You receive a call on your phone.The caller says they're from your bank and they're calling about a suspected fraud.
-
@Edent I'd say out of the gate, "Oh, I'll be right there!" Then I'd hang up and call my bank directly. Cause I don't believe anything that comes in a phone call or email unless I instigated it from a system I'm familiar with and it's simple, like verifying a doctor visit, etc.
-
Glitzersachen.dereplied to Captain Janegay 🫖 on last edited by
@CaptainJanegay @Extelec @Edent
It's a men in the middle attack. And quite obvious in my opinion.
Only proper reaction: I call you back, gimme a number and your name. Then phone via the front desk of your bank.
-
@Edent @offby1 it is so frustrating, seeing this q and immediately knowing what the scam is and how to fix it and never being anywhere near proximity to the actual decision makers who can prevent stuff like this. Like please point me at a bank executive and let me give them a security design and threat modeling training, for the love of god
-
I wonder how long it would take for banks to put in security measures to prevent this if they had to pay for the losses, instead of passing them on to their customers?
"The scammer is on the phone to you.
Their accomplice is on the phone to your bank, pretending to be you.
Your bank send you the notification.
You accept, and scammers proceed to drain your account."Someone has just lost £18,000 because of this."
-
@Edent Chiming in to say I experienced this scam with Capital One, who uses in app notifications or text messages for verification. I only barely caught on to it in time to tell them I'd hang up and call them back.
Come to find out, Capital One does not cold call you for suspected fraud under any circumstances.
-
Word of Mouth 🍄 :emacs:replied to Terence Eden on last edited by
@[email protected] Definitely. My habit is to receive the fraud notice call, then hang up, and dial the number on the back of my bank card. If it's really fraud, they'll know about it and we continue. Otherwise, it was a scam and I dodged a bullet.
-
@Greengordon
In the UK, banks often *do* have to pay.
https://www.theguardian.com/money/2023/jun/07/uk-banks-to-reimburse-victims-under-new-rules-regulator-confirms -
@[email protected] Easy one: I'd judge by the dialect. My bank is located in a small western Norwegian town called Voss. Everyone who work there speak the Voss dialect. And people at Voss don't do frauds
-
John Mark Ockerbloomreplied to Terence Eden on last edited by
@Edent I'd think that knowing this, the message should say "Did you call Chase?" (maybe with a note that if it appears that Chase called *you*, you should hang up and dial their number). That might not stop everyone from pressing Yes anyway and confirming, but it might stop some of the scams from succeeding.
-
Terence Edenreplied to Word of Mouth 🍄 :emacs: on last edited by
@notroot
How often do you receive fraud notices? -
@glitzersachen @CaptainJanegay @Extelec @Edent if you think this is quite obvious I feel sorry for your users.
-
@Edent If you call Bank of America, they will verify you using a code sent by SMS that contains, “DO NOT share this Sign In code.”
I’ll confirm with the agent that they’re asking for the one that says under no circumstances am I to share with anyone, and they reply cheerfully, “yeah that’s the one.”
️#bank #security #SecurityFail #phishing
-
@Edent Nope I wouldn't click any links and I would call the bank. End of scam.
-
@com
What are you meant to do with that code though?
Surely you have to share it to use it. -
Cybarbiereplied to Terence Eden on last edited by [email protected]
@Edent I would never but I bet very many would fall for this.
-
@Edent My response is always. Okay, let me call you back and we can start this process. A scammer will insist they handle it for you. A bank may say they can handle it but will usually let you hang up and call back. Fraud departments don’t make commissions so there’s no reason for them to hold you on the line.
-
@Edent Yes. My bank damn well KNOWS not to call me.
-
I'm at the point where I assume everything is a scam. I got a call from someone claiming to be a postal cop. I told him to eff off, post office doesn't call people and hung up.
Later I learned that in fact he was telling the truth, but understood my skepticism. (It was related to the theft of a mail piece.)
But even still I think the right scam at the right time would fool me.
-
@iokiwi @glitzersachen @Extelec @Edent Yes. I'm also not so much interested in whether it's obvious to a working-age, relatively tech savvy adult who's paying attention.
I want to know if it's obvious to my last scam-related client, who was a woman in her 70s, run off her feet caring for her husband who had dementia, already worried about money, and who picked up the call - thinking it could be a family emergency - while she was cooking dinner & running late.
-
@Edent It’s the same message used for 2FA, i.e., website login.
