You receive a call on your phone.The caller says they're from your bank and they're calling about a suspected fraud.
-
@Edent Nope I wouldn't click any links and I would call the bank. End of scam.
-
@com
What are you meant to do with that code though?
Surely you have to share it to use it. -
Cybarbiereplied to Terence Eden on last edited by [email protected]
@Edent I would never but I bet very many would fall for this.
-
@Edent My response is always. Okay, let me call you back and we can start this process. A scammer will insist they handle it for you. A bank may say they can handle it but will usually let you hang up and call back. Fraud departments don’t make commissions so there’s no reason for them to hold you on the line.
-
@Edent Yes. My bank damn well KNOWS not to call me.
-
I'm at the point where I assume everything is a scam. I got a call from someone claiming to be a postal cop. I told him to eff off, post office doesn't call people and hung up.
Later I learned that in fact he was telling the truth, but understood my skepticism. (It was related to the theft of a mail piece.)
But even still I think the right scam at the right time would fool me.
-
@iokiwi @glitzersachen @Extelec @Edent Yes. I'm also not so much interested in whether it's obvious to a working-age, relatively tech savvy adult who's paying attention.
I want to know if it's obvious to my last scam-related client, who was a woman in her 70s, run off her feet caring for her husband who had dementia, already worried about money, and who picked up the call - thinking it could be a family emergency - while she was cooking dinner & running late.
-
@Edent It’s the same message used for 2FA, i.e., website login.
-
@com
So you have to share the code with the login page, right?
Even though it says don't share it.
And that's why people get confused about they are supposed to do. -
@Edent Always and without exception, hang up, and call the bank or whatever entity called and verify.
-
@Edent There's only two ways I'll accept a notification from a business. If I'm in the room with them, like at my wireless company, or if I'm on a website trying to make a purchase. No one in the middle. Most places won't call you. And if they do, take a message, go to their business or call them at a number you know os legit.
-
@Edent hang up the phone and contact your bank directly…
-
@Edent this is wrong and bank must be responsible for any losses. they clearly failed to identify customer The app can say: if it’s you, call us again number+3 digits from app+3 digits from the call. Bank Identity is established by a well-known number, the additional digits demonstrate that the same person is using the app and talking on the phone. May still be problematic if the attacker managed to login to the app. Better idea: just verify ID through a video call in the app.
-
@Edent the scam would probably not work if the messaging on the phone app was better
"did you initate a call with us from number +1 555 123123 five minutes ago", for instance, would work much better
-
Frederic Barthelemyreplied to Terence Eden on last edited by
-
@Edent @briankrebs Damn, that’s a slick one.
I never answer calls from unknown numbers personally. I’d rather go through the hassle of missing the call and then trying to get ahold of whoever called me. That being said, my banks are smaller and I usually just go into a building when I get a letter or bill that looks weird. -
@Edent The timing is amazing. The fraudsters are good at what they do. The whole reddit thread is worth a read.
-
@Edent Banks should never initiate a phone call to a customer. If a bank declares that policy, customers will know any unexpected call claiming to be from the bank is bogus.
-
@Edent Anyone saying they’d immediately identify this as a scam is delusional or a perfect mark in the future...
-
@Edent I would always hang up and call the bank/credit card company number on my card. The real bank has no problem with that, but scammers would be upset.