Top-level
19 comments
@glitzersachen @CaptainJanegay @Extelec @Edent if you think this is quite obvious I feel sorry for your users. @iokiwi @glitzersachen @Extelec @Edent Yes. I'm also not so much interested in whether it's obvious to a working-age, relatively tech savvy adult who's paying attention. I want to know if it's obvious to my last scam-related client, who was a woman in her 70s, run off her feet caring for her husband who had dementia, already worried about money, and who picked up the call - thinking it could be a family emergency - while she was cooking dinner & running late. @CaptainJanegay @iokiwi @glitzersachen @Extelec @Edent Iβm a working age, very tech savvy adult who is paying attention, and this absolutely might still get me if the timing of the notification was right. @TheEjj @CaptainJanegay @iokiwi @glitzersachen @Extelec @Edent the notification absolutely should've said "did you call us" rather than "are you on the phone with us". Even that's easy to miss but one would nees to be very paranoid to suspect this one. @TheEjj @CaptainJanegay @glitzersachen @Extelec @Edent just reminded me about this article from @pluralistic published a couple months ago about how he got scammed. https://pluralistic.net/2024/02/05/cyber-dunning-kruger/#swiss-cheese-security My mistake --- I wanted to answer to the OP, not not yours or satisfy *your* interest. My heartfelt apologies. @iokiwi @glitzersachen @CaptainJanegay @Extelec @Edent Yes, the reaction is correct, but it is far from obvious to most people. Or even people who know better, if you catch them at the right moment. @glitzersachen @CaptainJanegay @Extelec @Edent 'on path attack' now. It's also not obvious at all. If a non-tech person gets this they'd assume it was safe. @glitzersachen @CaptainJanegay @Extelec @Edent itβs obvious to us that have to deal with fraud every day. Not so obvious to someone who is concerned about losing their life savings in the moment. @glitzersachen @CaptainJanegay @Extelec @Edent I don't think it's that obvious at all. It's a real notification from the bank. They still shouldn't be calling you like that but people do that. Making them let you call them is the right decision, though. With the said, calling the front of the bank probably won't work for Chase. Not unless your bank account has a couple more zeros in it than mine does and if that's the case you probably have your own concierge line or something like that. @glitzersachen @CaptainJanegay @Extelec @Edent Edit: I think he meant he'd ask for a name and *badge* number and then call a published phone number (the front desk) and ask to be connected to that person. This is the correct answer but most banks make this difficult in practice. @CaptainJanegay @Extelec @Edent @Doomed_Daniel @Extelec @Edent Yes, but in most cases they won't know your password, so they won't be able to confirm via the notification @CaptainJanegay I disagree and I would say it is not normal at all, in fact some banks will tell you outright that they will never ask for these types of codes and that it is a common scam. Right, but in this scenario you're seeing this notification because your bank *does* use these notifications to authenticate you when you call them. It's just being framed by the person on the phone in the reverse, as authenticating them to you. @hapidjus It is normal to be asked, by your banking app, to re-enter your passcode to confirm certain actions you can take within the app @CaptainJanegay Nobody was asking for a passcode here though, and there is a grammar mistake in "on the phone to us". I will agree that if *I* am the one who manually opened the app and tried to do something, then confirming the authentication is normal in some instances, yes. And I will admit the screenshot is indeed misleading either way, I can still see many people falling for it. I think the entire flow of having the app ask for permission for something done over the phone is flawed. @hapidjus @CaptainJanegay In fact the verb is the clue. "..with us" = We called you. "...to us". = You called us. |
@CaptainJanegay @Extelec @Edent
It's a men in the middle attack. And quite obvious in my opinion.
Only proper reaction: I call you back, gimme a number and your name. Then phone via the front desk of your bank.