You receive a call on your phone.The caller says they're from your bank and they're calling about a suspected fraud.
-
Terence Edenreplied to Word of Mouth 🍄 :emacs: on last edited by
@notroot
How often do you receive fraud notices? -
@glitzersachen @CaptainJanegay @Extelec @Edent if you think this is quite obvious I feel sorry for your users.
-
Quinn Comendantreplied to Terence Eden on last edited by
@Edent If you call Bank of America, they will verify you using a code sent by SMS that contains, “DO NOT share this Sign In code.”
I’ll confirm with the agent that they’re asking for the one that says under no circumstances am I to share with anyone, and they reply cheerfully, “yeah that’s the one.” ‍️
-
@Edent Nope I wouldn't click any links and I would call the bank. End of scam.
-
Terence Edenreplied to Quinn Comendant on last edited by
@com
What are you meant to do with that code though?
Surely you have to share it to use it. -
Cybarbiereplied to Terence Eden on last edited by [email protected]
@Edent I would never but I bet very many would fall for this.
-
Houston Bovareplied to Terence Eden on last edited by
@Edent My response is always. Okay, let me call you back and we can start this process. A scammer will insist they handle it for you. A bank may say they can handle it but will usually let you hang up and call back. Fraud departments don’t make commissions so there’s no reason for them to hold you on the line.
-
thepoliticalcatreplied to Terence Eden on last edited by
@Edent Yes. My bank damn well KNOWS not to call me.
-
I'm at the point where I assume everything is a scam. I got a call from someone claiming to be a postal cop. I told him to eff off, post office doesn't call people and hung up.
Later I learned that in fact he was telling the truth, but understood my skepticism. (It was related to the theft of a mail piece.)
But even still I think the right scam at the right time would fool me.
-
Captain Janegay đź«–replied to Simon on last edited by
@iokiwi @glitzersachen @Extelec @Edent Yes. I'm also not so much interested in whether it's obvious to a working-age, relatively tech savvy adult who's paying attention.
I want to know if it's obvious to my last scam-related client, who was a woman in her 70s, run off her feet caring for her husband who had dementia, already worried about money, and who picked up the call - thinking it could be a family emergency - while she was cooking dinner & running late.
-
Quinn Comendantreplied to Terence Eden on last edited by
@Edent It’s the same message used for 2FA, i.e., website login.
-
Terence Edenreplied to Quinn Comendant on last edited by
@com
So you have to share the code with the login page, right?
Even though it says don't share it.
And that's why people get confused about they are supposed to do. -
@Edent Always and without exception, hang up, and call the bank or whatever entity called and verify.
-
@Edent There's only two ways I'll accept a notification from a business. If I'm in the room with them, like at my wireless company, or if I'm on a website trying to make a purchase. No one in the middle. Most places won't call you. And if they do, take a message, go to their business or call them at a number you know os legit.
-
UncleCharlieAreplied to Terence Eden on last edited by
@Edent hang up the phone and contact your bank directly…
-
@Edent this is wrong and bank must be responsible for any losses. they clearly failed to identify customer The app can say: if it’s you, call us again number+3 digits from app+3 digits from the call. Bank Identity is established by a well-known number, the additional digits demonstrate that the same person is using the app and talking on the phone. May still be problematic if the attacker managed to login to the app. Better idea: just verify ID through a video call in the app.
-
@Edent the scam would probably not work if the messaging on the phone app was better
"did you initate a call with us from number +1 555 123123 five minutes ago", for instance, would work much better
-
Frederic Barthelemyreplied to Terence Eden on last edited by
-
@Edent @briankrebs Damn, that’s a slick one.
I never answer calls from unknown numbers personally. I’d rather go through the hassle of missing the call and then trying to get ahold of whoever called me. That being said, my banks are smaller and I usually just go into a building when I get a letter or bill that looks weird. -
Gary McMeekinreplied to Terence Eden on last edited by
@Edent The timing is amazing. The fraudsters are good at what they do. The whole reddit thread is worth a read.