Email or username:

Password:

Forgot your password?
Terence's posts Post Back to profile
Top-level
Glitzersachen.de

@CaptainJanegay @Extelec @Edent

It's a men in the middle attack. And quite obvious in my opinion.

Only proper reaction: I call you back, gimme a number and your name. Then phone via the front desk of your bank.

2 May at 20:00 | Wall-to-wall | Open on hachyderm.io
11 comments
Simon

@glitzersachen @CaptainJanegay @Extelec @Edent if you think this is quite obvious I feel sorry for your users.

2 May at 20:32 | Open on infosec.exchange
Captain Janegay πŸ«–

@iokiwi @glitzersachen @Extelec @Edent Yes. I'm also not so much interested in whether it's obvious to a working-age, relatively tech savvy adult who's paying attention.

I want to know if it's obvious to my last scam-related client, who was a woman in her 70s, run off her feet caring for her husband who had dementia, already worried about money, and who picked up the call - thinking it could be a family emergency - while she was cooking dinner & running late.

2 May at 21:20 | Open on mastodon.coffee
TheEjj

@CaptainJanegay @iokiwi @glitzersachen @Extelec @Edent I’m a working age, very tech savvy adult who is paying attention, and this absolutely might still get me if the timing of the notification was right.

2 May at 22:38 | Open on mastodon.social
DELETED

@TheEjj @CaptainJanegay @iokiwi @glitzersachen @Extelec @Edent the notification absolutely should've said "did you call us" rather than "are you on the phone with us". Even that's easy to miss but one would nees to be very paranoid to suspect this one.

2 May at 22:53 | Open on mastodon.social
Simon
Glitzersachen.de

@CaptainJanegay

My mistake --- I wanted to answer to the OP, not not yours or satisfy *your* interest. My heartfelt apologies.

@iokiwi@infosec.exchange @Extelec @Edent

3 May at 1:15 | Open on hachyderm.io
Simon Green

@iokiwi @glitzersachen @CaptainJanegay @Extelec @Edent Yes, the reaction is correct, but it is far from obvious to most people. Or even people who know better, if you catch them at the right moment.

2 May at 22:49 | Open on mastodon.nz
🌱 Ligniform :donor:​

@glitzersachen @CaptainJanegay @Extelec @Edent 'on path attack' now. It's also not obvious at all. If a non-tech person gets this they'd assume it was safe.

2 May at 20:54 | Open on infosec.exchange
Kasey Strube

@glitzersachen @CaptainJanegay @Extelec @Edent it’s obvious to us that have to deal with fraud every day. Not so obvious to someone who is concerned about losing their life savings in the moment.

2 May at 23:53 | Open on techhub.social
winter

@glitzersachen @CaptainJanegay @Extelec @Edent I don't think it's that obvious at all. It's a real notification from the bank. They still shouldn't be calling you like that but people do that.

Making them let you call them is the right decision, though. With the said, calling the front of the bank probably won't work for Chase. Not unless your bank account has a couple more zeros in it than mine does and if that's the case you probably have your own concierge line or something like that.

3 May at 0:50 | Open on infosec.exchange
dbrand666

@glitzersachen @CaptainJanegay @Extelec @Edent
Did you mean an extension and a name? If you're calling a fake number from the bank, how does this help you?

Edit: I think he meant he'd ask for a name and *badge* number and then call a published phone number (the front desk) and ask to be connected to that person. This is the correct answer but most banks make this difficult in practice.

3 May at 1:36 | Open on mastodon.social
Go Up