You receive a call on your phone.The caller says they're from your bank and they're calling about a suspected fraud.
-
Chris Ferdinandi ⚓️replied to Terence Eden on last edited by
@Edent Yea, I definitely think it's a scam.
-
@[email protected] in this example you can assume the notification came from the Chase application itself, the one installed on your phone.
For the sake of example you could also substitute this with an SMS 2FA, that is a similar attack vector.
-
@Edent Could be scam, no?
Method:
1. Scammer calls you and Chase at same time
2. Chase is unsure of scammers identity, so sends them in-app 2FA dialog
3. You hit yes, and Chase thinks scammer is you -
@zoe bingo!
-
Captain Janegay 🫖replied to Extreme Electronics on last edited by
-
funbaker #AssangeIsNotGuiltyreplied to Terence Eden on last edited by
@Edent there used to be a time where they told customers at every possibility: our employees will never ask for your password etc.
I think they still do.
Wtf happened. -
Terence Edenreplied to funbaker #AssangeIsNotGuilty on last edited by
@funbaker they haven't asked for your password.
You haven't given the person on the phone any details. -
Lexreplied to Terence Eden on last edited by [email protected]
@Edent I love this scam. The banks need to repeat the standard advice of never passing information to a caller about your account, ever. Their security advice is you must call back on their standard number.
It's definitely the bank's failure to not make this explicit on the app notification. I hope they are rushing to fix it :blobsweats:
"We will never call you and ask for information"
-
dinosaurdiggerreplied to Terence Eden on last edited by
@Edent no because i never answer my phone
-
@flabberghaster @simonwood @Edent Yes, always call back on a phone number that you know to be legit when your "bank" calls.
-
Mister Moo 🐮replied to Terence Eden on last edited by
@Edent The number of people in this thread insisting they wouldn't fall for this fake screen even though it's *real* suggests that yes, most people would and will fall for it.
-
australopithecusreplied to Terence Eden on last edited by
@Edent
That is sneaky af.Good rule of thumb is: incoming calls are informational only, never "confirm" anything during an interaction that you did not initiate.
Two reasons this holds up:
First, remember that your bank doesn't even want to spend money on enough people to *answer* incoming calls, much less make outgoing ones. If your bank does need to contact you they'll probably just send an automated email or text.
Second, if your bank calls you, they already know it's your phone.
-
Terence Edenreplied to Mister Moo 🐮 on last edited by
@MisterMoo
No, don't you understand? They're *far* too clever to fall for it! Not like all those normies… -
A human beingreplied to Terence Eden on last edited by
@Edent That is so clever, but so obvious when the scam is laid out in front of you. Ingenious.
-
Resting Facebitchreplied to Terence Eden on last edited by
@Edent The notification would freak me the living fuck out I'd hang up, immediately transfer everything in that account to one of my other accounts and then ask the bank questions later.
That's provided I actually answered my phone in the first place.
-
Happy Thanksgiving! 🦃replied to Terence Eden on last edited by
@Edent to me it would be an obvious scam bc I don't have banking apps on my phone.
-
@Edent ahhh that's really nasty. Thanks for sharing
-
@Edent I once transferred a large amount of money from my phone. Immediately I got call from a unknown number. Due to my past experience with unknown numbers, I decided to hang it up.
Later becoming curious, I checked the number on TrueCaller and found that it was from my bank.
May be they called to confirm that it was actually me who transferred the amount or something bad happened?
I immediately checked all the transactions and found nothing suspicious. -
@Edent Lol. They have my number already. That proves nothing other than the chance that they’re especially crafty scammers. If it is your bank - they’ll send you a postal letter on letterhead with a name and number to call or an in-app message that you’ll see upon login. @lisamelton
-
Charles Johnsonreplied to Terence Eden on last edited by
@Edent test