You receive a call on your phone.The caller says they're from your bank and they're calling about a suspected fraud.
-
@flabberghaster @Edent I have had my actual bank call me, and then ask me (via security questions) to verify that I am actually me. I feel that was *training* customers to divulge information insecurely, as I had no way of knowing that they were who they were, and they wouldn’t have provided it if I’d gone along with their request.
-
@Edent How and what is faked there then?
-
@derickr nothing is faked in app. It is a genuine notification from your bank.
-
@simonwood @Edent yeah, same. I had told my bank I intended to travel internationally and then when I got there my card stopped working and they called me saying there was suspected fraud on my card. I knew it was legit because I called back on the number on my card, but I think it's bad practice to initiate calls.
-
Shannon Skinner (she/her)replied to Terence Eden on last edited by
@Edent
The remedy is to hang up and call the bank directly, right? -
Richard W. Woodley RNKD BLTS 🇨🇦🌹🚴♂️📷 🗺️replied to Terence Eden on last edited by
@Edent
Nothing in that image to prove it's actually your bank app . -
Chris Ferdinandi ⚓️replied to Terence Eden on last edited by
@Edent Yea, I definitely think it's a scam.
-
@[email protected] in this example you can assume the notification came from the Chase application itself, the one installed on your phone.
For the sake of example you could also substitute this with an SMS 2FA, that is a similar attack vector.
-
@Edent Could be scam, no?
Method:
1. Scammer calls you and Chase at same time
2. Chase is unsure of scammers identity, so sends them in-app 2FA dialog
3. You hit yes, and Chase thinks scammer is you -
@zoe bingo!
-
Captain Janegay 🫖replied to Extreme Electronics on last edited by
-
funbaker #AssangeIsNotGuiltyreplied to Terence Eden on last edited by
@Edent there used to be a time where they told customers at every possibility: our employees will never ask for your password etc.
I think they still do.
Wtf happened. -
Terence Edenreplied to funbaker #AssangeIsNotGuilty on last edited by
@funbaker they haven't asked for your password.
You haven't given the person on the phone any details. -
Lexreplied to Terence Eden on last edited by [email protected]
@Edent I love this scam. The banks need to repeat the standard advice of never passing information to a caller about your account, ever. Their security advice is you must call back on their standard number.
It's definitely the bank's failure to not make this explicit on the app notification. I hope they are rushing to fix it :blobsweats:
"We will never call you and ask for information"
-
@Edent no because i never answer my phone
-
@flabberghaster @simonwood @Edent Yes, always call back on a phone number that you know to be legit when your "bank" calls.
-
@Edent The number of people in this thread insisting they wouldn't fall for this fake screen even though it's *real* suggests that yes, most people would and will fall for it.
-
australopithecusreplied to Terence Eden on last edited by
@Edent
That is sneaky af.Good rule of thumb is: incoming calls are informational only, never "confirm" anything during an interaction that you did not initiate.
Two reasons this holds up:
First, remember that your bank doesn't even want to spend money on enough people to *answer* incoming calls, much less make outgoing ones. If your bank does need to contact you they'll probably just send an automated email or text.
Second, if your bank calls you, they already know it's your phone.
-
@MisterMoo
No, don't you understand? They're *far* too clever to fall for it! Not like all those normies… -
@Edent That is so clever, but so obvious when the scam is laid out in front of you. Ingenious.