Email or username:

Password:

Forgot your password?
Terence's posts Post Back to profile
Top-level
Captain Janegay đź«–

@simonwood @Edent The bank do need to confirm that: they only know that they called your number, but they can't be sure that you picked up - maybe someone else has access to your phone, or it's been lost or stolen, or you changed your number and forgot to tell them.

Unfortunately this only makes this attack more persuasive.

Telling them you'll hang up and call back on the main number is a good option, and the bank employee should always be happy for you to do so.

Buuut this is Chase...

2 May at 16:57 | Wall-to-wall | Open on mastodon.coffee
7 comments
Simon Wood

@CaptainJanegay @Edent Maybe someone else has access to your phone, so they’re going to send a push notification to your phone to verify it's really you? 🤔

2 May at 16:59 | Open on mastodon.social
Captain Janegay đź«–

@simonwood @Edent Well, it asks for your password as well, which would significantly increase their confidence - although ofc this notification is not actually used to verify your identity in that situation.

But my point is that it's entirely believable that the bank would need *some* kind of verification when they call you, and a lot of people won't pick up on inconsistencies like this, especially when they've just been told someone has fraudulently taken ÂŁ300 out of their account

2 May at 17:08 | Open on mastodon.coffee
Simon Wood

@CaptainJanegay @Edent Very true.

Asking for verification is ok, but it amazes me they don’t work on customer expectations - what you will be asked for when the bank calls - and also customers’ fraud literacy - how we can and should verify them!

2 May at 17:17 | Open on mastodon.social
BarryP

@CaptainJanegay @simonwood @Edent We get landline calls in the UK from “your bank’s security department”. Recent ones have spoofed the local area code.
Main “alarm bell” with that is that our bank, or indeed any other, doesn’t have a branch/office in the three towns covered by the area code.

2 May at 20:45 | Open on mas.to
dragonfrog, hungry waffle

@CaptainJanegay @simonwood @Edent

It is being used to verify your identity though. The scammer has presented it to you as if it's verifying their identity to you, but it's actually verifying your identity to the bank.

The notification could be improved with something like "if you have just called the bank, enter your passcode to continue. If instead someone claiming to be from the bank has called you, they are trying to defraud you and you should immediately hang up and call the bank."

2 May at 23:05 | Open on mastodon.sdf.org
dragonfrog, hungry waffle

@CaptainJanegay @simonwood @Edent

They could I guess also have an option to push out a notification to go with their outbound calls, "The bank is calling you. You seeing notification confirms that the caller really is from the bank. Please enter your passcode to confirm to the caller from the bank that you really are you."

2 May at 23:08 | Open on mastodon.sdf.org
Captain Janegay đź«–

@dragonfrog @simonwood @Edent Yes, you're right - I mean that in the fake scenario the scammer is presenting you, where the bank has called you, the bank does not use this notification to verify you. They only use it if you call the bank. But there's really very little opportunity for most customers to figure that out.

2 May at 23:37 | Open on mastodon.coffee
Go Up