Email or username:

Password:

Forgot your password?
Top-level
Quinn Comendant

@Edent If you call Bank of America, they will verify you using a code sent by SMS that contains, “DO NOT share this Sign In code.”

I’ll confirm with the agent that they’re asking for the one that says under no circumstances am I to share with anyone, and they reply cheerfully, “yeah that’s the one.” 🤦‍♂️

#bank #security #SecurityFail #phishing

A screenshot of a SMS continuing the text: “BofA: DO NOT share this Sign In code. We will NEVER call you or text you for it.
Code 437885. Reply HELP if you didn't request it.”
3 comments
Terence Eden

@com
What are you meant to do with that code though?
Surely you have to share it to use it.

Quinn Comendant

@Edent It’s the same message used for 2FA, i.e., website login.

Terence Eden

@com
So you have to share the code with the login page, right?
Even though it says don't share it.
And that's why people get confused about they are supposed to do.

Go Up