fsebugoutzone.org:9999

Post AhuBjMujLJ0WaFNF4K by torgo@mastodon.social
(DIR) More posts by torgo@mastodon.social
(DIR) Post #AhUllnT1rALSk7TmOe by Edent@mastodon.social
2024-05-02T16:22:17Z

2 likes, 0 repeats

You receive a call on your phone.The caller says they&#39;re from your bank and they&#39;re calling about a suspected fraud.&quot;Oh yeah,&quot; you think. Obvious scam, right?The caller says &quot;I&#39;ll send you an in-app notification to prove I&#39;m calling from your bank.&quot;Your phone buzzes. You tap the notification This is what you see.Still think it is a scam?1/3

(DIR) Post #AhUlloPAN0qjeQgD0y by smallsees@social.dropbear.xyz
2024-05-02T22:59:30Z

0 likes, 0 repeats

@Edent They&#39;re getting clever. Like the one where &quot;the bank&quot; rings you and asks about a transaction of $x for Y. You look and see that transaction in your account; only the bank can see this, right?Except it was the scammers that did that transaction knowing it would fail, but they obviously know the amount and details.

(DIR) Post #AhUlloXfrNeg4of0HA by Edent@mastodon.social
2024-05-02T16:24:18Z

3 likes, 0 repeats

The scammer is on the phone to you.Their accomplice is on the phone to your bank, pretending to be you.Your bank send you the notification.You accept, and scammers proceed to drain your account.Someone has just lost £18,000 because of this.https://www.reddit.com/r/UKPersonalFinance/comments/1cih3kd/been_scammed_over_18000_through_my_chase_account/2/3

(DIR) Post #AhUllpdjmK6DTuVMMi by Edent@mastodon.social
2024-05-02T16:26:21Z

2 likes, 0 repeats

It *is* a genuine notification. But it isn&#39;t confirming the bank is calling you.Should the bank word that differently?In a rush, would you read it thoroughly?Most likely, in a panic about the fraud, you&#39;d confirm it was a genuine notification (it is!) and accept it.3/3

(DIR) Post #AhUrrAf3eH3Tqo3Fxo by drgeraint@glasgow.social
2024-05-03T00:07:52Z

0 likes, 0 repeats

@Edent Ouch! Rule #1 with banks: if they phone you, decline to engage or prove who you are and tell them to send you a letter.

(DIR) Post #AhV4XaXT1e8LilUfRI by danmcd@hostux.social
2024-05-02T18:47:03Z

1 likes, 0 repeats

@Edent Wow a man-in-the-middle attack with a real life person actually in the middle! 😮

(DIR) Post #AhVpU8oYLMPSiDLMMi by SuperDicq@minidisc.tokyo
2024-05-03T11:15:49.680Z

0 likes, 0 repeats

@Edent@mastodon.social Another good reason to say no to proprietary banking apps. My bank account can only be accessed using a physical non-internet connected 2FA key device.

(DIR) Post #AhVq11gZruZI9wIHWC by Edent@mastodon.social
2024-05-03T11:20:54Z

0 likes, 0 repeats

@SuperDicq my banking app also supports a physical 2FA token. So what?

(DIR) Post #AhVq12Uuqkpmg3qTyq by SuperDicq@minidisc.tokyo
2024-05-03T11:21:56.822Z

0 likes, 0 repeats

@Edent@mastodon.social You can&#39;t get fooled by notifications like this if you don&#39;t have a banking app.

(DIR) Post #AhVqgDLHR14gBTyKuG by Edent@mastodon.social
2024-05-03T11:22:58Z

0 likes, 0 repeats

@SuperDicq sure, but you also can&#39;t check your balance. Send money to friends. Receive an alert when your card is used fraudulently. Or any of a 100 useful things.Telling people to give up extremely convenient features isn&#39;t the answer here.

(DIR) Post #AhVqgDkRvRCvRXkR8a by SuperDicq@minidisc.tokyo
2024-05-03T11:28:10.147Z

1 likes, 0 repeats

@Edent@mastodon.social I can still do those things, my bank in particular has a decent API and someone wrote a CLI client for it actually.But yeah I know giving up &quot;convenience&quot; isn&#39;t a good answer here. First of all it&#39;s educating people on how to not get scammed. and Secondly it&#39;s telling banks to take security seriously by also making them liable in case one of their customers gets scammed by fraud like this.

(DIR) Post #AhVr92sjPCdW8iMme0 by mark@waterford.international
2024-05-02T21:37:55Z

0 likes, 0 repeats

@Edent I think we need to become really stupid and stubborn, because smart is not going to help. They’ve thought it through. 1. If they call you, hang up, find the number yourself, call back. Even for probably genuine calls. Make it a habit. 2. The only thing that might be happening now, in real time, in a rush, is a scam. There is never a rush. I wonder will this advice continue to hold.

(DIR) Post #AhVr93feTJlgaRFqtc by gentooP@social.mikutter.hachune.net
2024-05-03T11:34:38Z

0 likes, 0 repeats

@Edent @mark Problem is your phone could&#39;ve redirected to the scammers phone and not the legitimate one.Best to go straight to the branch office.

(DIR) Post #AhVv3MktHTR4rugP2G by mark@waterford.international
2024-05-03T12:18:24Z

0 likes, 0 repeats

@gentooP @Edent How, if you’re calling the number?

(DIR) Post #AhW2IAlipPp5iR4yY4 by gentooP@social.mikutter.hachune.net
2024-05-03T13:39:33Z

0 likes, 0 repeats

@mark @Edent Spoofing from your phone or somewhere along the line. Just redirects to their phone while the phone thinks it&#39;s to the number you dialed.

(DIR) Post #AhuBjMujLJ0WaFNF4K by torgo@mastodon.social
2024-05-06T07:31:36Z

0 likes, 0 repeats

@Edent my rule is never to give any information to someone who calls me - ever. I don&#39;t answer calls from numbers I don&#39;t recognise, which I think also deters this kind of scam. If I get a notification, receive a letter in the post (has happened), or get a call about fraud, I call the bank on the number on my card or on their web site.

(DIR) Post #Ai6oMuVmUPKwEXVO7M by kasperd@westergaard.social
2024-05-03T08:20:10.006528Z

0 likes, 0 repeats

Instead of the option to say &quot;Yes&quot; they could give you three options:I am calling the bankI received a call from the bankI am not on the phone with the bankMight not be foolproof either, it&#39;s difficult to predict how social engineering attacks would adapt to that.

(DIR) Post #Ai6oMvO1Ekiowksheq by michael@westergaard.social
2024-05-03T14:08:32.914466Z

0 likes, 0 repeats

Just include a number that&#39;s a known base to the power of a secret picked by the bank modulo a known number. You then respond with another number that&#39;s the same known base to the power of a secret number picked by using the same modulo. Now, simply encrypt the entire conversation using the communicated numbers to the power of the other side&#39;s secret number. Simple as, really.

(DIR) Post #AtizjRxTheF9czskLI by xinit@mastodon.coffee
2024-05-03T08:52:36Z

0 likes, 0 repeats

@Extelec @Edent The trouble here is that it&#39;s a legitimate popup from the legitimate bank initiated by a legitimate bank employee. I&#39;m not sure how I&#39;d improve this, but I think banking apps should kill this verification approach.

(DIR) Post #AtizjTv4PZVPi6lqro by sahqon@beige.party
2025-05-03T13:06:39Z

0 likes, 1 repeats

@xinit @Extelec @Edent The only reliable way of dealing with any scam is to put the damn phone down and then call up the number (from your own list or from looking up their website or whatever&#39;s on your papers) of whoever they pretended to be. Companies need to stop calling people and asking for details and so conditioning everybody to just accept that incoming calls are legit.

(DIR) Post #AtnZopkX370JqSX5vc by dequbed@mastodon.chaosfield.at
2025-05-04T10:28:12Z

1 likes, 0 repeats

@neil &gt; if the person at the end of the phone is annoyed or grumpy, that&#39;s a good sign that it is not us.I like that line. It&#39;s a very good line. :D@babe @Edent

(DIR) Post #AtngFxd2SieNpFLWr2 by brettm@swarm.coiloptic.org
2025-05-06T00:21:49Z

0 likes, 0 repeats

@Edent@mastodon.social yes because I would never install a bank app on my phone 🙂

(DIR) Post #AtoE5XqSrmp9PBpaFM by simonwood@mastodon.social
2024-05-02T16:29:41Z

0 likes, 0 repeats

@Edent I think I’d be taken in by that. My thought was: why do they need to check they’re on the phone to me if *they* called *me*? But on balance I’d decided it was just poor wording or an ill thought through system (both of which I still think, in fact!) so I wouldn’t have challenged it.

(DIR) Post #AtoE5YxEk5pqqU0VRQ by flabberghaster@mas.to
2024-05-02T16:39:40Z

0 likes, 0 repeats

@simonwood @Edent one might assume even if they believed the bank was calling them, that they still need to confirm they got you and not someone else.

(DIR) Post #AtoE5Zt1HG3Xjh2eVU by simonwood@mastodon.social
2024-05-02T16:43:30Z

0 likes, 0 repeats

@flabberghaster @Edent I have had my actual bank call me, and then ask me (via security questions) to verify that I am actually me. I feel that was *training* customers to divulge information insecurely, as I had no way of knowing that they were who they were, and they wouldn’t have provided it if I’d gone along with their request.

(DIR) Post #AtoE5avtO3wqytOSci by flabberghaster@mas.to
2024-05-02T16:46:04Z

0 likes, 0 repeats

@simonwood @Edent yeah, same. I had told my bank I intended to travel internationally and then when I got there my card stopped working and they called me saying there was suspected fraud on my card. I knew it was legit because I called back on the number on my card, but I think it&#39;s bad practice to initiate calls.

(DIR) Post #AtoE5beugfxdEWSPnU by gunchleoc@mastodon.scot
2024-05-02T17:35:12Z

1 likes, 0 repeats

@flabberghaster @simonwood @Edent Yes, always call back on a phone number that you know to be legit when your &quot;bank&quot; calls.