@Edent If you call Bank of America, they will verify...

@Edent If you call Bank of America, they will verify you using a code sent by SMS that contains, “DO NOT share this Sign In code.”

I’ll confirm with the agent that they’re asking for the one that says under no circumstances am I to share with anyone, and they reply cheerfully, “yeah that’s the one.” 🤦‍♂️

#bank #security #SecurityFail #phishing

A screenshot of a SMS continuing the text: “BofA: DO NOT share this Sign In code. We will NEVER call you or text you for it.
Code 437885. Reply HELP if you didn't request it.”

Like 2 May at 20:33 | Wall-to-wall | Open on mastodon.social

3 comments

Terence Eden

@com
What are you meant to do with that code though?
Surely you have to share it to use it.

2 May at 20:44 | Open on mastodon.social

Quinn Comendant

@Edent It’s the same message used for 2FA, i.e., website login.

2 May at 21:21 | Open on mastodon.social

Terence Eden

@com
So you have to share the code with the login page, right?
Even though it says don't share it.
And that's why people get confused about they are supposed to do.

2 May at 21:29 | Open on mastodon.social

Go Up