You receive a call on your phone.The caller says they're from your bank and they're calling about a suspected fraud.
-
@Edent The number of people in this thread insisting they wouldn't fall for this fake screen even though it's *real* suggests that yes, most people would and will fall for it.
-
australopithecusreplied to Terence Eden on last edited by
@Edent
That is sneaky af.Good rule of thumb is: incoming calls are informational only, never "confirm" anything during an interaction that you did not initiate.
Two reasons this holds up:
First, remember that your bank doesn't even want to spend money on enough people to *answer* incoming calls, much less make outgoing ones. If your bank does need to contact you they'll probably just send an automated email or text.
Second, if your bank calls you, they already know it's your phone.
-
@MisterMoo
No, don't you understand? They're *far* too clever to fall for it! Not like all those normiesโฆ -
@Edent That is so clever, but so obvious when the scam is laid out in front of you. Ingenious.
-
Resting Facebitchreplied to Terence Eden on last edited by
@Edent The notification would freak me the living fuck out I'd hang up, immediately transfer everything in that account to one of my other accounts and then ask the bank questions later.
That's provided I actually answered my phone in the first place.
-
Happy Thanksgiving! ๐ฆreplied to Terence Eden on last edited by
@Edent to me it would be an obvious scam bc I don't have banking apps on my phone.
-
@Edent ahhh that's really nasty. Thanks for sharing
-
@Edent I once transferred a large amount of money from my phone. Immediately I got call from a unknown number. Due to my past experience with unknown numbers, I decided to hang it up.
Later becoming curious, I checked the number on TrueCaller and found that it was from my bank.
May be they called to confirm that it was actually me who transferred the amount or something bad happened?
I immediately checked all the transactions and found nothing suspicious. -
@Edent Lol. They have my number already. That proves nothing other than the chance that theyโre especially crafty scammers. If it is your bank - theyโll send you a postal letter on letterhead with a name and number to call or an in-app message that youโll see upon login. @lisamelton
-
@Edent test
-
@Edent This two-factor authentication is useless when both factors go to the same phone. One of my banks does this, and I can't figure out why they think it is secure.
-
@Edent I'm sitting here in 2024 wondering why we still don't have authenticated caller id.
-
@Edent My bank or any other entity I do business with (cable, doctor etc), I hang up and call them using a number in my phone.
-
Tristan Slominskireplied to Terence Eden on last edited by [email protected]
@Edent "If someone called you and you did not call the bank, hang up and report fraud" at the beginning would help.
Directionality is important in this protocol and needs to be of prime importance.
-
Pass the Dutchiereplied to Terence Eden on last edited by
@Edent I got a call saying it was my bank. Almost got me. But I decided to call my bank and hung up. The bank said they will never call me. The same scammer called me several more times trying the same tactic.
-
@Edent
My bank just went out of business. So I'm protected from this scam. -
@infosec_jcp ๐๐ done differentlyreplied to Terence Eden on last edited by
This speaks to a CNE either in app being targeted or #StateSponsoredMalware already on the phone and this is just the #SSM being used with a phone call to get you to authorize and give passcode to scammers for later banking behind the scenes. Alert the Chase Bank via the number on the back of the card and cease using the banking app until you clear the SSM off you phone.
Banking Class security doesn't deal with SSM very well in my experience. Alerting them CAN help their fraud department and let them know to monitor so monitor your in/out on your accounts and look for anomalies like recurring charges, cloned card behavior using gas stations and ATM off bank.
-
Terence Edenreplied to @infosec_jcp ๐๐ done differently on last edited by
@infosec_jcp @Ric
It isn't SSM. It isn't a vulnerability in the app. Read the rest of the thread. -
@Edent I'd say out of the gate, "Oh, I'll be right there!" Then I'd hang up and call my bank directly. Cause I don't believe anything that comes in a phone call or email unless I instigated it from a system I'm familiar with and it's simple, like verifying a doctor visit, etc.
-
Glitzersachen.dereplied to Captain Janegay ๐ซ on last edited by
@CaptainJanegay @Extelec @Edent
It's a men in the middle attack. And quite obvious in my opinion.
Only proper reaction: I call you back, gimme a number and your name. Then phone via the front desk of your bank.