2) "Ok. We've blocked the transaction. To verify that I am speaking to Pieter, what is your member number?" Me: <gives member number> (that number, by itself, is useless).
-
-
Prikaži ovu nit
-
3) "We've sent a verification pin to your phone." ~ Gets verification pin text from bank's regular number ~ Me: <reads out the pin>
Prikaži ovu nit -
4) "Ok. I am going to read some other transactions, tell me if these are yours. ~ Reads transactions ~" Me: Yes. These are all legitimate transactions I made
Prikaži ovu nit -
5) "Thank you! We now want to block the pin on your account, so you get a fraud alert when it is used again. What is your pin?" Me: Are you effing kidding me, no way.
Prikaži ovu nit -
6) Ok! But than we can't block your card Me: that is bs. ~ hangs up, calls the fraud department of bank ~
Prikaži ovu nit -
--> Once I gave my member number, the attacker used the password reset flow to trigger a text message from the bank. --> They used this to gain access to the account. --> Then read some of my transactions to give the call more credibility
Prikaži ovu nit -
--> Needed the pin to send money, failed at that step. --> Everything before the "what is your pin" seemed totally legitimate. English was perfect. The bank verification code, sent by the expected number, tricked me. --> The asking for my pin over the phone... not so much.
Prikaži ovu nit -
Stay safe out there people. And now... joyfully resetting all my passwords, filing a police report, getting additional fraud detection in place. Never a dull moment!
Prikaži ovu nit
Kraj razgovora
Novi razgovor -
-
-
Brilliant hack, on the original call though, did it show as coming from the bank?
-
It just showed the number, and the 3-digit area code for my bank branch was correct. That being said, I do not have my bank in my contacts list. Not sure if they are consistent in using a single phone number, but if they do, adding it to my contacts would have helped here.
- Još 10 drugih odgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.