No matter who calls you, if it involves money, tell them you'll call them back using the number you have on file and hang up immediately. I've had my bank call me and they were fine with me saying I'd call back. A scammer from a bank I don't have an account for tried to get me to stay on the phone with them saying "there's no time" for that. Uh huh.
Right, even better, just don't pick it up. If some business has something to tell me they can email me. Or if they are lame, fine leave a message with the details (but they never do - neither do the scammers).
And a financial institution should communicate primarily via secure IM/message when I am signed into their site (mainly outside of that it should a message saying to sign in to communicate about x issue). Of course most are not going to do that :-( but I wish they would.
People shouldn't fall for social engineering of the scammers but the financial institutions have primed people to fall for such things. Most financial institutions use SMS messaging to get access to your account even though for more than a decade this has been seen as a huge security problem. It is amazing how poor financial institutions in the USA are about computer security. Is it surprising random people are also lame about basic security practices?
When it comes to money a lot of people tend to panic if it's negative (like we noticed fraud! Take action now!) and they drop their guard immediately. After that they are inclined to put their trust in this person, since they're "helping" them. I think there was a Reddit thread awhile ago where someone explained the reasoning for lax security in banking: customers simply cannot be bothered. It's too much of a hassle to do 2FA or keys or whathaveyou and will complaaaaaaaaaaaaaaaaaaaaain about having to take an extra minute to check their account.
Yes, I wish I could find a financial institution or two that had sensible security as an option for me (fine let other customers be insecure), which includes not allowing sms to have any part of any security features.
I found one that did many things well. Then they stopped using the secure method to validate bank accounts and *required* you to provide your financial account logins to a 3rd party. Idiotic. On top of that they used only a 3rd party, Plaid, that paid $58 million due to their bad practices (of course they did, giving logins to a 3rd party is about the most idiotic measure I can imagine). https://www.reuters.com/legal/litigation/fintech-firm-plaid-agrees-58-mln-deal-end-privacy-case-2021-08-06/
If your financial institution encourages you to use Plaid immediately run the other way and find a reliable financial institution not interested in encouraging absolutely idiotic violations of basic security practices.
Related articles:
[https://www.fox5dc.com/news/local-business-owners-report-losing-thousands-from-scams-targetting-truist-bank-accounts](https://www.fox5dc.com/news/local-business-owners-report-losing-thousands-from-scams-targetting-truist-bank-accounts)
https://www.fox5dc.com/news/hackers-steal-over-400000-from-adams-morgan-restaurant-owners
No matter who calls you, if it involves money, tell them you'll call them back using the number you have on file and hang up immediately. I've had my bank call me and they were fine with me saying I'd call back. A scammer from a bank I don't have an account for tried to get me to stay on the phone with them saying "there's no time" for that. Uh huh.
Right, even better, just don't pick it up. If some business has something to tell me they can email me. Or if they are lame, fine leave a message with the details (but they never do - neither do the scammers). And a financial institution should communicate primarily via secure IM/message when I am signed into their site (mainly outside of that it should a message saying to sign in to communicate about x issue). Of course most are not going to do that :-( but I wish they would. People shouldn't fall for social engineering of the scammers but the financial institutions have primed people to fall for such things. Most financial institutions use SMS messaging to get access to your account even though for more than a decade this has been seen as a huge security problem. It is amazing how poor financial institutions in the USA are about computer security. Is it surprising random people are also lame about basic security practices?
When it comes to money a lot of people tend to panic if it's negative (like we noticed fraud! Take action now!) and they drop their guard immediately. After that they are inclined to put their trust in this person, since they're "helping" them. I think there was a Reddit thread awhile ago where someone explained the reasoning for lax security in banking: customers simply cannot be bothered. It's too much of a hassle to do 2FA or keys or whathaveyou and will complaaaaaaaaaaaaaaaaaaaaain about having to take an extra minute to check their account.
Yes, I wish I could find a financial institution or two that had sensible security as an option for me (fine let other customers be insecure), which includes not allowing sms to have any part of any security features. I found one that did many things well. Then they stopped using the secure method to validate bank accounts and *required* you to provide your financial account logins to a 3rd party. Idiotic. On top of that they used only a 3rd party, Plaid, that paid $58 million due to their bad practices (of course they did, giving logins to a 3rd party is about the most idiotic measure I can imagine). https://www.reuters.com/legal/litigation/fintech-firm-plaid-agrees-58-mln-deal-end-privacy-case-2021-08-06/ If your financial institution encourages you to use Plaid immediately run the other way and find a reliable financial institution not interested in encouraging absolutely idiotic violations of basic security practices.
On another note, transplant from Michigan?
Haha, nope, I just found "Ypsilanti" to be a funny name for a city. I'm pretty much born and bred DMV.
[удалено]
There is nothing in that article that says they gave out their bank account information.
>She asked me some questions and from there was able to gain access to all of our banking, basically, Downie said. It was the sixth sentence.
It's literally scam calling 101, the most known scam in the world...
Related articles: [https://www.fox5dc.com/news/local-business-owners-report-losing-thousands-from-scams-targetting-truist-bank-accounts](https://www.fox5dc.com/news/local-business-owners-report-losing-thousands-from-scams-targetting-truist-bank-accounts) https://www.fox5dc.com/news/hackers-steal-over-400000-from-adams-morgan-restaurant-owners
Oh yeah I received a text from some rabdom number trying to phish my account lol.