You receive a call on your phone.The caller says they're from your bank and they're calling about a suspected fraud.
-
@Edent The bank should display the phone number of the caller they are speaking with, asking the user specifically if this is their phone number.
-
@chebra
Phone numbers can be easily spoofed. -
Andrzej Stamburskireplied to Terence Eden on last edited by
@Edent The phone is a very poor way for authentication. It's not an issue of wording or implementation. The mobile phone will always be very poor method of authentication, just because there will be always 1000 ways to fake things on it. The problem is, banks push mobile phone for authentication because it is cheap for them.
-
Terence Edenreplied to Andrzej Stamburski on last edited by
@stamberry but this isn't a fake thing. It is a legitimate alert, from the authentic bank app.
-
@Edent They can also spoof the number on your card, as use it as 'proof' they are the bank.
-
@[email protected] Another good reason to say no to proprietary banking apps. My bank account can only be accessed using a physical non-internet connected 2FA key device.
-
@SuperDicq my banking app also supports a physical 2FA token. So what?
-
@[email protected] You can't get fooled by notifications like this if you don't have a banking app.
-
@Edent Yes. Because at present, my bank only contacts me by mail.
-
unlucio 🌍 :mastodon:replied to Terence Eden on last edited by
@Edent whenever you receive and
unsolicited call from whatever company simply hang up and call customer care:
if the problem is real the call center will take care of it, if it's just a scam you'll find out before they can scam you. -
@Edent there’s no major company in the world with enough bored staff on hand to call YOU. That’s the giveaway. Show me a company with thousands of employees like Chase, and I’ll show you a 1-800 number and a phone tree you have to navigate through to speak to anyone. There are mom and pop shops and dental offices with 3 employees who still make calls to their clients and customers… but a Chase bank or Apple or Bank of America or your mortgage servicer or insurance company? Ain’t happening.
-
@lechter it's a UK account.
I've certainly received calls about fraudulent transactions from my large UK bank - where they've explicitly told me to call back.Not everywhere is America.
-
@Edent that is an insecure “service” that’s going to get their customers into scam trouble. Like a rep asking for your current password. Spidey sense should tingle. No large company should ever call their customers for fraud. The best way to verify legitimacy is US calling their 1-800 number listed on the back of OUR card and navigating their phone tree. You can also go online to your account portal. If something is amiss you’ll either not be able to login or the whole thing will be lit up in
-
@lechter how should a bank contact you to alert you of suspected fraud?
-
@Edent an automated text or phone call telling the customer to call the bank solely using the phone number listed on the back of their debit card. Alternatively a push notification from their mobile banking app if they’ve got that on their phone. The message should specify that replies to the message are unmonitored and it is for informative purposes only.
-
@CaptainJanegay @iokiwi @glitzersachen @Extelec @Edent definitely not obvious. We have had to setup (and strengthen) procedures for scammers posing as me, asking parents for money. AI will make this worse, hence needing multiple checks now.
Luckily our checks have worked so far. -
@Edent tell them you entered your password but don't, if they know you didn't then they at least have access to Chase's system. Do it twice just to fuck with them.
-
wendinoakland has moved…replied to Terence Eden on last edited by
@Edent I’ve received texts from my bank about specific transactions, where the exact amount and the vendor in question are included. Without those details, I wouldn’t trust any random call, ever.
-
@Edent have been thinking about this for a bit, 2specially as I got a call a week ago saying it was from my bank and if 750 from an insurance provider was expected. I was ready to tell them if calm them back, but said I don't use "direct line", and they abruptly hung up.
I'd like to think that any call I didn't initiate I'd treat the same, but I do qi der if they'd opened with something like this if it would have caught me out
-
@Edent
I find it very disheartening that major banks actively promote risky behavior by:
- including links in emails
- initiating fraud alert calls and texts and leaving numbers to call back
No. I'm not talking about phishing. I'm talking about actual emails and calls and texts from the bank.(And don't get me started on CS agents that have told me that my password shouldn't be more than 8 characters because "it can cause problems".)