Comment by ryao
4 months ago
I have a simple defense against this. I use a special email account for financial information that only my email provider, myself and my financial institutions know to exist. Even if I tap yes instead of no by mistake on a prompt like this, my financial accounts are safe unless the attacker breaches my bank to find out the email account I use with them first.
> my financial accounts are safe unless the attacker breaches my bank to find out the email account I use with them first.
It's entirely possible that someone can accomplish this with a phone call to your financial institution's customer help line.
"Oh gosh, I'm sorry, I forgot whether I used my email address or my wife's for this account - can you tell me what's on file?"
I wonder how that would work if they cannot prove my identity first by telling the representative a code sent to my phone number. I would expect the bank to tell the attacker to go into the local branch with identification.
Social Engineering. You would expect the bank too but not so. These scummy people are good at manipulation.
Humans are very exploitable.
"Im ever so sorry; but I am unable to get to the bank right now, my mother was in an accident and I need to get to the hospital in 30 minutes. Is there any other way?" "No? Can you do it for me".
Playing empathy over the phone gets you places as does wearing a workers Hi-Vis jacket to get in to back stage at festivals.
1 reply →