You receive a call on your phone.The caller says they're from your bank and they're calling about a suspected fraud.
-
Ric Harvey πͺπΊππreplied to Terence Eden on last edited by
@Edent did they send that via text or in the actual chase app? If it's via text it's still a pretty sophisticated scam!
-
Terence Edenreplied to Terence Eden on last edited by [email protected]
The scammer is on the phone to you.
Their accomplice is on the phone to your bank, pretending to be you.
Your bank send you the notification.
You accept, and scammers proceed to drain your account.Someone has just lost Β£18,000 because of this.
https://www.reddit.com/r/UKPersonalFinance/comments/1cih3kd/been_scammed_over_18000_through_my_chase_account/2/3
-
@[email protected] yup. You're on the line with the scammer, an accomplice is on the line with the bank.
-
@Edent People still answer..."phone calls"?
-
@Edent Your bank wouldn't do this.
-
Terence Edenreplied to Terence Eden on last edited by [email protected]
It *is* a genuine notification. But it isn't confirming the bank is calling you.
Should the bank word that differently?
In a rush, would you read it thoroughly?
Most likely, in a panic about the fraud, you'd confirm it was a genuine notification (it is!) and accept it.
3/3
-
Terence Edenreplied to Ric Harvey πͺπΊππ on last edited by
@Ric actual Chase app.
-
@Edent I think Iβd be taken in by that. My thought was: why do they need to check theyβre on the phone to me if *they* called *me*? But on balance Iβd decided it was just poor wording or an ill thought through system (both of which I still think, in fact!) so I wouldnβt have challenged it.
-
@Edent I had to look up what Chase is. As sophisticatingly horrifying as this is, I guess those of us who aren't with Chase are not vulnerable to this?
Yes, that was a legit question
-
@engravecavedave it depends. Does your bank's app send notifications like this? If so, you're probably vulnerable.
-
@simonwood @Edent one might assume even if they believed the bank was calling them, that they still need to confirm they got you and not someone else.
-
@flabberghaster @Edent I have had my actual bank call me, and then ask me (via security questions) to verify that I am actually me. I feel that was *training* customers to divulge information insecurely, as I had no way of knowing that they were who they were, and they wouldnβt have provided it if Iβd gone along with their request.
-
@Edent How and what is faked there then?
-
@derickr nothing is faked in app. It is a genuine notification from your bank.
-
@simonwood @Edent yeah, same. I had told my bank I intended to travel internationally and then when I got there my card stopped working and they called me saying there was suspected fraud on my card. I knew it was legit because I called back on the number on my card, but I think it's bad practice to initiate calls.
-
Shannon Skinner (she/her)replied to Terence Eden on last edited by
@Edent
The remedy is to hang up and call the bank directly, right? -
Richard W. Woodley RNKD BLTS π¨π¦πΉπ΄ββοΈπ· πΊοΈreplied to Terence Eden on last edited by
@Edent
Nothing in that image to prove it's actually your bank app . -
Chris Ferdinandi βοΈreplied to Terence Eden on last edited by
@Edent Yea, I definitely think it's a scam.
-
julian NodeBB GNU/Linuxreplied to Richard W. Woodley RNKD BLTS π¨π¦πΉπ΄ββοΈπ· πΊοΈ on last edited by
@[email protected] in this example you can assume the notification came from the Chase application itself, the one installed on your phone.
For the sake of example you could also substitute this with an SMS 2FA, that is a similar attack vector.
-
@Edent Could be scam, no?
Method:
1. Scammer calls you and Chase at same time
2. Chase is unsure of scammers identity, so sends them in-app 2FA dialog
3. You hit yes, and Chase thinks scammer is you