Comment by pavel_lishin
4 months ago
> my financial accounts are safe unless the attacker breaches my bank to find out the email account I use with them first.
It's entirely possible that someone can accomplish this with a phone call to your financial institution's customer help line.
"Oh gosh, I'm sorry, I forgot whether I used my email address or my wife's for this account - can you tell me what's on file?"
I wonder how that would work if they cannot prove my identity first by telling the representative a code sent to my phone number. I would expect the bank to tell the attacker to go into the local branch with identification.
Social Engineering. You would expect the bank too but not so. These scummy people are good at manipulation.
Humans are very exploitable.
"Im ever so sorry; but I am unable to get to the bank right now, my mother was in an accident and I need to get to the hospital in 30 minutes. Is there any other way?" "No? Can you do it for me".
Playing empathy over the phone gets you places as does wearing a workers Hi-Vis jacket to get in to back stage at festivals.
My bank would happily say too bad. I have had them insist on getting me into the branch for absurd things in the past.