You receive a call on your phone.The caller says they're from your bank and they're calling about a suspected fraud.
-
@Greengordon
In the UK, banks often *do* have to pay.
https://www.theguardian.com/money/2023/jun/07/uk-banks-to-reimburse-victims-under-new-rules-regulator-confirms -
@[email protected] Easy one: I'd judge by the dialect. My bank is located in a small western Norwegian town called Voss. Everyone who work there speak the Voss dialect. And people at Voss don't do frauds
-
John Mark Ockerbloomreplied to Terence Eden on last edited by
@Edent I'd think that knowing this, the message should say "Did you call Chase?" (maybe with a note that if it appears that Chase called *you*, you should hang up and dial their number). That might not stop everyone from pressing Yes anyway and confirming, but it might stop some of the scams from succeeding.
-
Terence Edenreplied to Word of Mouth 🍄 :emacs: on last edited by
@notroot
How often do you receive fraud notices? -
@glitzersachen @CaptainJanegay @Extelec @Edent if you think this is quite obvious I feel sorry for your users.
-
@Edent If you call Bank of America, they will verify you using a code sent by SMS that contains, “DO NOT share this Sign In code.”
I’ll confirm with the agent that they’re asking for the one that says under no circumstances am I to share with anyone, and they reply cheerfully, “yeah that’s the one.”
️#bank #security #SecurityFail #phishing
-
@Edent Nope I wouldn't click any links and I would call the bank. End of scam.
-
@com
What are you meant to do with that code though?
Surely you have to share it to use it. -
Cybarbiereplied to Terence Eden on last edited by [email protected]
@Edent I would never but I bet very many would fall for this.
-
@Edent My response is always. Okay, let me call you back and we can start this process. A scammer will insist they handle it for you. A bank may say they can handle it but will usually let you hang up and call back. Fraud departments don’t make commissions so there’s no reason for them to hold you on the line.
-
@Edent Yes. My bank damn well KNOWS not to call me.
-
I'm at the point where I assume everything is a scam. I got a call from someone claiming to be a postal cop. I told him to eff off, post office doesn't call people and hung up.
Later I learned that in fact he was telling the truth, but understood my skepticism. (It was related to the theft of a mail piece.)
But even still I think the right scam at the right time would fool me.
-
@iokiwi @glitzersachen @Extelec @Edent Yes. I'm also not so much interested in whether it's obvious to a working-age, relatively tech savvy adult who's paying attention.
I want to know if it's obvious to my last scam-related client, who was a woman in her 70s, run off her feet caring for her husband who had dementia, already worried about money, and who picked up the call - thinking it could be a family emergency - while she was cooking dinner & running late.
-
@Edent It’s the same message used for 2FA, i.e., website login.
-
@com
So you have to share the code with the login page, right?
Even though it says don't share it.
And that's why people get confused about they are supposed to do. -
@Edent Always and without exception, hang up, and call the bank or whatever entity called and verify.
-
@Edent There's only two ways I'll accept a notification from a business. If I'm in the room with them, like at my wireless company, or if I'm on a website trying to make a purchase. No one in the middle. Most places won't call you. And if they do, take a message, go to their business or call them at a number you know os legit.
-
@Edent hang up the phone and contact your bank directly…
-
@Edent this is wrong and bank must be responsible for any losses. they clearly failed to identify customer The app can say: if it’s you, call us again number+3 digits from app+3 digits from the call. Bank Identity is established by a well-known number, the additional digits demonstrate that the same person is using the app and talking on the phone. May still be problematic if the attacker managed to login to the app. Better idea: just verify ID through a video call in the app.
-
@Edent the scam would probably not work if the messaging on the phone app was better
"did you initate a call with us from number +1 555 123123 five minutes ago", for instance, would work much better
