Email or username:

Password:

Forgot your password?
Terence Eden

You receive a call on your phone.
The caller says they're from your bank and they're calling about a suspected fraud.

"Oh yeah," you think. Obvious scam, right?

The caller says "I'll send you an in-app notification to prove I'm calling from your bank."

Your phone buzzes. You tap the notification This is what you see.

Still think it is a scam?
1/3

359 comments
Extreme Electronics

@Edent Id go with yes, its a scam, Why does it need your passcode if you are already logged in to their app.

Captain Janegay 🫖

@Extelec @Edent That's normal. It's to confirm that someone else hasn't just stolen your phone. The rest of the thread explains, but this *is* a legitimate notification, it's just being misused.

:mastodon: Ric Harvey 🇪🇺🌍💚

@Edent did they send that via text or in the actual chase app? If it's via text it's still a pretty sophisticated scam!

Terence Eden

The scammer is on the phone to you.
Their accomplice is on the phone to your bank, pretending to be you.
Your bank send you the notification.
You accept, and scammers proceed to drain your account.

Someone has just lost £18,000 because of this.
reddit.com/r/UKPersonalFinance

2/3

The scammer is on the phone to you.
Their accomplice is on the phone to your bank, pretending to be you.
Your bank send you the notification.
You accept, and scammers proceed to drain your account.

Someone has just lost £18,000 because of this.
reddit.com/r/UKPersonalFinance

Terence Eden

It *is* a genuine notification. But it isn't confirming the bank is calling you.

Should the bank word that differently?

In a rush, would you read it thoroughly?

Most likely, in a panic about the fraud, you'd confirm it was a genuine notification (it is!) and accept it.

3/3

Simon Wood

@Edent I think I’d be taken in by that. My thought was: why do they need to check they’re on the phone to me if *they* called *me*? But on balance I’d decided it was just poor wording or an ill thought through system (both of which I still think, in fact!) so I wouldn’t have challenged it.

Sbectol :twt:

@simonwood I tend to be suspicious. The only time my bank ever called me was from the security dept and I refused to believe it was them and called back on the main number and asked to be transferred.

That’s not to say that I wouldn’t be taken in by a different fraud, of course

@Edent

flabberghaster

@simonwood @Edent one might assume even if they believed the bank was calling them, that they still need to confirm they got you and not someone else.

Simon Wood

@flabberghaster @Edent I have had my actual bank call me, and then ask me (via security questions) to verify that I am actually me. I feel that was *training* customers to divulge information insecurely, as I had no way of knowing that they were who they were, and they wouldn’t have provided it if I’d gone along with their request.

flabberghaster

@simonwood @Edent yeah, same. I had told my bank I intended to travel internationally and then when I got there my card stopped working and they called me saying there was suspected fraud on my card. I knew it was legit because I called back on the number on my card, but I think it's bad practice to initiate calls.

GunChleoc

@flabberghaster @simonwood @Edent Yes, always call back on a phone number that you know to be legit when your "bank" calls.

AlisonW ♿🏳️‍🌈

@simonwood @Edent
I regularly have a little dance with people who phone me asking me to prove who I am before they will continue. I try to get them to confirm something that only the true caller would know but sometimes just have to give up and end the call.

Captain Janegay 🫖

@simonwood @Edent The bank do need to confirm that: they only know that they called your number, but they can't be sure that you picked up - maybe someone else has access to your phone, or it's been lost or stolen, or you changed your number and forgot to tell them.

Unfortunately this only makes this attack more persuasive.

Telling them you'll hang up and call back on the main number is a good option, and the bank employee should always be happy for you to do so.

Buuut this is Chase...

Simon Wood

@CaptainJanegay @Edent Maybe someone else has access to your phone, so they’re going to send a push notification to your phone to verify it's really you? 🤔

Captain Janegay 🫖

@simonwood @Edent Well, it asks for your password as well, which would significantly increase their confidence - although ofc this notification is not actually used to verify your identity in that situation.

But my point is that it's entirely believable that the bank would need *some* kind of verification when they call you, and a lot of people won't pick up on inconsistencies like this, especially when they've just been told someone has fraudulently taken £300 out of their account

Simon Wood

@CaptainJanegay @Edent Very true.

Asking for verification is ok, but it amazes me they don’t work on customer expectations - what you will be asked for when the bank calls - and also customers’ fraud literacy - how we can and should verify them!

Sbectol :twt:

@Edent yikes. This could easily impact my elderly parents. They’re so scared of internet fraud that they only ever talk to the bank in the branch now

Philip Mallegol-Hansen

@Edent There’s probably lots of good reasons not to, but I wonder if they could change the notification to show which number they *think* you’re calling from. Presumably their system knows, it’s just a question of whether it could be hooked into the notification sending infra.

Chris Adams

@philip @Edent I would bet a lot of people would see a different number and just assume their IT department messed up, since there’s rarely a shortage of prior support for that. That goes double if the scammer successfully gets the person into a panic state first.

Philip Mallegol-Hansen

@acdha @Edent Fair, there’ll never be perfect technical solutions to these human problems, just trying to imagine what we might do better.

Could the banking app use the phone’s phone API to check whether the call is being made on that device, and then at least show something like “You are talking to us on THIS PHONE” vs “You are talking to us ON A DIFFERENT PHONE THAN THIS ONE”?

Again, not perfect, but maybe that would help some number fewer people get scammed.

Mister Moo 🐮

@philip @acdha @Edent They could add a box with details about the call. "We are talking to you on the number (XXX)XXX-XXXX. You placed the call to us at X:XX. If any of this is incorrect, please tap 'No, it's not me.'" In this case "No" should change to something like "I have concerns"

Derick Rethans

@Edent How and what is faked there then?

Terence Eden

@derickr nothing is faked in app. It is a genuine notification from your bank.

Alex@rtnVFRmedia Suffolk UK

@Edent @derickr the level of knowledge of this incident suggests the target has already been stalked and their finances already monitored (its way too much resources/effort to put into attempting to scam someone who is skint and only has a few quid in the bank. really wouldn't put it past insiders in the bank/call centres being involved)

funbaker #AssangeIsNotGuilty

@Edent there used to be a time where they told customers at every possibility: our employees will never ask for your password etc.
I think they still do.
Wtf happened.

Terence Eden

@funbaker they haven't asked for your password.
You haven't given the person on the phone any details.

the cake is offline

@Edent That is when I ask for a case number, and then call the bank back on the number on the back of my credit card.

LonM

@Edent I feel like the notification would be better used for warning you about the purpose of the call. "are you on the phone with us right now RE your requested money transfer" would be more accurate.

Also, I'm not sure how it works with this bank, but with mine I need to approve transactions to new recipients with a physical card reader that asks for a ref no and the transfer amount. That would nix this scam.

Shannon Skinner (she/her)

@Edent
The remedy is to hang up and call the bank directly, right?

Lex

@Edent I love this scam. The banks need to repeat the standard advice of never passing information to a caller about your account, ever. Their security advice is you must call back on their standard number.

It's definitely the bank's failure to not make this explicit on the app notification. I hope they are rushing to fix it :blobsweats:

"We will never call you and ask for information"

Ciggy Bringer of Smoke

@Edent

For a moment, can we just appreciate this archaic and literal 'man in the middle' attack is viable today? An oldie but baddie? No?

Well I think it's neato, even if absolutely fucked.

Okay, I'll go.

rogue_corq

@Edent People still answer..."phone calls"?

rogue_corq

@Edent that's fair. But answering a phone call these days is very much akin to replying to spam.

Also: My IRL frens text me before they call.

;-)

V is for...

@rogue_corq Yeah. Because it’s easier to get stuff done than a million messages.

Terence Eden

@AAKL that's a genuine notification from the legitimate Chase app.

AAKL

@Edent It sure sounds like it could be a scam.

Patrick

@AAKL @Edent I’d still be tempted to just say I’m calling the number on the back of my card for security purposes. Hang up and call. Though it does seem like that would be a little trickier to fake than a text/email alert.

AAKL

@ppb1701 @Edent Last time the bank sent a text, I dug up the legitimate number and called directly. Same in this situation.

Log 🪵

@Edent @AAKL The notification should specify whether you called the bank, or the bank called you. Would stop this MITM scam immediately.

Chris Ferdinandi ⚓️

@AAKL @Edent You would be amazed at how often banks call you and then ask you questions to verify your identity.

adamrice

@AAKL @Edent My bank recently texted and robo-called me about fradulent activity. I logged on and saw that there was in fact fraudulent activity.

Wokebloke (call me Doug)

@Edent
I recently had friends get this kind of call. They are educated and very smart people and fell for it, it was so convincing. Then something made them reconsider and they spent the rest of the night into the next morning making phone calls to their bank officers and succeeded in not being robbed. The new phone scams are very polished.

Stuart

@Edent I would assume it was a scam. That is partly because I deliberately don't give my bank my phone number (so that I can spot scams) but also because both notifications seem to be initiated by the caller. When my bank has emailed about suspected fraud I've not rung the numbers in the email either but rung the bank on a number I know separately and then told them off for doing what they say they won't do.

Stuart

@Edent But, yes, I think the way you've described that Bank's system, many people are (understandably) likely to be tricked.

CaveDave

@Edent I had to look up what Chase is. As sophisticatingly horrifying as this is, I guess those of us who aren't with Chase are not vulnerable to this?

Yes, that was a legit question

Terence Eden

@engravecavedave it depends. Does your bank's app send notifications like this? If so, you're probably vulnerable.

CaveDave

@Edent I have no idea as I've never received anything like it

Kat

@Edent i tell the scammer I think it is a scam and I hang up and call directly to my bank. I don't fall for bullcrap. I don't trust any notifications on my phone. I am the biggest skeptic now.

Derick Rethans

@Edent I never trust anybody calling me.

Spike :donor:

@Edent Chase should reword this notification to say "Did you just call Chase bank, or did someone claiming to be calling from Chase contact you?" and then change the buttons to read "I called Chase" or "Someone called me"

Terence Eden

@the5thColumnist it is genuinely your app. The notification shows the icon. You have to open your regular banking app and give your fingerprint to see it.
That's what I'm getting at. It is a legitimate, verifiable notification.

Richard W. Woodley NO THREADS 🇨🇦🌹🚴‍♂️📷 🗺️

@Edent
Fortunately I don't use phone apps. Do all my banking on the computer where I have to login to my account to do anything.

Lynn McAlister UE

@Edent Doesn't matter. I'll end the communication and contact them separately through a number I already have for them.

Michael Santaly

@Edent Very scary it can come from the actual app. But I don’t use a password to open my app. I use biometrics. So I think I would find that wording suspicious if it’s how it was presented to me

Paul_IPv6

@Edent

i'd do what i've done for years with bank fraud calls. i'd delete/ignore any notifications, hang up from any phone call, then call the known good number i have for my bank and ask for the fraud department.

this kind of crap is why i also don't use a phone app for banking...

Zoe

@Edent Could be scam, no?

Method:
1. Scammer calls you and Chase at same time
2. Chase is unsure of scammers identity, so sends them in-app 2FA dialog
3. You hit yes, and Chase thinks scammer is you

Linux Is Best

@Edent@mastodon.social Yes, I still think it is a scam. A live person is not going to call you about your account. If something was flagged, you'd get a text without any clickable link or asking you to verify anything. If your bank or creditor is dumb enough to require you to do any of those, you should not be using them in the 1st place, and it is time to switch banks or creditors. -- The only time you may get something like this is if YOU called them and not them calling you.

Katrina Katrinka :donor:

@Edent
I'm suspicious of any contact I didn't initiate. I'll call my bank directly and go through the phone tree.

🅰🅻🅸🅲🅴 (🗑️🔥)

@Edent I've had my bank legitimately call me, unsolicited, about something exactly zero times.

I've had scammers call me pretending to be my bank way more often than that.

Just playing the numbers, it would always be safest to just hang up, report the number as spam, and log into my banking app directly from a trusted device to check if anything was suspicious there.

Good rule of thumb: never provide sensitive info in a conversation that you didn't initiate, and never provide your password if you didn't initiate the login.

@Edent I've had my bank legitimately call me, unsolicited, about something exactly zero times.

I've had scammers call me pretending to be my bank way more often than that.

Just playing the numbers, it would always be safest to just hang up, report the number as spam, and log into my banking app directly from a trusted device to check if anything was suspicious there.

AudraTran :debian:

The only way to verify that the caller is who they say they are is to go to the official website, find their number on there, verify they can be reached at that number, and then call them back at that number.

Third spruce tree on the left

@Edent Pretty slick... pretty good. I'd be taken in for a minute.

But, while my goto financial security measure is simply 2 be broke, my next best defense to any call regarding my ID, money or account that involves either is "tell me what extension or sequence of menu options to call you back at your 1-800#. u know the one on the back of my card".

now, when the call scammers can replicate my bank's labrynth of automated call menus at a perfectly spoofed 1-800 # then Im in trouble.

Coffee

@Edent That happened to me once and I immediately hung up when the person asked for an OTP. A minute later my card was locked and when I called the bank directly the same person picked up the phone.

I told them they were stupid.

DELETED

@Edent Luckily, my bank has such a long phone queue that it would be extremely difficult to synschronize this 😄

Mister Moo 🐮

@Edent The number of people in this thread insisting they wouldn't fall for this fake screen even though it's *real* suggests that yes, most people would and will fall for it.

Keith Williams

@Edent This is an easy cut-off. I never do banking over the phone for calls I don't initiate and I rarely (a handful of times/year) even do those.

australopithecus

@Edent
That is sneaky af.

Good rule of thumb is: incoming calls are informational only, never "confirm" anything during an interaction that you did not initiate.

Two reasons this holds up:

First, remember that your bank doesn't even want to spend money on enough people to *answer* incoming calls, much less make outgoing ones. If your bank does need to contact you they'll probably just send an automated email or text.

Second, if your bank calls you, they already know it's your phone.

@Edent
That is sneaky af.

Good rule of thumb is: incoming calls are informational only, never "confirm" anything during an interaction that you did not initiate.

Two reasons this holds up:

First, remember that your bank doesn't even want to spend money on enough people to *answer* incoming calls, much less make outgoing ones. If your bank does need to contact you they'll probably just send an automated email or text.

DELETED

@Edent This is why TOTP should be the only acceptable form of second factor for MFA.

:rainbow_heart: Pandora

@Edent Oh DAMN that's a clever tactic. How do you protect yourself from that?!

Chris Who

@Edent Wow. Thank you for this. I like to consider myself relatively aware and I had no idea this was a thing. Thanks!

WellsiteGeo

@Edent I'd call the number on my bank card from a different phone. And stay with them.
In the *unlikely* case that both calls are genuine, I can "sneakernet" case numbers between calls.

a libi rose

@Edent you're making a leap by assuming i answer phone calls

A human being

@Edent That is so clever, but so obvious when the scam is laid out in front of you. Ingenious.

Resting Facebitch

@Edent The notification would freak me the living fuck out I'd hang up, immediately transfer everything in that account to one of my other accounts and then ask the bank questions later.

That's provided I actually answered my phone in the first place.

funnymonkey

@Edent Always, always, always confirm out of band, via a number or other means of contact that you find independently, and initiate the contact.

V is for...

@Edent would have hung up long before that. Have a strict call bank myself only and from a different phone.

Camp Crystal Lake Counselor

@Edent to me it would be an obvious scam bc I don't have banking apps on my phone.

Arun Mani J

@Edent I once transferred a large amount of money from my phone. Immediately I got call from a unknown number. Due to my past experience with unknown numbers, I decided to hang it up.
Later becoming curious, I checked the number on TrueCaller and found that it was from my bank.
May be they called to confirm that it was actually me who transferred the amount or something bad happened?
I immediately checked all the transactions and found nothing suspicious.

Juhis

@Edent I try to teach my family to reply "let me call you back" and then calling the actual bank's number. Same with emails or texts: never click through links.

That said, I might still get scammed in the heat of the moment.

AskPippa🇨🇦

@Edent If I get a call, and I'm at my computer, I'll log into my account to see what's going on right at that moment.

Dragon-sided D

@Edent

1. Who actually takes phone calls from numbers we don't know? Mine go to VM.

2. Banking apps? Not a good idea. Phones are too ripe an attack surface and banks too poor at IT.

Laura Lis Scott

@Edent @BobDevney Scam. You have no idea who they are, whatever fancy pants “authentication” they offer. Remember that all our private info has been sold and/or stolen too many times to count.

If you really think it’s legit, hang up anyway and call your bank directly at their actual phone number.

GhostOnTheHalfShell

@Edent

In every case, I will call the number on the back of my related bank card or visit my bank's site by typing in the name directly on my search bar.

Pooblemoo

@Edent For me it is because I don't bank with Chase.

Zen Heathen

@Edent My bank called me once. Caller id: "private". Said they were my bank, started to ask me identifying questions.

I said no. He said "what?" Couldn't understand why I wasn't going to answer. I explained that I didn't *know* it was the bank, and could be giving out my info to a stranger to steal my identity.

I said I would hang up, call my bank myself, and then they could tell me what they needed to. He was still confused.

In the end, you know what it was? A sales call. I raised hell.

DELETED

@Edent Lol. They have my number already. That proves nothing other than the chance that they’re especially crafty scammers. If it is your bank - they’ll send you a postal letter on letterhead with a name and number to call or an in-app message that you’ll see upon login. @lisamelton

mkj

@Edent I got this one right, but of course it's easy to be an "armchair warrior".

My thinking was that: sure, this might actually be a legit notification from the legit bank's legit app and legitimately about what it purports to be, but *how do I know it's about the call I AM ON?*

Nothing in the message ties the notification to the call *you're on*, so I can't be sure, so it's a reject.

tdietterich

@Edent This two-factor authentication is useless when both factors go to the same phone. One of my banks does this, and I can't figure out why they think it is secure.

jmjm

@Edent I'm sitting here in 2024 wondering why we still don't have authenticated caller id.

Pete

@Edent My bank or any other entity I do business with (cable, doctor etc), I hang up and call them using a number in my phone.

DawiLDanger

@Edent YES! As at least in Germany a bank would never ever call you and ask for a password, PIN, TAN, whatever on the phone. They even have that on their own website as an advice that such behaviour is always scam and never a clerk of theirs.
If a bank wants to talk business, they will invite you into their office, not discuss on the phone.

Ľuboš Moščovič

@Edent

The tricky part of this story is that sometimes banks do really call you - it happens to me whenever I do really nonstandard transaction.

Truth to be told I've always seen this as mixed blessing and I have also been "that weird one" who asks the caller for their name and do the callback to the known (read official telebanking) number of the bank...

My colleague once seen that and was like WTF you're doing dude, they're doing you a favour... and my answer was "never trust a caller, just loose one more minute and do the callback to a known and trusted number".

@Edent

The tricky part of this story is that sometimes banks do really call you - it happens to me whenever I do really nonstandard transaction.

Truth to be told I've always seen this as mixed blessing and I have also been "that weird one" who asks the caller for their name and do the callback to the known (read official telebanking) number of the bank...

Cobweb 🍂

@Edent well this just cements my hatred of answering the phone ever. I'll just continue to send unknown numbers to voicemail.

Paul Botts

@Edent This scenario is one more piece of support for my firm policy of never answering calls from unknown numbers.

Alnakar

@Edent joke's on them, I never answer my phone. Social anxiety FTW!

Increasingly I think the best advice to avoid scams is: ignore everything and hope it goes away.

Just pretend you didn't hear your phone ring. Pretend that email went to your spam folder. Assume that whatever it is will work itself out on its own. Surely they don't actually need to talk to me.

Fooling me into thinking they're my bank doesn't help them if I ignore my bank, too!

Douglas King

@Edent
My bank just went out of business. So I'm protected from this scam.
🔑🔒

Brad J. Murray (he)

@Edent Just handled a bunch of credit card fraud on my account but my bank called me to tell me to contact the fraud management line indicated on my card. Harder to insert a man in the middle if I am initiating to a known good number I guess.

Samhain Night 4 Harris

@Edent Yes. Anytime there’s any chance of a scam, (random phone call asking for money or account details), always hang up and contact the person of company yourself from a reliable phone number or website.

Brian Swetland

@Edent This is why whenever I get a call from my bank or credit card fraud dept, I thank them, hang up, and go find the number to call or login to the website. There's just no reasonable way to authenticate a random inbound call like this.

Enara :potion_genderfluid:❔

@Edent I'd say it's a scam. I would try to confirm with another method. Contact the bank online or from another phone if it's possible.

MostlyTato

@Edent
That's quite clever. However, I think the rule is to never agree to anything incoming unless you have initiated it. I think I'd hang up and call my bank so that I'm initiating the check.

Joe

@Edent I would thank them for "letting me know", hang up and call the bank back. I would not use any number the caller gives me, but would find the number from the bank's web page or the app.

Nonya Bidniss 🥥🌴

@Edent I refuse to put any financial app on my phone whatsoever.

Eggler

@Edent My bank usually just emails me, after blocking purchases I've made until I can confirm that yes, I did add much higher funds to my Steam account than usual.

It's annoying, but efficient.

LanguageMan1

@Edent I don't utilize banking apps nor do I typically do online banking. When they go digital, scammers will be even worse. If I got a text from someone saying they're from the bank, I wouldn't respond, hold onto the text and go directly to the bank and talk with the people directly who know me personally, and work with them on attempting to catch the perpetrators.

Eric Murphy

@Edent best thing to do would be to hang up and call the bank yourself.

Aleggra

@Edent

Thanks. I’m already paranoid to the extent of making the sign of the cross when I see anything Google. I’d use a rosary & sprinkle Holy Water if I had any.

Glyph

@Edent @offby1 it is so frustrating, seeing this q and immediately knowing what the scam is and how to fix it and never being anywhere near proximity to the actual decision makers who can prevent stuff like this. Like please point me at a bank executive and let me give them a security design and threat modeling training, for the love of god

Mx Amber Alex

@Edent they call me, they call bank, bank 2FAs me, I accept, they get in.

My bank has never called me, in all the years I've been with them. Not once. If they did, I would hang up.

Wilhelm

@Edent Chiming in to say I experienced this scam with Capital One, who uses in app notifications or text messages for verification. I only barely caught on to it in time to tell them I'd hang up and call them back.

Come to find out, Capital One does not cold call you for suspected fraud under any circumstances.

Wordsmurf of Mouthshire :emacs: 🍄

@Edent@mastodon.social Definitely. My habit is to receive the fraud notice call, then hang up, and dial the number on the back of my bank card. If it's really fraud, they'll know about it and we continue. Otherwise, it was a scam and I dodged a bullet.

Matias

@Edent@mastodon.social Easy one: I'd judge by the dialect. My bank is located in a small western Norwegian town called Voss. Everyone who work there speak the Voss dialect. And people at Voss don't do frauds 😎

Iwillyeah

@Edent my bank call me and ask me security questions. No, bitch, you rang me, I should be asking you the security questions.

Quinn Comendant

@Edent If you call Bank of America, they will verify you using a code sent by SMS that contains, “DO NOT share this Sign In code.”

I’ll confirm with the agent that they’re asking for the one that says under no circumstances am I to share with anyone, and they reply cheerfully, “yeah that’s the one.” 🤦‍♂️

#bank #security #SecurityFail #phishing

tj usiyan

@Edent genuine question here…

in-app notifications can be ‘easily' spoofed? I hadn't considered it before. I guess they aren't so special but it *is surprising* to hear.

食 Shoku the MN Wolf

@Edent yes it's a scam. Person calling is trickling you into accepting a 2 step verification prompt.

Cybarbie

@Edent I would never but I bet very many would fall for this.

thepoliticalcat

@Edent Yes. My bank damn well KNOWS not to call me.

James Britt

@Edent

I'm at the point where I assume everything is a scam. I got a call from someone claiming to be a postal cop. I told him to eff off, post office doesn't call people and hung up.

Later I learned that in fact he was telling the truth, but understood my skepticism. (It was related to the theft of a mail piece.)

But even still I think the right scam at the right time would fool me.

Gothish Andy

@Edent I once had a scam call from someone claiming they were from the FSA (UK financial regulator) saying they were processing a refund from.... somewhere or other. I started laughing, and asked if my mate Steve had set him up to this, then "go on then, do your script". I kept laughing, he started laughing, trying to get through his scam script.

I explained my wife worked for the regulator and that the FSA regulates companies, not customers.....

Blippy the Wonder Slug 🇩🇪

@Edent
Yep. 😜 My banks only have my land-line. Ditto my cable/internet provider.

In theory, this device has a phone number, but I only have a data plan: it's just a pocket personal computer.

Ruth [☕️ 👩🏻‍💻📚✍🏻🧵🪡🍵]

@Edent yes but only because I know that this should only be triggered if I call them. BUT. I can absolutely see and sympathize with someone dealing with this.

Gareth

@Edent oof, that’s rough.

Reading the post, the first red flag was when they advised that because of fraud, they need to transfer their money to a different account. That’s a classic scam technique there.

But if you’re not aware of that, are maybe a bit tired/distracted/in a hurry AND get a legit notification from your bank app? That’s scary.

Stuart Longland (VK4MSL)

@Edent The banks seem to think they can "technology" their way out of social problems.

Social problems (e.g. social engineering), require social solutions.

Sorry shareholders, that means keeping bank branches open, for longer, so people can meet, in person.

J. "Henry" Waugh

@Edent and this is why I have taken what some may see as extreme lengths

If I am called about fraud, I hang up and call the 800 number my bank gave me that I know will get me to an automated system to verify transactions

This way, unless they're doing Sneakers (1992) style phone circuit interception, I'm safe

Whether this level of paranoia suits, I leave to the decision of each reader

EveryDay Human Derek

@Edent
I hang up with them and call my bank login to website with a physical usb key and speak to the fraud dept and report what happened and verify authenticity period. :) If I know how things can be exploited I know criminals do as well.

essjax

@Edent I had my bank call me about suspected fraud and they had no way for me to confirm they were legit. I said I'd call them back and they didn't have an external number I could call. Their tone suggested nobody had ever checked. One of the biggest banks in Australia / NZ.

mike805

@Edent That's viciously effective. Makes me glad I don't use banking apps. (I use the website with 2fa.)

I did get a call from the power company who had all my details and was demanding an immediate payment. I checked on the website and nothing was due, so that was a scam. They are convincing. "Hang up and call back" is the only safe move.

Bill Zaumen

@Edent That scam wouldn't work on me: no app. Why can't the bank send each party a GPG-signed and encrypted email with two codes. Each person reads one of them and the other verifies it. A third party shouldn't get the email and can't read it if they did get it.

Gik :prami:

@Edent you scammed me at Bank Cold Call

DELETED

@Edent Always and without exception, hang up, and call the bank or whatever entity called and verify.

RobieTheCat

@Edent There's only two ways I'll accept a notification from a business. If I'm in the room with them, like at my wireless company, or if I'm on a website trying to make a purchase. No one in the middle. Most places won't call you. And if they do, take a message, go to their business or call them at a number you know os legit.

Cosvak

@Edent this day and age where you can tap into someone's phone, nah, I go straight to your bank and talk to someone in person

Go Up