands
Actual Roman numeral notation would be M̄. MM is 2000... And well M only came in middle ages. Romans would have used CIↃ...
The truncated headline is extremely misleading; it makes it sound like they're having a currency crisis, rather than this being an anti-fraud measure. (I'm not finding any indications in other sources that there is a currency crisis or that the anti-fraud rationale is pretextual, though I could have missed something.)
(ETA: HN title has been re-edited, previously didn't have the "to curb fraud" clause.)
When discussing the headline on HN, can you please quote the headline that you are discussing? Headlines are commonly edited by mods without any history, so it's hard to tell if you're discussing the current headline or something else.
It makes it sound like they're having an argument with the 3M Company to me.
Did they ductaped their funds?
They can Post It in
I hope they stick with it.
That’s not only closure, that’s global currency control. Every account is now subjected to a transfer limit.
Even if the anti-fraud motif is genuine, that’s a pretty extreme amount of control. Not that it’s in any way strange coming from Thailand. Foreign exchange and capital inflow and outflow are already controlled.
https://news.ycombinator.com/item?id=45240304#45240968
> Assistant [Bank of Thailand] Governor.. acknowledged that current procedures for identifying and freezing suspected “mule accounts” need refinement to prevent harming innocent customers. Many account holders have taken to social media to express frustration...
I've read the headline and my first thought was, "they're overdue on tackling fraud", but perhaps it should be clarified.
Yeah, flagged for editorialisation. (EDIT: Unflagged for mentioning fraud. Would also recommend changing the ambiguous 3M to 3mm or 3mn.)
It’s a long headline. I bet the editorialisation was reluctantly done to work around HNs character limit.
If you have a better suggestion for an abridged headline then you could share and hopefully the submitter can still update this submission.
There is no clean distinction between anti-fraud and currency control
Isn't Thailand also one of the countries where Google is taking away people's sideloading rights?
Crypto solves this /s.
It does. /not s
Can someone explain why MM means millions, and not just M, 3M ==3 millions?
https://accountinginsights.org/how-to-abbreviate-million-in-...
Because there are too many standards[0]! If only someone would invent one more standard that everyone could follow...
The Wikipedia on long and short scales[1][2] for the root of the problem.
[0] https://xkcd.com/927/
[1] https://en.wikipedia.org/wiki/Long_and_short_scales
[2] https://grammarhow.com/m-vs-mm-million/
3M =3 Million. I clicked the link wondering what Minnesota Mining and Manufacturing was doing in Thailand.
The article does say 3 Million, so the editing happened at HN's end.
HN auto-abbreviates submission titles, e.g. thousands to K, millions to M.
So, sure these bank regulations are "fraud preventing".
But if you pay attention to GPS jam maps and news sources, they are currently also under significant unrest.
https://thediplomat.com/2025/09/indonesias-unrest-revives-fe...
> Over the past two weeks, Indonesia has been rocked by some of the most widespread unrest in recent memory, with mass demonstrations erupting across Jakarta and other major cities. The protests are the result of long-running economic strain, political discontent, and public outrage at perceived elite entitlement.
Its basically a worldwide proletariat uprising against the elite. And the current article hits people in the pocketbooks. And any protestors who are gaining popularity will undoubtedly be in those 3 million accounts blocked.
The article is about Thailand, you got the countries confused. But thanks for sharing, didn't know.
The article is about Thailand, not Indonesia.
Well, damn. I completely misread that. I now feel kinda dumb.
I'm relieved to see another educated person doing this.
It's gotten worse for me lately, where I keep mixing up train stations and locations with similar names or characteristics, so I can totally imagine hearing Thailand and thinking about Indonesia instead.