I know of a Thai person who fell for an "e-work" scam over the last year.
The hook was that you pre-pay some amount, do some trival work, then get like 500% return on your "investment". So they filter+train their mark by having them sign up for whatever financial transfer workflow, and figure out how gullable they are by giving them some payouts. A big part of this is some chat-group where lots of other fake-workers post comments saying how nervious/risky it seems and how sometimes the payment is delayed but they all eventually get paid. Eventually they let the mark sign up for some high-value amount, like equivalent of a few thousand USD. When the mark doesn't get paid, they contact the "technical support" team that then tries to social engineer the victim to loose even more money transferring funds the wrong direction (the scammers picked financial apps that make this mistake easiest).
I kind of find it unbelievable that people fall for this stuff, but the obvious proof is that enough people do :(
> I kind of find it unbelievable that people fall for this stuff
I remember reading a headline that being poor is equivalent to losing about 5 IQ points. Don’t know how true that is, but my intuition tells me that most people financially struggle, spend a lot of extra time worrying about money, and in general act a little more desperate and would be a little more aware/skeptical if their stress + financial situation allowed it.
After a few years working in cybersecurity, I viewed EVERYTHING through the lens of “is someone lying to me?”. Emails, text messages, downloading software from a website/App Store, job offers, investment opportunities, etc.the surface area is limitless. There’s exactly zero chance that even an experienced professional with excellent eyesight, who reads up on the newest scams, who doesn’t have lots of family / social events to care for, etc will never get hacked/scammed.
Even in the cybersecurity industry, almost all companies have abandoned the idea that there will never be a breach, and have moved towards thinking about resiliency, where any breaches that do happen are minimized or closed quickly/automatically.
That’s a lot of words to say: even though I thought I would never get scammed, once I spent more time educating myself about how it happens, it seems obvious to me that scams work a percentage of the time and the scale of attempts is enormous.
> is someone lying to me?”. Emails, text messages, downloading software from a website/App Store
And incredibly, someone usually is. Most software download sites have so many UI elements saying "Download", on their downloads page, but only one of them is the legit software you want, and others are some random software that paid money to the website to be there to... probably try to get themselves installed and scam you some more.
I just checked the Google "play" store: searching for "Temu" (I know, dumb, but there was an ad on the main screen of the store), in the page of search results, the first install button is for the sponsored Alibaba app...
Even billion dollar businesses are... trying to scam you. "Don't be evil" no more indeed.
I think the subtext of what I wrote in that paragraph was about the additional cognitive load of having to worry about every little action. For most people who are less informed about scams/cybersecurity, there is a lower cognitive load tax on their mind/attention (but that lower cognitive load results in less skepticism and more susceptibility to scams). Or put another way, the heuristics they use are at a different point on the tradeoff curve between effort/resources and accuracy.
> I remember reading a headline that being poor is equivalent to [...]
Some government forms and processes for poor people assistance I've seen (and I imagine that forms and processes for new immigrants may be similar)... some of it is insanely kafkaesque, implemented with incompetence/indifference in both official communications/documentation, and sometimes on an individual human representative basis, with the effect of making no sense at all.
So I'm not at all surprised if someone who doesn't understand how some category of things works in reality, is easily tricked into believing a scam. Because the scammer is no more ridiculous than some of the official government bureaucracy they've been subjected to.
(BTW, I'm not anti-government. I support what some would call "big government". I'm only horrified at how poorly done it sometimes gets in the details. I know that, when it is done poorly, it is going to have very real negative effects on people's lives, including on the least powerful. I believe in good, big government.)
> Some government forms and processes for poor people assistance I've seen (and I imagine that forms and processes for new immigrants may be similar)... some of it is insanely kafkaesque
There's little political pressure to make it easier, and constant worries about "fraud" by claimants, or means-testing, which is turned into adding more and more fields to the form.
I’m convinced that some of those Byzantine rules are underhanded ways to destroy the usefulness of the welfare system. Politicians actively use what is called a “poison pill” to make legislation unpalatable; there’s no reason they can’t actually poison a welfare system they don’t want to exist.
There are two primary things that cause this to happen in reality.
The first is that politicians want to get credit for creating the program, but also don't want it to cost a lot of money. Their incentive is to create a program that sounds good but does and therefore costs as little as possible. But making it obvious that it doesn't do much compromises the "sounds good" requirement, so instead they make a bunch of complicated rules and barriers that keep the price tag low but in a way which is difficult to understand. Relatedly, the people administering the programs are often under orders to accept some particular number or proportion of claims, again for budgetary reasons, and then if there are too many they have to start fabricating barriers themselves.
The second is that there is no accountability mechanism. Some majority of voters support the idea of the program, but they've been assured that it was created and exists and have no idea what a mess it is, and only a small minority are recipients. So if things are unintentionally broken, they don't get fixed, because the majority isn't aware of the problem and that's the only thing that gets politicians to address it.
It's not because of politicians opposed to the program. If politicians opposed to the program have a controlling majority then they simply repeal it. It's the politicians who support the (pretense of) the program who screw it up.
This is one of the reasons why complicated systems with many overlapping benefits each with their own application process and phase out rates are so ineffective, and the better way to address this is with simple direct transfer payments like expanding the EITC or a negative income tax.
> After a few years working in cybersecurity, I viewed EVERYTHING through the lens of “is someone lying to me?”
Oh thank you for highlighting that, I've had some instance where I'd suddenly have the urgent feeling that something I'm experiencing is a hoax and I couldn't tell why this suddenly surfaced back then, but I guess years of exposure to security does that to one.
I think initially I did it because I had high network privileges in my position at a company which had an immense amount of sensitive data on important companies. Kind of a deep thought exercise to be hyper vigilant in my position of responsibility.
Later, I think I stretched the thought exercise to start identifying new business opportunities (trying to find value in protecting against each of those things I identified).
At the same time I grew “professionally paranoid”, I was learning about epistemology and skepticism (to try to understand the cultural and political changes of the last decade). It’s been a wild ride.
> I remember reading a headline that being poor is equivalent to losing about 5 IQ points.
Poor people also spend a lot of time using cash equivalents rather than credit.
There is a big advantage to using credit. For example, I don't worry too much about fraud on my credit card as the reversibility means that the banking system is taking care of it. If a suspicious transaction hits my ATM card, the bank absolutely jumps on it since it simply doesn't match my patterns of usage.
On the other hand, if you are using your ATM card or cash transfer apps all the time, you're a ripe target for getting scammed. The protections are much weaker and the reversibility (if any) is much worse.
This doesn't even get into the fact that, as a poor person, the people you are transacting with are also stuck in the same system for various reasons of various levels of dubiousness.
A few years ago, I wrote a blog post about my approach to risk management[0].
I generally look at risk as a two-dimensional graph, with the axes being Probability and Severity, and the action strategies as being Prevention, Mitigation, and Remedy.
If we get realistic about likelihood and impact, we can figure out how to reduce the damage.
One trick a wealthy friend of mine uses, is keeping a small checking account, that he fills with just enough cash from his brokerage, so that even if his cards/accounts get pwned, he can't lose that much.
I have followed one simple principle for the last 16 years and have been incident-free. The communication with every business I am affiliated with in any way is one-way - I contact them. I never answer any calls or texts and I never answer any emails. no exceptions. It is amazing how much this simple rule just works. To fall for most scams you have to make a mistake which almost always involves you getting something, call, text, email…
This is one of the best heuristics (because it’s such an short+easy to memorize). I learned it from my mother who is kinda low tech, but understood risk.
But ultimately, it’s a heuristic and is imperfect.
One example thing which bypasses weakness to this heuristic: when you import a programming language library or a “curl pipe bash”: how much research do you do to verify the authenticity of the library, the security of the package and contributors, that you didn’t typo and accidentally install a lookalike malware, etc? And then every time you take an action which updates the same thing, are you equally as rigorous and vigilant as the first time?
It seems like no exceptions would just make life needlessly difficult for me.
I just received a monitor at no-cost because the first one I bought had a hardware defect - the company didn’t respond to my attempt to contact them, so I returned it to amazon and left an accurate review. The seller followed up and sent me a non-broken one. If I’d ignored this, not only would I be down a monitor, I’d have just assumed the entire product category - of which there seems to be only a single supplier (16” 2880x1800 AMOLED monitors that match up perfectly to 27” 5K monitors when placed in portrait mode) simply wasn’t workable with my setup for whatever reason.
My dentist recently called to reschedule an appointment. I could have insisted that I call them back, but that just wastes everyone’s time for a conversation that has no real scam potential.
Can anyone really fall for a scam? I'm not particularly smart or wealthy and I've never fallen for a scam despite numerous attempts. Maybe I've just gotten lucky but scams seem quite easy to avoid.
(I have had a few fraudulent charges on my credit cards but I don't really consider those to be scams and they're easy to resolve.)
Yes. Anyone can be gotten with the right bait. Most people are never targeted and there's a lot of things that mitigate spray-n-pray attacks, but when it comes down to it, human cognition just has some fundamental exploitable weaknesses. It doesn't really have anything to do with intelligence.
For example, we're insanely good at pattern matching, but the flip side to that is we're not effective at spotting the rare subtle difference.
At the risk of accidentally demonizing the poor, I remember reading a think piece that could be summarized as “morals/ethics are a luxury only the rich can afford.” The gist is that if you can’t afford to quit your job on the spot and not worry about paying rent this month, you will always be victim to your boss’s unethical actions lowering your ethical standards.
As an engineer, I have frequently challenged myself to empathize with the VW emissions scandal engineers, who were pressured to meet unrealistic emissions and deadlines. The managers didn’t have to explicitly tell them to build emissions testing defectors — they came up with that as an engineering solution to the requirements they were given. I ask myself: at what point would you have quit, and hopefully told the authorities?
Also more recent example is the staff of the submarine that went down to the site of the Titanic and imploded. The CEO was apparently an unbelievable bully and took extraordinary risks, but the staff didn’t quit. One of them was a Scottish immigrant who moved his whole family to take the job. He was also worried about being blacklisted from the entire private sector submarine industry. There was a lot of friction to being able to exercise his highest ethical standards.
Thailand is more or less at war with Cambodian war lords, who have tens of thousands of poor English speakers from around the world living in captivity, their passports taken away, running long term scams over the internet. When they have no money and no power to run, is it fair to blame the low level scammers for having fallen for a job scam months or years ago?
The more financial pressure you are under, the more likely you are to tolerate an unethical environment.
Always seemed to me that the correct response to this scam is to recruit everyone you know to go through just the first step of the scam and then quit while they’re ahead. Like taking a casino’s offer of free food and then leaving without gambling.
IIRC they chat group was using LINE, where the scammers can delete messages / kick people at will. So more people joining just to make a few bucks from the initial payout just increases the credibility of the operation.
Also the initial "tasks" the mark performs are worth only like a few USD. not worth anybody's time except for certain types of vulnerable people who not-coincidentally make good victims.
Just an anecdote but this happens in the west too. I literally woke up today to some spam Telegram "job offer" group that was vibrating my phone like crazy. And all of this in my native language of just a few million speakers. I wish I took some screenshots before trashing it, but the messages were just as you described.
Even the best of people can fall for scams. It depends on how much you need the money. No one starts off thinking they are going to be scammed. The design ensures people enter this trap slowly. When people are hesitant they are given a taste of success - the 500%. Some people tap out here. Others want to continue to try their luck. But often they are stopped with reverse psychology that there are no low pay jobs and they need to pitch in more money.
There was a post on HN where someone followed through with a scam like this. It was very weird, the scammer walked the victim through some setup on their computer. They may have actually been selling video views and likes and other social media and advertising engagement fakery ... the process was surprisingly complex and the victim had an account page tracking their activity and payouts.
I was once explaining to someone in the US why transactions in Mexico and Brazil take a tumble and start to be rejected at a much higher rate than usual due to banks being more stringent after 10 PM as its much more likely these would be fraud/scam/crime in general in these countries and they were amazed that this was a thing.
Its sad that these scams are so widespread today that a heavy handed approach like this is necessary. Unfortunately doing these attacks is incredibly cheap :(
It's probably one of the biggest criticism about PIX, the Brazilian method of transferring money: it's too easy. Early on, kidnappers started taking people off the streets and forcing them to transfer all their money, because victims had no choice but to give their password, and there was no limit on the transfer amount.
Criminals always find a way Decades ago, there was a popular activity called "Paseos Millonarios" (More or less, Millionare Rides) where criminals at night picked up a victim coming out of an ATM, and took him to several other ATMs around, everytime drawing non-suspicious amounts of money. The criminals didn't even need the PIN. They neither entered the ATM hut because only the card holder was sent in.
The final solution was disabling the ATM network durimg night, except the ones located in safe places. Showing you are drawing money in a hurry in a lone hut in the night was a bad idea, anyways.
And if you, as a savvy individual, makes yourself immune to a wrench attack, it’s unhelpful if the person hitting you with a wrench doesn’t believe you.
In developing countries, individual ATMs may run out of currency, well before you hit the daily limit. To pay for language school in Ecuador I had to go to multiple ATMs and withdraw as much as they had in each one. Literally every pocket of mine was bulging with paper currency :/
I thought that Ecuador switched to use the US Dollar as their local currency in the year 2000. Was this before the year 2000? Or was your withdraw limit in USD tiny... or was your school bill huge (hardest scenario to believe!)?
Unlimited amount? Sure, I can easily see some non-standard situation where its very beneficial (ie once-a-decade home reconstruction). But only on a limited account having only the amount I don't mind exposing, which normally is very low.
To be honest, in my country I can also transfer all my liquid money (not countings stocks etc) with just my phone. The difference is that i'm not afraid of being kidnapped (it's safe here). And anyway, how much does normal person hold in the cash account? People living month-to-month don't have much anyway, while people with savings usually keep them in stocks/bonds/etc.
That is simply not true. I know people who can have millions in their cash account.
Also sometimes you need to liquidate your money and put it in cash account, for example down payment for an upcoming home purchase.
I once wired som money to an acquaintance in Ethiopia using Western Union. The clerk made sure several times that I knew that I was doing and he was really surprised when learned that I actually personally knew the guy I was transferring money to.
Perhaps similar to the situation where if you block internet traffic from a region or country ... you really do reduce the amount of malicious traffic and attacks an application sees, significantly. To the point that if you can, it's surprisingly effective.
Unfortunately the number of different financial scams is the highest in the world in these countries. US and EU the banks wouldn’t have the capabilities either, it’s simply too much to deal with. You can’t flag everything as fraud.
It’s also a different kind of enemy. The biggest crime organization in Brazil has switched their primary focus from drug running to financial scams. They invest millions and set up legitimate companies with hundreds of employees to facilitate these schemes.
> US and EU the banks wouldn’t have the capabilities either, it’s simply too much to deal with. You can’t flag everything as fraud.
They can certainly try. I’ve had a handful of legit fraud instances on my accounts, banks detecting before I do has been close to a coin flip. On the other hand, I’ve had at least an order of magnitude more false positive detections of fraud.
I've seen bank defending people before with my own eyes. I was at a local branch doing some business and there was an old lady wanting to withdraw something like $50k to "pay a mortgage" or something, it was obvious she was scammed, the bank blocked her transaction and the teller was explaining to her she was scammed, and the old lady was shouting at the teller saying it was her money and they had no right to stop her. That's the thing, a lot of scam victims really don't believe they're scam victims until it's too late, and "it's their money, the bank has no right to stop them".
It's actually one of the hardest forms of crime for state like Singapore to stop - you can police everyone inside the borders of the country extremely effectively, but there's not much you can do against scammers operating out of mainland China apart from trying to stop people falling for it
I live in Thailand, many expat accounts have been closed down, making it very hard to pay bills etc. in the country. That will form part of the 3 million. Huge overreaction that will dent the economy and will no doubt be flip-flopped on in a few months time.
It’s important to note that many of the expat accounts have been closed down due to the laxity of individual bank branches in enforcing their own policies, which were taken advantage of by nefarious actors. Many expats attempt to open bank accounts on tourist visas (which include the recently popular Destination Thailand Visa for digital nomads) without proper identification, and though allowed in the past, is now being restricted. One can argue about the classification of visas and the dissonance between economic goals and immigration policy, but for Thais, this is a long overdue enforcement action especially as it regards to scams targeting an older generation. Yes, it significantly impacts honest expats looking to stay beyond the short-term, but there is a way to doing things in Thailand that requires guests to adapt to their hosts, of which accepting the reality of Thailand’s political situations is an important part.
Foreigners on DTVs are allowed to stay for five years. To prohibit someone living in Thailand for such a long period from opening a bank account - often necessary for paying rent and other necessities - is insane. And sanctimony about "guests adapting to their hosts" doesn't make it any less so.
Thailand doesn't want foreigners holding accounts. They've cranked up the requirements over time. It used to be possible to open an account as a tourist and now you're lucky to be able to get one on any visa that isn't attached to a work permit or PR.
1. The kind that is looking at visiting Thailand as a cheap way to booze, party, smoke weed, and do other stuff. They do not spend enough money to move the needle economically in a country where the majority of the economy is connected to automotive and electronics manufacturing
2. The kind that try to reside in Thailand long term but don't want to file for immigration, so using various loopholes like the "Visa dash" or paying for Thai language classes with no attendance or requirements to attend the class. Lots of drop shippers are doing this and are dodging incorporation taxes in Thailand
3. The kind that come to only train Muay Thai or BJJ, but don't contribute to the rest of the economy (I'm guilty of this). Living and training exclusive at a Fairtex or a Sityodong isn't percolating capital in the rest of Thailand.
All 3 of these types of expats and tourists are barely spending $500/mo in Thailand after rent or hotel spend, and simply don't contribute to the Thai economy to the same degree the other sectors of the economy are. The only reason those 3 types of tourists are tolerated is because the businesses they patronize are overwhelmingly owned by local politicians and give them pocket change, but aren't actually useful from an economic perspective, because it has depressed wages, and exacerbated organized crime.
Heritage and upscale tourism is a separate story, because the premiums that can be demanded and the wages and skills needed incentivize upskilling as well as building a white money local ecosystem.
This is tangential but relevant - Thailand's current fertility rate has fallen to 1, substantially less than Japan even. And this fertility collapse happened long enough that they've already entered into the population decline phase - with accelerating declines over the past 4 years.
It's still the early stages, but Thailand is going to unavoidably be entering into demographic collapse over the coming decades. So tourism, especially when it results in attracting lawful/educated/etc long-term residents, provides more than however much money people can spend.
Of course Thais themselves just need to start having a lot more babies, but it's not looking like that's going to happen. The whole world is going to look so different in 50 years, even if literally nothing whatsoever changed from a technological POV. Fertility issues are going to radically reshape the entire world and the balance of powers, perspectives, even religions, and much more.
1. So what? Are you the kind of guy who wants "quality tourists" and then cries when tourism indicators are down several months in a row?
2. Whose fault is that? Give me a path to residency and I'll happily file taxes there. No one wants to play this game and be treated as a second class citizen.
Also if your visa allows back-to-back entries that's exactly what I'll do. Nowhere does it say that there's a limit, therefore it's not "abuse".
FWIW I really wish I could open shop in Thailand, pay taxes there from my online business and gain visa/residency through it, do it you think it's possible/easy? Nope. Roadblocks at every step.
3. WTF do you want exactly? I'm injecting $500/mo in Thailand, do you prefer 0? This line of thinking is insane.
Anyway $500/mo in Thailand nowadays is basically impossible unless you live in a shack or in the sticks.
> Also if your visa allows back-to-back entries that's exactly what I'll do. Nowhere does it say that there's a limit, therefore it's not "abuse".
Also if the law says you should pay taxes, that's exactly what you should do. Nowhere does it say that there's an exemption for people paying their food and rent ("injecting" $500), therefore you should pay (taxes).
You didn't read my message because that's what I want to do if it was easier (and banks were reliable). Given this news I'll probably continue to not invest in Thailand.
>They do not spend enough money to move the needle economically in a country where the majority of the economy is connected to automotive and electronics manufacturing
Don't sex tourists contribute the most? Fall for the girl, "save her", build a house in Isan, fund her new business, then she ditches him and keeps it all because farang by law limited to 49% equity.
That isn't always a scam actually. A lot of old fa^W men retire and marry a citizen to secure rights to the land under their house. I have seen a lot of that (entire gated communities) and it all seemed long-term and high-commitment and in a good faith. Ones on the younger side of their 60ies mostly have a business of some sort and kids together too.
I don't know how much love is there in these marriages and don't draw any judgement either.
I opened that link expecting to be outraged but instead finding myself sympathetic to their solution.
High value transfers should be subject to additional scrutiny to confirm it’s legitimate.
The hard part is making sure you balance that well enough so that you’re protecting against malaise without the bank then becoming a consumer problem themselves.
It will be interesting to see how well this works.
It does say those were tied to “mules”, so freezing those accounts is the right course of action.
In fact the last thing you want to do is give criminals warning that you’re going to freeze their accounts. I’d imagine that would be extremely counterproductive for everyone bar those criminals.
Believed to be tied to "mules" unless their classification method has zero false positives. If it does have false positives then those non-mules have a right to complain.
Everyone has the right to complain about practically anything they want.
But that doesn’t mean that freezing an account suspected of fraud isn’t the right course of action.
Yeah there’s going to be false positives. However that’s precisely why you freeze the account: to allow you time to follow due process and investigation. If you assumed the process was infallible then you wouldn’t need to freeze the account; you would just skip straight to the punishment and remediation stages ;)
If two people accounts were unjustly frozen (and they have to do some work to unlock them), and at the same time two hundred people life savings were saved, would that be OK with you?
I don't know about them, but there are plenty of ways for law enforcement to get mule account numbers. After all that's the whole point - actual criminals don't have to reveal their own identity, instead they convince a "mule" to (knowingly or not) participate in a crime.
Mr Bob Smith is married to Mrs Alice Smith. The bank has their status as married, which they have been given copies of marriage certificates over and over and over for many years.
Bob works, and Alice is dependant based on Bob's visa.
Bob has an account, Alice has an account, and they also both have credit cards under their own names. Bob and Alice also have joint accounts, where most of the money is, and it is a lot of money, enough that Alice and Bob have "VIP" status at the bank, and they've been good customers for about a decade.
Alice and Bob have recently updated all FATCA, CRS, and whatever other insane bullshit has been asked of them by the bank. Alice and Bob have Thai tax IDs, which the bank also has.
Alice and Bob have cell phones of course, and naturally, the family phones are in the account "Bob Smith"
The bank freezes Alice account.
Alice goes to the bank in person. The bank doesn't unfreeze the account, they demand she change her phone account to be in her name.
Yeah, for real.
Bob isn't happy. He thinks Thais shouldn't rely on these banks and should use cash as much as possible and avoid QR payments as much as possible.
The article is unclear about when the freezings took place, but the sentence starting with "By July" seems to suggest that 3 million is the cumulative total of all the accounts that were frozen from January to July. So it probably wasn't a sudden mass freezing, just constant whack-a-mole.
Article's not an image, it's regular HTML text content. The site just uses some extremely obnoxious JavaScript that blocks text selection, right-clicking, and the view-source and developer tools keyboard shortcuts. The latter is especially pointless since anyone who knows about those features also knows that they can be accessed via the browser menu, which JavaScript can't block.
A browser is a 'User agent', as in it is supposed to act on MY behalf, and things in my intent and benefit. Similar agents are real estate agents, or attorneys as my agent.
So... For something that is MY agent, why are browsers creating, and instituting anti-agent choices against my will?
Barring excuses of "following the spec", I should be able to easily disable my user-agent's execution of said onerous code.
(I'm ignoring this for Google chrome. They're an adtech company, and they won in court as a monopoly. Fuck them.)
Sometimes not being able to select is useful. You can trivially create a user style that overrides user-select: none if you'd like, something that isn't possible in most gui software.
>A browser is a 'User agent', as in it is supposed to act on MY behalf
It's supposed to implement the spec. Why are you and many other people on this site so attached over the wording of "user agent"? It is supposed to mean the software making the request, it doesn't mean anything more than that.
The argument is that the W3C shouldn't have included this feature in the spec, because it (allegedly) prioritizes the interests of publishers who want copy protection over those of end users who want to copy stuff. If true, this would violate the "priority of constituencies" HTML design principle: https://www.w3.org/TR/html-design-principles/#priority-of-co...
"As user-select is a UI convenience mechanism, not a copy protection mechanism, the UA may provide an alternative way for the user to explicitly select the text even when user-select is none.
Note: none is not a copy protection mechanism, and using it as such is ineffective: User Agents are allowed to provide ways to bypass it, it will have no effect on legacy User Agents that do not support it, and the user can disable it through the user style sheet or equivalent mechanisms on UAs that do anyway. Instead, none is meant to make it easier for the user to select the content they want, by letting the author disable selection on UI elements that are not useful to select. Tools such as CSS validators, linters or in-browser developer tools are encouraged to use heuristics to detect and warn against incorrect or abusive usage that would hamper usability or violate common user expectations."
>If true, this would violate the "priority of constituencies"
Not neccessarily. For example, piracy is so harmful that it could still outway the cost to a user even with a multiplier given to the user's cost. For example the user's cost is 10 and the author's cost is 100. Even with a 5x priority for the user, the needs of the author outweigh it.
New customers will be defined as "high-risk" with, a separate classification from "vulnerable" which is for under 15s and over 65s.
The limit for these "high-risk" customers is 50000 baht a day, which is surely going to be inconvenient to deal with if you ever need it, e.g. for medical bills.
Medical bills are usually a lot more reasonable than that in Thailand - we have a competitive healthcare market that’s backstopped by a public hospitals and a public
universal healthcare system.
High value transfer is relative to the person making it. For some people, moving $1k-$5k daily is as normal as it is for a college kid moving $10-$50 daily. Then for some people $10k-$50k is the norm.
They’re trying to reduce non-technical people or elder scams and fraud.
A scam network takes over phones, tricks people on friends lists to follow directions so their phone can be remotely controlled (Apple and Android). Then the cycle repeats and they try to drain bank accounts in the process.
Thailand is placing 50k maximums for digital transfers then adjusting over time based on … 50k baht = $1,575 USD
In Denmark I have a daily on my bank account of 50,000 dkr - about 8,000 usd. If I want to do a money transfer larger than that I have to call my bank and answer a bunch of questions to verify my identity.
If somebody held a gun to your head, is there a wayto answer the questions differently such that the money transfer is faked? I doubt so, so it's quite similar. I guess it's harder to talk under duress.
Any idea what triggered this in Southeast Asia? I think Vietnam just did the same thing with over 80M accounts. Seems like the IMF accused them all of harboring mass money laundering or offshoring schemes?
I wonder in the crypto based future if there will be any safeguards to avoid scams and fraud. Instant settlement is not a good thing for me, Ideally any transaction over $1000 should take a week and can be cancelled. Transactions over $100k I'd like to go to a physical location and prove my identity.
In many cryptocurrencies, you can cancel a transaction before the first confirmation by paying a (relatively) small fee. Your other points defeat the purpose of most crypto, though.
> Transactions that are computationally impractical to reverse would protect sellers from fraud, and routine escrow mechanisms could easily be implemented to protect buyers.
Emphasis added.
It is conceptually possible to create a crypto "credit card". But given that existing transactions are already slow, expensive, and complicated to integrate - I can't see it being attractive.
There's also the issue of trust. Escrow merchants need to be highly-trusted by both sides. They also need regulation and insurance. Those things are all in short-supply in cryptoland.
Escrow doesn't magically solve the problem, a way to mediate disputes would be required. That probably will fail in very similar ways to the way the systems we have today fail.
Exactly, this is all entirely possible technically while remaining decentralised, the issue is fundamentally this is really a human problem not a technical one
Of course, if the sender can cancel transactions at their discretion, that enables another class of frauds. The solution has to lie in some trusted centralized party outside the payment system [0]. Chia can't solve this. A banking system and legal system can.
[0] Goharshady, A. K. (2021). Irrationality, Extortion, or Trusted Third-parties: Why it is Impossible to Buy and Sell Physical Goods Securely on the Blockchain (arXiv:2110.09857). http://arxiv.org/abs/2110.09857
Vaults are a proposed Bitcoin construct that allow you to have similar features. In order to work, it requires some breaking changes which may or may not ever happen.
> Bank of Thailand (BOT) will meet with commercial banks and the Anti-Online Scam Operations Centre (AOC) on Monday to address growing complaints about the wrongful freezing of bank accounts.. after small retailers and individuals reported being abruptly cut off from their funds without warning or recourse.. Assistant BOT Governor.. acknowledged that current procedures for identifying and freezing suspected “mule accounts” need refinement to prevent harming innocent customers. Many account holders have taken to social media to express frustration over being unable to access their money or conduct business after transfers from unknown sources triggered automated freezes.
What's the real reason? Fraud has been around forever now. How is it that people were able to create so many mule accounts in the first place? What sort of KYC was going on? Why start limiting bank accounts without warning?
So many questions...
Update: my Thai friend just wrote me this:
"Not in trouble, it's the Chinese and Russians money laundering. Every Russian has had their accounts suspended, this was about half a year ago, now they are slowly doing the Chinese and Brits too. Vietnam is not much better, also suspending all foreigners accounts until you can prove you have a trc here."
> How is it that people were able to create so many mule accounts in the first place? What sort of KYC was going on?
They pay a low-income/no-income person a small fee (possibly monthly) to let them borrow their account. Sadly, people who would fall into this are not hard to find in Thailand.
> What sort of KYC was going on?
There are accounts that are grandfathered in and don’t require KYC but have been able to access online banking, etc. Mine is such, and my bank (BAY) is discontinuing that particular loophole at the end of this month. (I'm in Thailand right now to do this KYC, despite having not come back here for the last 6 years.)
Many tourists from Hong Kong/China/Taiwan were kidnapped from Thailand to work in scam centres in Cambodia, to the point it gave Thailand a bad name and affected their tourism income
I remember opening a bank account in a green one, while being on a tourist visa. Don't remember how they even established my address or anything beyond basic id. No real followup on source of funds or anything either. Wire comes in, cash goes out, nobody asks questions. It wasn't even before 9/11, it was 2015.
Thailand’s a very good place to get money out of you’re foreign organized crime in general - the fig leaf of “I’m buying an usually expensive condo/villa/yacht” is a good excuse.
We've been having a similar fraud issue here in South Korea as well. These criminals call vulnerable people, impersonate bankers or government officials, and social-engineer them into trasferring money. Some even pretend to have kidnapped your child, play AI-generated voice of a sobbing kid, and demand ransom.
Fraud has always been around, but I think a few recent developments have exacerbated the problem. KYC has been relaxed a lot since Covid, so you can open a whole bunch of accounts with just an image of an ID card. Lots of elderly people now have access to mobile banking, so they don't have to visit a physical branch where a clerk can flag suspicious transfer requests.
Bank accounts in South Korea now start with a daily transfer limit of 1 million won (about $700), even lower than the 50k bhat limit that the Thai government has instituted.
KK Park – a vast, heavily guarded complex stretching for 210 hectares (520 acres) along the churning Moei River that forms Myanmar’s border with Thailand.. with its on-site hospital, restaurants, bank and neat lines of villas with manicured lawns, looks more like the campus of a Silicon Valley tech company than what it really is: the frontline of a multibillion-dollar criminal fraud industry fuelled by human trafficking and brutal violence.. Myanmar, Cambodia and Laos have in recent years become havens for transnational crime syndicates running scam centres such as KK Park, which use enslaved workers to run complex online fraud and scamming schemes that generate huge profits.
China's Silk Road ends in Sihanoukville Cambodia. If you've ever been there, you've seen the eco-devastation and utter disregard for human life along the entire road.
Does "MM" usually stand for "million"? In German we have "Millionen" and then "Milliarden", but in English that is "Billion", so "MM" cannot stand for "Milliarden" either. And "Mega" already is *10^6, but only has 1 "M". So at first naturally I read "Million Million", but then thought: "What? There is no way they have that many accounts!"
It is a very confusing way to write the number and no explanation seems to fit, other than "There is a second 'M' to avoid clash with the company name '3M'.". Is that the explanation?
To represent one million in finance, the abbreviation “MM” is widely used. This notation originates from “mille mille,” meaning “thousand thousands” in Latin, equating to one million. This clarity makes “MM” a preferred choice in financial statements and reports.
I feel like the mille notation might have been usable before trillions started getting thrown around. Nowadays, k, M, B, and T seem like clearer suffixes than M, MM, MMM, and MMMM.
I’m in finance and exclusively use the M and K to reference millions and thousands. Everyone says the MM is more accurate and I get that from a Roman numeral perspective it may be (if you ignore that it actually means 2000), yet I’ve never once encountered anyone using M as a thousand in the writing or reading of financial figures. I think it’s primarily a financial news, journalism/writing style, I rarely see it in business at all. Sometimes I see MM from the PE/banker guys and that’s about the only time I see it IRL.
Ok, I see where the "actually 2000" misconception would come from. A mile is 2000 steps, and "mile" comes from "mille".
But "mille" means 1000. Specifically, it was the distance covered by 1000 paces from a marching Roman soldier. It's more consistent to measure paces than steps in the face of left/right asymmetries, so it's the unit implied when you just say you're marching 1000.
MM literally translates to 2000 in Roman numerals and Roman numerals is always the reason provided for why MM is used for millions. I don’t see where mille or it’s history of steps gets into the picture at all, unless it’s the real reason for MM being million and everyone’s explanation is just wrong (they effectively don’t know why they’re using MM).
It still kind of reasons that if the idea for MM is to be more precise/clear than M, they’ve not done a very good job picking a clearer abbreviation.
SI prefixes should always be preferred, as they're more widely understood and have consistency, but finance bros use M for "mille" instead, meaning thousand, when they should use K.
The truncated headline is extremely misleading; it makes it sound like they're having a currency crisis, rather than this being an anti-fraud measure. (I'm not finding any indications in other sources that there is a currency crisis or that the anti-fraud rationale is pretextual, though I could have missed something.)
(ETA: HN title has been re-edited, previously didn't have the "to curb fraud" clause.)
When discussing the headline on HN, can you please quote the headline that you are discussing? Headlines are commonly edited by mods without any history, so it's hard to tell if you're discussing the current headline or something else.
That’s not only closure, that’s global currency control. Every account is now subjected to a transfer limit.
Even if the anti-fraud motif is genuine, that’s a pretty extreme amount of control. Not that it’s in any way strange coming from Thailand. Foreign exchange and capital inflow and outflow are already controlled.
> Assistant [Bank of Thailand] Governor.. acknowledged that current procedures for identifying and freezing suspected “mule accounts” need refinement to prevent harming innocent customers. Many account holders have taken to social media to express frustration...
It’s definitely open to confusion but generally if you already known that abbreviation exists then one can usually deduce how to interpret that abbreviation from the context of the sentence. In this case, it’s a financial headline so I assumed it was “million”.
The abbreviation “M” for million can lead to confusion in finance. Historically, “M” derives from the Latin word “mille,” meaning “thousand.” As such, it has traditionally been used in some accounting or construction contexts to denote a thousand. For example, $5M could historically represent $5,000, creating ambiguity.
To represent one million in finance, the abbreviation “MM” is widely used. This notation originates from “mille mille,” meaning “thousand thousands” in Latin, equating to one million. This clarity makes “MM” a preferred choice in financial statements and reports.
Other abbreviations for million, such as “mn” or “mln,” are also encountered.. The Financial Times, for example, adopted “mn” for millions to improve accessibility for text-to-speech software. While these alternatives exist, “MM” remains a prevalent and widely understood abbreviation for million in American finance.
> Over the past two weeks, Indonesia has been rocked by some of the most widespread unrest in recent memory, with mass demonstrations erupting across Jakarta and other major cities. The protests are the result of long-running economic strain, political discontent, and public outrage at perceived elite entitlement.
Its basically a worldwide proletariat uprising against the elite. And the current article hits people in the pocketbooks. And any protestors who are gaining popularity will undoubtedly be in those 3 million accounts blocked.
I'm relieved to see another educated person doing this.
It's gotten worse for me lately, where I keep mixing up train stations and locations with similar names or characteristics, so I can totally imagine hearing Thailand and thinking about Indonesia instead.
I know of a Thai person who fell for an "e-work" scam over the last year.
The hook was that you pre-pay some amount, do some trival work, then get like 500% return on your "investment". So they filter+train their mark by having them sign up for whatever financial transfer workflow, and figure out how gullable they are by giving them some payouts. A big part of this is some chat-group where lots of other fake-workers post comments saying how nervious/risky it seems and how sometimes the payment is delayed but they all eventually get paid. Eventually they let the mark sign up for some high-value amount, like equivalent of a few thousand USD. When the mark doesn't get paid, they contact the "technical support" team that then tries to social engineer the victim to loose even more money transferring funds the wrong direction (the scammers picked financial apps that make this mistake easiest).
I kind of find it unbelievable that people fall for this stuff, but the obvious proof is that enough people do :(
> I kind of find it unbelievable that people fall for this stuff
I remember reading a headline that being poor is equivalent to losing about 5 IQ points. Don’t know how true that is, but my intuition tells me that most people financially struggle, spend a lot of extra time worrying about money, and in general act a little more desperate and would be a little more aware/skeptical if their stress + financial situation allowed it.
After a few years working in cybersecurity, I viewed EVERYTHING through the lens of “is someone lying to me?”. Emails, text messages, downloading software from a website/App Store, job offers, investment opportunities, etc.the surface area is limitless. There’s exactly zero chance that even an experienced professional with excellent eyesight, who reads up on the newest scams, who doesn’t have lots of family / social events to care for, etc will never get hacked/scammed.
Even in the cybersecurity industry, almost all companies have abandoned the idea that there will never be a breach, and have moved towards thinking about resiliency, where any breaches that do happen are minimized or closed quickly/automatically.
That’s a lot of words to say: even though I thought I would never get scammed, once I spent more time educating myself about how it happens, it seems obvious to me that scams work a percentage of the time and the scale of attempts is enormous.
> is someone lying to me?”. Emails, text messages, downloading software from a website/App Store
And incredibly, someone usually is. Most software download sites have so many UI elements saying "Download", on their downloads page, but only one of them is the legit software you want, and others are some random software that paid money to the website to be there to... probably try to get themselves installed and scam you some more.
I just checked the Google "play" store: searching for "Temu" (I know, dumb, but there was an ad on the main screen of the store), in the page of search results, the first install button is for the sponsored Alibaba app...
Even billion dollar businesses are... trying to scam you. "Don't be evil" no more indeed.
PS "full self-driving", also a scam..
I think the subtext of what I wrote in that paragraph was about the additional cognitive load of having to worry about every little action. For most people who are less informed about scams/cybersecurity, there is a lower cognitive load tax on their mind/attention (but that lower cognitive load results in less skepticism and more susceptibility to scams). Or put another way, the heuristics they use are at a different point on the tradeoff curve between effort/resources and accuracy.
> I remember reading a headline that being poor is equivalent to [...]
Some government forms and processes for poor people assistance I've seen (and I imagine that forms and processes for new immigrants may be similar)... some of it is insanely kafkaesque, implemented with incompetence/indifference in both official communications/documentation, and sometimes on an individual human representative basis, with the effect of making no sense at all.
So I'm not at all surprised if someone who doesn't understand how some category of things works in reality, is easily tricked into believing a scam. Because the scammer is no more ridiculous than some of the official government bureaucracy they've been subjected to.
(BTW, I'm not anti-government. I support what some would call "big government". I'm only horrified at how poorly done it sometimes gets in the details. I know that, when it is done poorly, it is going to have very real negative effects on people's lives, including on the least powerful. I believe in good, big government.)
> Some government forms and processes for poor people assistance I've seen (and I imagine that forms and processes for new immigrants may be similar)... some of it is insanely kafkaesque
There's little political pressure to make it easier, and constant worries about "fraud" by claimants, or means-testing, which is turned into adding more and more fields to the form.
I’m convinced that some of those Byzantine rules are underhanded ways to destroy the usefulness of the welfare system. Politicians actively use what is called a “poison pill” to make legislation unpalatable; there’s no reason they can’t actually poison a welfare system they don’t want to exist.
There are two primary things that cause this to happen in reality.
The first is that politicians want to get credit for creating the program, but also don't want it to cost a lot of money. Their incentive is to create a program that sounds good but does and therefore costs as little as possible. But making it obvious that it doesn't do much compromises the "sounds good" requirement, so instead they make a bunch of complicated rules and barriers that keep the price tag low but in a way which is difficult to understand. Relatedly, the people administering the programs are often under orders to accept some particular number or proportion of claims, again for budgetary reasons, and then if there are too many they have to start fabricating barriers themselves.
The second is that there is no accountability mechanism. Some majority of voters support the idea of the program, but they've been assured that it was created and exists and have no idea what a mess it is, and only a small minority are recipients. So if things are unintentionally broken, they don't get fixed, because the majority isn't aware of the problem and that's the only thing that gets politicians to address it.
It's not because of politicians opposed to the program. If politicians opposed to the program have a controlling majority then they simply repeal it. It's the politicians who support the (pretense of) the program who screw it up.
This is one of the reasons why complicated systems with many overlapping benefits each with their own application process and phase out rates are so ineffective, and the better way to address this is with simple direct transfer payments like expanding the EITC or a negative income tax.
> After a few years working in cybersecurity, I viewed EVERYTHING through the lens of “is someone lying to me?”
Oh thank you for highlighting that, I've had some instance where I'd suddenly have the urgent feeling that something I'm experiencing is a hoax and I couldn't tell why this suddenly surfaced back then, but I guess years of exposure to security does that to one.
I think initially I did it because I had high network privileges in my position at a company which had an immense amount of sensitive data on important companies. Kind of a deep thought exercise to be hyper vigilant in my position of responsibility.
Later, I think I stretched the thought exercise to start identifying new business opportunities (trying to find value in protecting against each of those things I identified).
At the same time I grew “professionally paranoid”, I was learning about epistemology and skepticism (to try to understand the cultural and political changes of the last decade). It’s been a wild ride.
> I remember reading a headline that being poor is equivalent to losing about 5 IQ points.
Poor people also spend a lot of time using cash equivalents rather than credit.
There is a big advantage to using credit. For example, I don't worry too much about fraud on my credit card as the reversibility means that the banking system is taking care of it. If a suspicious transaction hits my ATM card, the bank absolutely jumps on it since it simply doesn't match my patterns of usage.
On the other hand, if you are using your ATM card or cash transfer apps all the time, you're a ripe target for getting scammed. The protections are much weaker and the reversibility (if any) is much worse.
This doesn't even get into the fact that, as a poor person, the people you are transacting with are also stuck in the same system for various reasons of various levels of dubiousness.
exactly this. anyone - regardless of who they are - can fall for a scam. and for exact reason stated in your last sentence!
A few years ago, I wrote a blog post about my approach to risk management[0].
I generally look at risk as a two-dimensional graph, with the axes being Probability and Severity, and the action strategies as being Prevention, Mitigation, and Remedy.
If we get realistic about likelihood and impact, we can figure out how to reduce the damage.
One trick a wealthy friend of mine uses, is keeping a small checking account, that he fills with just enough cash from his brokerage, so that even if his cards/accounts get pwned, he can't lose that much.
[0] https://littlegreenviper.com/risky-business/
I have followed one simple principle for the last 16 years and have been incident-free. The communication with every business I am affiliated with in any way is one-way - I contact them. I never answer any calls or texts and I never answer any emails. no exceptions. It is amazing how much this simple rule just works. To fall for most scams you have to make a mistake which almost always involves you getting something, call, text, email…
This is one of the best heuristics (because it’s such an short+easy to memorize). I learned it from my mother who is kinda low tech, but understood risk.
But ultimately, it’s a heuristic and is imperfect.
One example thing which bypasses weakness to this heuristic: when you import a programming language library or a “curl pipe bash”: how much research do you do to verify the authenticity of the library, the security of the package and contributors, that you didn’t typo and accidentally install a lookalike malware, etc? And then every time you take an action which updates the same thing, are you equally as rigorous and vigilant as the first time?
It seems like no exceptions would just make life needlessly difficult for me.
I just received a monitor at no-cost because the first one I bought had a hardware defect - the company didn’t respond to my attempt to contact them, so I returned it to amazon and left an accurate review. The seller followed up and sent me a non-broken one. If I’d ignored this, not only would I be down a monitor, I’d have just assumed the entire product category - of which there seems to be only a single supplier (16” 2880x1800 AMOLED monitors that match up perfectly to 27” 5K monitors when placed in portrait mode) simply wasn’t workable with my setup for whatever reason.
My dentist recently called to reschedule an appointment. I could have insisted that I call them back, but that just wastes everyone’s time for a conversation that has no real scam potential.
Also applies to computers: no open inbound ports, and outbound only to known destinations.
Can anyone really fall for a scam? I'm not particularly smart or wealthy and I've never fallen for a scam despite numerous attempts. Maybe I've just gotten lucky but scams seem quite easy to avoid.
(I have had a few fraudulent charges on my credit cards but I don't really consider those to be scams and they're easy to resolve.)
Yes. Anyone can be gotten with the right bait. Most people are never targeted and there's a lot of things that mitigate spray-n-pray attacks, but when it comes down to it, human cognition just has some fundamental exploitable weaknesses. It doesn't really have anything to do with intelligence.
For example, we're insanely good at pattern matching, but the flip side to that is we're not effective at spotting the rare subtle difference.
Being average makes it easier, because nobody's specifically targeting you using information scammed out of your less canny family or coworkers.
Different take:
At the risk of accidentally demonizing the poor, I remember reading a think piece that could be summarized as “morals/ethics are a luxury only the rich can afford.” The gist is that if you can’t afford to quit your job on the spot and not worry about paying rent this month, you will always be victim to your boss’s unethical actions lowering your ethical standards.
As an engineer, I have frequently challenged myself to empathize with the VW emissions scandal engineers, who were pressured to meet unrealistic emissions and deadlines. The managers didn’t have to explicitly tell them to build emissions testing defectors — they came up with that as an engineering solution to the requirements they were given. I ask myself: at what point would you have quit, and hopefully told the authorities?
Also more recent example is the staff of the submarine that went down to the site of the Titanic and imploded. The CEO was apparently an unbelievable bully and took extraordinary risks, but the staff didn’t quit. One of them was a Scottish immigrant who moved his whole family to take the job. He was also worried about being blacklisted from the entire private sector submarine industry. There was a lot of friction to being able to exercise his highest ethical standards.
Thailand is more or less at war with Cambodian war lords, who have tens of thousands of poor English speakers from around the world living in captivity, their passports taken away, running long term scams over the internet. When they have no money and no power to run, is it fair to blame the low level scammers for having fallen for a job scam months or years ago?
The more financial pressure you are under, the more likely you are to tolerate an unethical environment.
Always seemed to me that the correct response to this scam is to recruit everyone you know to go through just the first step of the scam and then quit while they’re ahead. Like taking a casino’s offer of free food and then leaving without gambling.
IIRC they chat group was using LINE, where the scammers can delete messages / kick people at will. So more people joining just to make a few bucks from the initial payout just increases the credibility of the operation.
Also the initial "tasks" the mark performs are worth only like a few USD. not worth anybody's time except for certain types of vulnerable people who not-coincidentally make good victims.
Just an anecdote but this happens in the west too. I literally woke up today to some spam Telegram "job offer" group that was vibrating my phone like crazy. And all of this in my native language of just a few million speakers. I wish I took some screenshots before trashing it, but the messages were just as you described.
Even the best of people can fall for scams. It depends on how much you need the money. No one starts off thinking they are going to be scammed. The design ensures people enter this trap slowly. When people are hesitant they are given a taste of success - the 500%. Some people tap out here. Others want to continue to try their luck. But often they are stopped with reverse psychology that there are no low pay jobs and they need to pitch in more money.
There was a post on HN where someone followed through with a scam like this. It was very weird, the scammer walked the victim through some setup on their computer. They may have actually been selling video views and likes and other social media and advertising engagement fakery ... the process was surprisingly complex and the victim had an account page tracking their activity and payouts.
I was once explaining to someone in the US why transactions in Mexico and Brazil take a tumble and start to be rejected at a much higher rate than usual due to banks being more stringent after 10 PM as its much more likely these would be fraud/scam/crime in general in these countries and they were amazed that this was a thing.
Its sad that these scams are so widespread today that a heavy handed approach like this is necessary. Unfortunately doing these attacks is incredibly cheap :(
It's probably one of the biggest criticism about PIX, the Brazilian method of transferring money: it's too easy. Early on, kidnappers started taking people off the streets and forcing them to transfer all their money, because victims had no choice but to give their password, and there was no limit on the transfer amount.
Criminals always find a way Decades ago, there was a popular activity called "Paseos Millonarios" (More or less, Millionare Rides) where criminals at night picked up a victim coming out of an ATM, and took him to several other ATMs around, everytime drawing non-suspicious amounts of money. The criminals didn't even need the PIN. They neither entered the ATM hut because only the card holder was sent in.
The final solution was disabling the ATM network durimg night, except the ones located in safe places. Showing you are drawing money in a hurry in a lone hut in the night was a bad idea, anyways.
Many highly-sophisticated technical solutions are still vulnerable to the "wrench attack". https://xkcd.com/538/
Unfortunately, whenever governments try to solve the wrench attack, they do so by removing the end user's control over their own stuff.
And if you, as a savvy individual, makes yourself immune to a wrench attack, it’s unhelpful if the person hitting you with a wrench doesn’t believe you.
Daily limit for ATM withdrawals exists in New Zealand (NZD2000 I think).
Why did they visit multiple ATMs?
In developing countries, individual ATMs may run out of currency, well before you hit the daily limit. To pay for language school in Ecuador I had to go to multiple ATMs and withdraw as much as they had in each one. Literally every pocket of mine was bulging with paper currency :/
I thought that Ecuador switched to use the US Dollar as their local currency in the year 2000. Was this before the year 2000? Or was your withdraw limit in USD tiny... or was your school bill huge (hardest scenario to believe!)?
Yes, but the Central Bank of Brazil caught up quickly.
Unlimited amount? Sure, I can easily see some non-standard situation where its very beneficial (ie once-a-decade home reconstruction). But only on a limited account having only the amount I don't mind exposing, which normally is very low.
>it's too easy
To be honest, in my country I can also transfer all my liquid money (not countings stocks etc) with just my phone. The difference is that i'm not afraid of being kidnapped (it's safe here). And anyway, how much does normal person hold in the cash account? People living month-to-month don't have much anyway, while people with savings usually keep them in stocks/bonds/etc.
That is simply not true. I know people who can have millions in their cash account. Also sometimes you need to liquidate your money and put it in cash account, for example down payment for an upcoming home purchase.
I once wired som money to an acquaintance in Ethiopia using Western Union. The clerk made sure several times that I knew that I was doing and he was really surprised when learned that I actually personally knew the guy I was transferring money to.
Woah we found him guys! The one legit user of Western Union.
Perhaps similar to the situation where if you block internet traffic from a region or country ... you really do reduce the amount of malicious traffic and attacks an application sees, significantly. To the point that if you can, it's surprisingly effective.
To me it suggests they don't have the technical- and financial means to detect fraud.
Unfortunately the number of different financial scams is the highest in the world in these countries. US and EU the banks wouldn’t have the capabilities either, it’s simply too much to deal with. You can’t flag everything as fraud.
It’s also a different kind of enemy. The biggest crime organization in Brazil has switched their primary focus from drug running to financial scams. They invest millions and set up legitimate companies with hundreds of employees to facilitate these schemes.
> US and EU the banks wouldn’t have the capabilities either, it’s simply too much to deal with. You can’t flag everything as fraud.
They can certainly try. I’ve had a handful of legit fraud instances on my accounts, banks detecting before I do has been close to a coin flip. On the other hand, I’ve had at least an order of magnitude more false positive detections of fraud.
Three things need to change to reduce it:
1. Banks need to own the risk, not the customer 2. Banks need to spend to defend 3. Laws need to make organized fraud catastrophically criminal.
There is a reason Singapore does not have this problem.
Who the hell told you Singapore doesn't have this problem? It took me 5 seconds to find this reporting from 2022 https://www.straitstimes.com/singapore/courts-crime/the-pig-...
> It hit a record high last year, with $190.9 million stolen in such scams, more than five times the $36.9 million lost in 2019.
Can't find more recent concrete figures in a minute or two but their police are busting balls through international collaboration in 2025 so they must have a big problem still: https://therecord.media/asia-scam-center-takedowns-singapore...
I've seen bank defending people before with my own eyes. I was at a local branch doing some business and there was an old lady wanting to withdraw something like $50k to "pay a mortgage" or something, it was obvious she was scammed, the bank blocked her transaction and the teller was explaining to her she was scammed, and the old lady was shouting at the teller saying it was her money and they had no right to stop her. That's the thing, a lot of scam victims really don't believe they're scam victims until it's too late, and "it's their money, the bank has no right to stop them".
Singapore definitely does have this problem, there are police/government warnings against scams and fraud plastered everywhere.
It's actually one of the hardest forms of crime for state like Singapore to stop - you can police everyone inside the borders of the country extremely effectively, but there's not much you can do against scammers operating out of mainland China apart from trying to stop people falling for it
[dead]
I live in Thailand, many expat accounts have been closed down, making it very hard to pay bills etc. in the country. That will form part of the 3 million. Huge overreaction that will dent the economy and will no doubt be flip-flopped on in a few months time.
It’s important to note that many of the expat accounts have been closed down due to the laxity of individual bank branches in enforcing their own policies, which were taken advantage of by nefarious actors. Many expats attempt to open bank accounts on tourist visas (which include the recently popular Destination Thailand Visa for digital nomads) without proper identification, and though allowed in the past, is now being restricted. One can argue about the classification of visas and the dissonance between economic goals and immigration policy, but for Thais, this is a long overdue enforcement action especially as it regards to scams targeting an older generation. Yes, it significantly impacts honest expats looking to stay beyond the short-term, but there is a way to doing things in Thailand that requires guests to adapt to their hosts, of which accepting the reality of Thailand’s political situations is an important part.
Foreigners on DTVs are allowed to stay for five years. To prohibit someone living in Thailand for such a long period from opening a bank account - often necessary for paying rent and other necessities - is insane. And sanctimony about "guests adapting to their hosts" doesn't make it any less so.
> will no doubt be flip-flopped on in a few months time
As emergency measures usually are.
Sounds like a feature not a bug.
Thailand doesn't want foreigners holding accounts. They've cranked up the requirements over time. It used to be possible to open an account as a tourist and now you're lucky to be able to get one on any visa that isn't attached to a work permit or PR.
[flagged]
Can you elaborate on the kind of expats that are undesirable? I don't know what specific types of people you might be referring to
1. The kind that is looking at visiting Thailand as a cheap way to booze, party, smoke weed, and do other stuff. They do not spend enough money to move the needle economically in a country where the majority of the economy is connected to automotive and electronics manufacturing
2. The kind that try to reside in Thailand long term but don't want to file for immigration, so using various loopholes like the "Visa dash" or paying for Thai language classes with no attendance or requirements to attend the class. Lots of drop shippers are doing this and are dodging incorporation taxes in Thailand
3. The kind that come to only train Muay Thai or BJJ, but don't contribute to the rest of the economy (I'm guilty of this). Living and training exclusive at a Fairtex or a Sityodong isn't percolating capital in the rest of Thailand.
All 3 of these types of expats and tourists are barely spending $500/mo in Thailand after rent or hotel spend, and simply don't contribute to the Thai economy to the same degree the other sectors of the economy are. The only reason those 3 types of tourists are tolerated is because the businesses they patronize are overwhelmingly owned by local politicians and give them pocket change, but aren't actually useful from an economic perspective, because it has depressed wages, and exacerbated organized crime.
Heritage and upscale tourism is a separate story, because the premiums that can be demanded and the wages and skills needed incentivize upskilling as well as building a white money local ecosystem.
This is tangential but relevant - Thailand's current fertility rate has fallen to 1, substantially less than Japan even. And this fertility collapse happened long enough that they've already entered into the population decline phase - with accelerating declines over the past 4 years.
It's still the early stages, but Thailand is going to unavoidably be entering into demographic collapse over the coming decades. So tourism, especially when it results in attracting lawful/educated/etc long-term residents, provides more than however much money people can spend.
Of course Thais themselves just need to start having a lot more babies, but it's not looking like that's going to happen. The whole world is going to look so different in 50 years, even if literally nothing whatsoever changed from a technological POV. Fertility issues are going to radically reshape the entire world and the balance of powers, perspectives, even religions, and much more.
Hate to see this thinking, even more so on HN.
1. So what? Are you the kind of guy who wants "quality tourists" and then cries when tourism indicators are down several months in a row?
2. Whose fault is that? Give me a path to residency and I'll happily file taxes there. No one wants to play this game and be treated as a second class citizen.
Also if your visa allows back-to-back entries that's exactly what I'll do. Nowhere does it say that there's a limit, therefore it's not "abuse".
FWIW I really wish I could open shop in Thailand, pay taxes there from my online business and gain visa/residency through it, do it you think it's possible/easy? Nope. Roadblocks at every step.
3. WTF do you want exactly? I'm injecting $500/mo in Thailand, do you prefer 0? This line of thinking is insane.
Anyway $500/mo in Thailand nowadays is basically impossible unless you live in a shack or in the sticks.
> Also if your visa allows back-to-back entries that's exactly what I'll do. Nowhere does it say that there's a limit, therefore it's not "abuse".
Also if the law says you should pay taxes, that's exactly what you should do. Nowhere does it say that there's an exemption for people paying their food and rent ("injecting" $500), therefore you should pay (taxes).
You didn't read my message because that's what I want to do if it was easier (and banks were reliable). Given this news I'll probably continue to not invest in Thailand.
>They do not spend enough money to move the needle economically in a country where the majority of the economy is connected to automotive and electronics manufacturing
That's incorrect; services represent around 56% of the economy while manufacturing only represents around 35% of the economy: https://www.statista.com/statistics/331893/share-of-economic... .
Don't sex tourists contribute the most? Fall for the girl, "save her", build a house in Isan, fund her new business, then she ditches him and keeps it all because farang by law limited to 49% equity.
That isn't always a scam actually. A lot of old fa^W men retire and marry a citizen to secure rights to the land under their house. I have seen a lot of that (entire gated communities) and it all seemed long-term and high-commitment and in a good faith. Ones on the younger side of their 60ies mostly have a business of some sort and kids together too.
I don't know how much love is there in these marriages and don't draw any judgement either.
> good
???
I opened that link expecting to be outraged but instead finding myself sympathetic to their solution.
High value transfers should be subject to additional scrutiny to confirm it’s legitimate.
The hard part is making sure you balance that well enough so that you’re protecting against malaise without the bank then becoming a consumer problem themselves.
It will be interesting to see how well this works.
They froze tons of accounts without warning, it was not just a matter of setting daily limits
It does say those were tied to “mules”, so freezing those accounts is the right course of action.
In fact the last thing you want to do is give criminals warning that you’re going to freeze their accounts. I’d imagine that would be extremely counterproductive for everyone bar those criminals.
Believed to be tied to "mules" unless their classification method has zero false positives. If it does have false positives then those non-mules have a right to complain.
They used to just kill without trial those believed to be tied to drug deals too.
Everyone has the right to complain about practically anything they want.
But that doesn’t mean that freezing an account suspected of fraud isn’t the right course of action.
Yeah there’s going to be false positives. However that’s precisely why you freeze the account: to allow you time to follow due process and investigation. If you assumed the process was infallible then you wouldn’t need to freeze the account; you would just skip straight to the punishment and remediation stages ;)
If all your money vanished tomorrow you'd have a different argument.
> However that’s precisely why you freeze the account: to allow you time to follow due process
Due process comes before the actions.
What is the threshold?
If two people accounts were unjustly frozen (and they have to do some work to unlock them), and at the same time two hundred people life savings were saved, would that be OK with you?
I don't know about them, but there are plenty of ways for law enforcement to get mule account numbers. After all that's the whole point - actual criminals don't have to reveal their own identity, instead they convince a "mule" to (knowingly or not) participate in a crime.
That's not actually what happened
They did a crackdown where if the name associated with the phone number on the account didn't match the name on the bank account then they froze it
Also they froze most accounts owned by foreigners with specific visas
It really had nothing at all to do with mule activity, they were using blanket heuristics
They froze accounts in this situation:
Mr Bob Smith is married to Mrs Alice Smith. The bank has their status as married, which they have been given copies of marriage certificates over and over and over for many years.
Bob works, and Alice is dependant based on Bob's visa.
Bob has an account, Alice has an account, and they also both have credit cards under their own names. Bob and Alice also have joint accounts, where most of the money is, and it is a lot of money, enough that Alice and Bob have "VIP" status at the bank, and they've been good customers for about a decade.
Alice and Bob have recently updated all FATCA, CRS, and whatever other insane bullshit has been asked of them by the bank. Alice and Bob have Thai tax IDs, which the bank also has.
Alice and Bob have cell phones of course, and naturally, the family phones are in the account "Bob Smith"
The bank freezes Alice account.
Alice goes to the bank in person. The bank doesn't unfreeze the account, they demand she change her phone account to be in her name.
Yeah, for real.
Bob isn't happy. He thinks Thais shouldn't rely on these banks and should use cash as much as possible and avoid QR payments as much as possible.
The article is unclear about when the freezings took place, but the sentence starting with "By July" seems to suggest that 3 million is the cumulative total of all the accounts that were frozen from January to July. So it probably wasn't a sudden mass freezing, just constant whack-a-mole.
I feel that 3 million is a lot even over a six month period. Over 16,000 accounts per day.
If I understand correctly*, they froze 3 million accounts tied to 177K mules.
Couldn't find anything that indicated there was a mass freezing of legitimate accounts, or a singular complaint of an incident of that happening.
* Can't copy paste...is the article an image!?
Article's not an image, it's regular HTML text content. The site just uses some extremely obnoxious JavaScript that blocks text selection, right-clicking, and the view-source and developer tools keyboard shortcuts. The latter is especially pointless since anyone who knows about those features also knows that they can be accessed via the browser menu, which JavaScript can't block.
Or, at least in iOS/macOS, just take a screenshot, then select the text from there.
Very difficult to freeze three million accounts with no false positives.
Here https://news.ycombinator.com/item?id=45241082
> is the article an image!?
I can't check right now, but I'm guessing they set `user-select: none` in CSS.
About that.
A browser is a 'User agent', as in it is supposed to act on MY behalf, and things in my intent and benefit. Similar agents are real estate agents, or attorneys as my agent.
So... For something that is MY agent, why are browsers creating, and instituting anti-agent choices against my will?
Barring excuses of "following the spec", I should be able to easily disable my user-agent's execution of said onerous code.
(I'm ignoring this for Google chrome. They're an adtech company, and they won in court as a monopoly. Fuck them.)
Sometimes not being able to select is useful. You can trivially create a user style that overrides user-select: none if you'd like, something that isn't possible in most gui software.
>A browser is a 'User agent', as in it is supposed to act on MY behalf
It's supposed to implement the spec. Why are you and many other people on this site so attached over the wording of "user agent"? It is supposed to mean the software making the request, it doesn't mean anything more than that.
The argument is that the W3C shouldn't have included this feature in the spec, because it (allegedly) prioritizes the interests of publishers who want copy protection over those of end users who want to copy stuff. If true, this would violate the "priority of constituencies" HTML design principle: https://www.w3.org/TR/html-design-principles/#priority-of-co...
As it happens, the relevant standard actually includes a response to this argument (https://www.w3.org/TR/css-ui-4/#valdef-user-select-none):
"As user-select is a UI convenience mechanism, not a copy protection mechanism, the UA may provide an alternative way for the user to explicitly select the text even when user-select is none.
Note: none is not a copy protection mechanism, and using it as such is ineffective: User Agents are allowed to provide ways to bypass it, it will have no effect on legacy User Agents that do not support it, and the user can disable it through the user style sheet or equivalent mechanisms on UAs that do anyway. Instead, none is meant to make it easier for the user to select the content they want, by letting the author disable selection on UI elements that are not useful to select. Tools such as CSS validators, linters or in-browser developer tools are encouraged to use heuristics to detect and warn against incorrect or abusive usage that would hamper usability or violate common user expectations."
>If true, this would violate the "priority of constituencies"
Not neccessarily. For example, piracy is so harmful that it could still outway the cost to a user even with a multiplier given to the user's cost. For example the user's cost is 10 and the author's cost is 100. Even with a 5x priority for the user, the needs of the author outweigh it.
New customers will be defined as "high-risk" with, a separate classification from "vulnerable" which is for under 15s and over 65s. The limit for these "high-risk" customers is 50000 baht a day, which is surely going to be inconvenient to deal with if you ever need it, e.g. for medical bills.
Medical providers are probably okay with getting paid in 50,000-baht daily installments if necessary?
1 344,17 Euro
Which to me seems entirely reasonable limit. Such transactions are relatively rare.
The article also said that you can apply to make larger transfers and the process gets approved within a few hours (so basically “same day”.
That means unusual payments like home purchases can be approved. But fraud is significantly harder…at least in theory.
Medical bills are usually a lot more reasonable than that in Thailand - we have a competitive healthcare market that’s backstopped by a public hospitals and a public universal healthcare system.
That’s two months of the country median income. I’m pretty sure medical providers will be okay.
That’s mostly annoying for inter accounts movement if you move money around a bit but I think you would get higher capacity if you are concerned.
High value transfer is relative to the person making it. For some people, moving $1k-$5k daily is as normal as it is for a college kid moving $10-$50 daily. Then for some people $10k-$50k is the norm.
They’re trying to reduce non-technical people or elder scams and fraud.
A scam network takes over phones, tricks people on friends lists to follow directions so their phone can be remotely controlled (Apple and Android). Then the cycle repeats and they try to drain bank accounts in the process.
Thailand is placing 50k maximums for digital transfers then adjusting over time based on … 50k baht = $1,575 USD
In Denmark I have a daily on my bank account of 50,000 dkr - about 8,000 usd. If I want to do a money transfer larger than that I have to call my bank and answer a bunch of questions to verify my identity.
If somebody held a gun to your head, is there a wayto answer the questions differently such that the money transfer is faked? I doubt so, so it's quite similar. I guess it's harder to talk under duress.
Meanwhile, SMS 2FA is still the standard for security in Thailand :(
How do you remotely control an iPhone?
It’s a built in feature of FaceTime.
https://support.apple.com/guide/iphone/request-give-remote-c...
eSIM. Been discussed on here. Nothing being done to address it so far as I can see. Eg fake QR code.
RDP? TeamViewer? Jump?
Any idea what triggered this in Southeast Asia? I think Vietnam just did the same thing with over 80M accounts. Seems like the IMF accused them all of harboring mass money laundering or offshoring schemes?
I wonder in the crypto based future if there will be any safeguards to avoid scams and fraud. Instant settlement is not a good thing for me, Ideally any transaction over $1000 should take a week and can be cancelled. Transactions over $100k I'd like to go to a physical location and prove my identity.
In many cryptocurrencies, you can cancel a transaction before the first confirmation by paying a (relatively) small fee. Your other points defeat the purpose of most crypto, though.
The original Bitcoin paper says:
> Transactions that are computationally impractical to reverse would protect sellers from fraud, and routine escrow mechanisms could easily be implemented to protect buyers.
Emphasis added.
It is conceptually possible to create a crypto "credit card". But given that existing transactions are already slow, expensive, and complicated to integrate - I can't see it being attractive.
There's also the issue of trust. Escrow merchants need to be highly-trusted by both sides. They also need regulation and insurance. Those things are all in short-supply in cryptoland.
Escrow doesn't magically solve the problem, a way to mediate disputes would be required. That probably will fail in very similar ways to the way the systems we have today fail.
Exactly, this is all entirely possible technically while remaining decentralised, the issue is fundamentally this is really a human problem not a technical one
With layer 2, probably centralized, payment networks. Layer 1 is too "low level" for most transactions.
These are exactly the types of things Chia is working on, and at least to some degree, are in production.
Of course, if the sender can cancel transactions at their discretion, that enables another class of frauds. The solution has to lie in some trusted centralized party outside the payment system [0]. Chia can't solve this. A banking system and legal system can.
[0] Goharshady, A. K. (2021). Irrationality, Extortion, or Trusted Third-parties: Why it is Impossible to Buy and Sell Physical Goods Securely on the Blockchain (arXiv:2110.09857). http://arxiv.org/abs/2110.09857
It’s amazing watching the crypto folks slowly reinvent the entire banking industry.
Also kinda pointless though.
Eventually you can only solve this by arresting the criminals
With crypto, if you are not using a cold wallet when having a big balance, then the problem exclusively is you.
Vaults are a proposed Bitcoin construct that allow you to have similar features. In order to work, it requires some breaking changes which may or may not ever happen.
September 14th, https://www.thailandnews.co/2025/09/bank-of-thailand-seeks-f...
> Bank of Thailand (BOT) will meet with commercial banks and the Anti-Online Scam Operations Centre (AOC) on Monday to address growing complaints about the wrongful freezing of bank accounts.. after small retailers and individuals reported being abruptly cut off from their funds without warning or recourse.. Assistant BOT Governor.. acknowledged that current procedures for identifying and freezing suspected “mule accounts” need refinement to prevent harming innocent customers. Many account holders have taken to social media to express frustration over being unable to access their money or conduct business after transfers from unknown sources triggered automated freezes.
> Assistant BOT Governor
Good name for an AI agent orchestration framework.
New technocratic control repackage just dropped: "scam losses"
3 million accounts (the original text), not "3M"[1] accounts.
1. https://en.wikipedia.org/wiki/3M
> By July, 3 million accounts have been closed
this wasn't a swift action overnight
they could be blocking this many accounts on a yearly basis just from scam reports at the police station
or more which seems to be the case recently, but not overnight
this is bad article
How about stopping the scam centres in Cambodia altogether
For reference, banks in the United States flag all transactions above $10,000, and repeat transactions that appear to be skirting this threshold.
Also worth thinking about inflation with this one.
The $10,000 figure originated with the 1970 Bank Secrecy Act[1]. Back then, that was a lot of money.
If it had kept up with plain old vanilla government-reported inflation, the number would be closer to $83,000 today[2].
---
[1] https://www.fincen.gov/resources/statutes-and-regulations/ba...
[2] https://www.dollartimes.com/inflation/inflation.php?amount=1...
Big Mac Index suggests more like 30x
Maybe I'm too suspicious but Thailandb is not a democratic country, was recently in an armed conflict. Could there be something more to this?
What's the real reason? Fraud has been around forever now. How is it that people were able to create so many mule accounts in the first place? What sort of KYC was going on? Why start limiting bank accounts without warning?
So many questions...
Update: my Thai friend just wrote me this:
"Not in trouble, it's the Chinese and Russians money laundering. Every Russian has had their accounts suspended, this was about half a year ago, now they are slowly doing the Chinese and Brits too. Vietnam is not much better, also suspending all foreigners accounts until you can prove you have a trc here."
Update2: just saw this on IG… https://www.instagram.com/p/DOZM0ZOkUAy/
May 2025, "Vietnam to close 86M bank accounts for lack of biometric data", 20 comments, https://news.ycombinator.com/item?id=45201549
> How is it that people were able to create so many mule accounts in the first place? What sort of KYC was going on?
They pay a low-income/no-income person a small fee (possibly monthly) to let them borrow their account. Sadly, people who would fall into this are not hard to find in Thailand.
> What sort of KYC was going on?
There are accounts that are grandfathered in and don’t require KYC but have been able to access online banking, etc. Mine is such, and my bank (BAY) is discontinuing that particular loophole at the end of this month. (I'm in Thailand right now to do this KYC, despite having not come back here for the last 6 years.)
Many tourists from Hong Kong/China/Taiwan were kidnapped from Thailand to work in scam centres in Cambodia, to the point it gave Thailand a bad name and affected their tourism income
I remember opening a bank account in a green one, while being on a tourist visa. Don't remember how they even established my address or anything beyond basic id. No real followup on source of funds or anything either. Wire comes in, cash goes out, nobody asks questions. It wasn't even before 9/11, it was 2015.
Thailand’s a very good place to get money out of you’re foreign organized crime in general - the fig leaf of “I’m buying an usually expensive condo/villa/yacht” is a good excuse.
We've been having a similar fraud issue here in South Korea as well. These criminals call vulnerable people, impersonate bankers or government officials, and social-engineer them into trasferring money. Some even pretend to have kidnapped your child, play AI-generated voice of a sobbing kid, and demand ransom.
Fraud has always been around, but I think a few recent developments have exacerbated the problem. KYC has been relaxed a lot since Covid, so you can open a whole bunch of accounts with just an image of an ID card. Lots of elderly people now have access to mobile banking, so they don't have to visit a physical branch where a clerk can flag suspicious transfer requests.
Bank accounts in South Korea now start with a daily transfer limit of 1 million won (about $700), even lower than the 50k bhat limit that the Thai government has instituted.
https://www.theguardian.com/global-development/2025/sep/08/m...
This!
China's Silk Road ends in Sihanoukville Cambodia. If you've ever been there, you've seen the eco-devastation and utter disregard for human life along the entire road.
Great news.
Does "MM" usually stand for "million"? In German we have "Millionen" and then "Milliarden", but in English that is "Billion", so "MM" cannot stand for "Milliarden" either. And "Mega" already is *10^6, but only has 1 "M". So at first naturally I read "Million Million", but then thought: "What? There is no way they have that many accounts!"
It is a very confusing way to write the number and no explanation seems to fit, other than "There is a second 'M' to avoid clash with the company name '3M'.". Is that the explanation?
https://news.ycombinator.com/item?id=45240304#45241147
I feel like the mille notation might have been usable before trillions started getting thrown around. Nowadays, k, M, B, and T seem like clearer suffixes than M, MM, MMM, and MMMM.
For this specific thread, 3MM also disambiguates 3M the company, https://news.ycombinator.com/item?id=45240769
It is to avoid confusing with "M", mīlle -- Latin for "thousand". Quite common in financial world still.
I've worked in trading in NY, London, and Singapore for nearly 20 years and have never seen anyone actually write M to mean "thousands".
"Thousand" is always "k" or "K". "Million" is "M", "MM", "m", "mn", or "mln".
It comes from finance - the rest of us just use "M" for million. I believe it's from Roman numerals (MM = thousand * thousand).
I’m in finance and exclusively use the M and K to reference millions and thousands. Everyone says the MM is more accurate and I get that from a Roman numeral perspective it may be (if you ignore that it actually means 2000), yet I’ve never once encountered anyone using M as a thousand in the writing or reading of financial figures. I think it’s primarily a financial news, journalism/writing style, I rarely see it in business at all. Sometimes I see MM from the PE/banker guys and that’s about the only time I see it IRL.
Ok, I see where the "actually 2000" misconception would come from. A mile is 2000 steps, and "mile" comes from "mille".
But "mille" means 1000. Specifically, it was the distance covered by 1000 paces from a marching Roman soldier. It's more consistent to measure paces than steps in the face of left/right asymmetries, so it's the unit implied when you just say you're marching 1000.
MM literally translates to 2000 in Roman numerals and Roman numerals is always the reason provided for why MM is used for millions. I don’t see where mille or it’s history of steps gets into the picture at all, unless it’s the real reason for MM being million and everyone’s explanation is just wrong (they effectively don’t know why they’re using MM).
It still kind of reasons that if the idea for MM is to be more precise/clear than M, they’ve not done a very good job picking a clearer abbreviation.
The funny thing is, that MM in roman numerals means 2000.
Megameters, naturally
Mm
Just accounting nerds sniping normal people who try to express numbers, smh.
I say we just should go with engineer notation 3e6 is unambiguous. And say 100 million could be simple e8.
SI prefixes should always be preferred, as they're more widely understood and have consistency, but finance bros use M for "mille" instead, meaning thousand, when they should use K.
IIRC it’s Roman numerals for thousand thousands
Actual Roman numeral notation would be M̄. MM is 2000... And well M only came in middle ages. Romans would have used CIↃ...
The truncated headline is extremely misleading; it makes it sound like they're having a currency crisis, rather than this being an anti-fraud measure. (I'm not finding any indications in other sources that there is a currency crisis or that the anti-fraud rationale is pretextual, though I could have missed something.)
(ETA: HN title has been re-edited, previously didn't have the "to curb fraud" clause.)
When discussing the headline on HN, can you please quote the headline that you are discussing? Headlines are commonly edited by mods without any history, so it's hard to tell if you're discussing the current headline or something else.
[dead]
[dead]
It makes it sound like they're having an argument with the 3M Company to me.
Did they ductaped their funds?
They can Post It in
I hope they stick with it.
[dead]
That’s not only closure, that’s global currency control. Every account is now subjected to a transfer limit.
Even if the anti-fraud motif is genuine, that’s a pretty extreme amount of control. Not that it’s in any way strange coming from Thailand. Foreign exchange and capital inflow and outflow are already controlled.
https://news.ycombinator.com/item?id=45240304#45240968
> Assistant [Bank of Thailand] Governor.. acknowledged that current procedures for identifying and freezing suspected “mule accounts” need refinement to prevent harming innocent customers. Many account holders have taken to social media to express frustration...
I've read the headline and my first thought was, "they're overdue on tackling fraud", but perhaps it should be clarified.
Yeah, flagged for editorialisation. (EDIT: Unflagged for mentioning fraud. Would also recommend changing the ambiguous 3M to 3mm or 3mn.)
It’s a long headline. I bet the editorialisation was reluctantly done to work around HNs character limit.
If you have a better suggestion for an abridged headline then you could share and hopefully the submitter can still update this submission.
There is no clean distinction between anti-fraud and currency control
[dead]
Isn't Thailand also one of the countries where Google is taking away people's sideloading rights?
Crypto solves this /s.
It does. /not s
[flagged]
The title would then say “3M’s accounts” to denote ownership.
Would note that 3M is an unconventional was of representing 3mm or 3mn.
I’ve never seen ‘mm’ nor ‘mn’ used in British English, where ‘m’ is a common abbreviation for “million”. But this might be a localisation.
Wikipedia does recognise ‘m’ as an abbreviation: https://en.m.wikipedia.org/wiki/1,000,000
It’s definitely open to confusion but generally if you already known that abbreviation exists then one can usually deduce how to interpret that abbreviation from the context of the sentence. In this case, it’s a financial headline so I assumed it was “million”.
> Wikipedia does recognise ‘m’ as an abbreviation
The lower-case m is used in British English. Upper case M can be used, but it’s unnecessarily ambiguous and close to wrong in American English.
HN plays shenanigans with the capitalisations in headings.
Millimeters or mili-newtons? Wait...that'd be mN. <confused> Obviously M is the conventional way to denote 10^6.
I got downvoted due to someone's unconventional reading. You win some, you lose some.
You’re downvoted because you’ve strongly indicated you didn’t read the article.
That's an unwarranted assumption.
And your comment is an unwarranted assumption of the article and the discussion around it. See?
Can someone explain why MM means millions, and not just M, 3M ==3 millions?
https://accountinginsights.org/how-to-abbreviate-million-in-...
Because there are too many standards[0]! If only someone would invent one more standard that everyone could follow...
The Wikipedia on long and short scales[1][2] for the root of the problem.
[0] https://xkcd.com/927/
[1] https://en.wikipedia.org/wiki/Long_and_short_scales
[2] https://grammarhow.com/m-vs-mm-million/
3M =3 Million. I clicked the link wondering what Minnesota Mining and Manufacturing was doing in Thailand.
The article does say 3 Million, so the editing happened at HN's end.
HN auto-abbreviates submission titles, e.g. thousands to K, millions to M.
So, sure these bank regulations are "fraud preventing".
But if you pay attention to GPS jam maps and news sources, they are currently also under significant unrest.
https://thediplomat.com/2025/09/indonesias-unrest-revives-fe...
> Over the past two weeks, Indonesia has been rocked by some of the most widespread unrest in recent memory, with mass demonstrations erupting across Jakarta and other major cities. The protests are the result of long-running economic strain, political discontent, and public outrage at perceived elite entitlement.
Its basically a worldwide proletariat uprising against the elite. And the current article hits people in the pocketbooks. And any protestors who are gaining popularity will undoubtedly be in those 3 million accounts blocked.
The article is about Thailand, you got the countries confused. But thanks for sharing, didn't know.
The article is about Thailand, not Indonesia.
Well, damn. I completely misread that. I now feel kinda dumb.
I'm relieved to see another educated person doing this.
It's gotten worse for me lately, where I keep mixing up train stations and locations with similar names or characteristics, so I can totally imagine hearing Thailand and thinking about Indonesia instead.