Show newer
pies boosted
Terence Eden’s Blog

Bank scammers using genuine push notifications to trick their victims
https://shkspr.mobi/blog/2024/05/bank-scammers-using-genuine-push-notifications-to-trick-their-victims/

You receive a call on your phone. The polite call centre worker on the line asks for you by name, and gives the name of your bank. They say they're calling from your bank's fraud department.

"Yeah, right!" You think. Obvious scam, isn't it? You tell the caller to do unmentionable things to a goat. They sigh.

"I can assure you I'm calling from Chase bank. I understand you're sceptical. I'll send a push notification through the app so you can see this is a genuine call."

Your phone buzzes. You tap the notification and this pops up on screen:

This is obviously a genuine caller! This is a genuine pop-up, from the genuine app, which is protected by your genuine fingerprint. You tap the "Yes" button.

Why wouldn't you? The caller knows your name and bank and they have sent you an in-app notification. Surely that can only be done by the bank. Right?

Right!

This is a genuine notification. It was sent by the bank.

You proceed to do as the fraud department asks. You give them more details. You move your money into a safe account. You're told you'll hear from them in the morning.

Congratulations. You just got played. Scammers have stolen your life savings.

How the scam works

This is reasonably sophisticated, and it is easy to see why people fall for it.

The scammer calls you up. They keep you on the phone while...
The scammer's accomplice calls your bank. They pretend to be you. So...
The bank sends you an in-app alert.
You confirm the alert.
The scammer on the phone to your bank now has control of your account.

Look closer at what that pop is actually asking you to confirm.

We need to check it is you on the phone to us.

It isn't saying "This is us calling you - it is quite the opposite!

This pop-up is a security disaster. It should say something like:

Did you call us?
If someone has called you claiming to be from us hang up now
[Yes, I am calling Chase] - [No, someone called me]

I dare say most people would fall for this. Oh, not you! You're far too clever and sceptical. You'd hang up and call the number on your card. You'd spend a terrifying 30 minute wait on hold to the fraud department, while hoping fraudsters haven't already drained your account.

But even if you were constantly packet sniffing the Internet connection on your phone, you'd see that this was a genuine pop-up from your genuine app. Would that bypass your defences? I reckon so.

Criminals are getting increasingly good at this. Banks are letting down customers by having vaguely worded security pop-up which they know their customers don't read properly.

And, yes, customers can sometimes be a little gullible. But it is hard to be constantly on the defensive.

Further reading

You can read the original story from the victim on Reddit. See more comments on Mastodon.

https://shkspr.mobi/blog/2024/05/bank-scammers-using-genuine-push-notifications-to-trick-their-victims/

#bank #CyberSecurity #phishing #scam #security

1
pies

@IPmonger @eniko I think there are exceptions to the UTC rule, like anything in Polish should just show Polish time, otherwise it would be utterly confusing. Maybe timezone or UTC time on hover. Polish people are not used to timezones.

0
pies boosted
Pauline Vos

Some people think scalability is the biggest challenge in tech. Some think it’s data privacy.

I think the biggest challenge in tech is the constant internal battle between ideals and a fat pay check.

1+
pies

@jasongorman All projects become either legacy or dead. I think inexperienced devs like to work on greenfield because they think it's easier and have the audacity to think it's possible to do it perfectly :)

0
pies

@tjdraper AI in most cases just means "better auto complete" and I think it's pretty useful as that. I use GitHub Copilot and it saves me some boring typing of lists etc.

0
pies

@Researchbuzz @tjdraper @neurovagrant To fool the hiring AI your future employer will use into thinking that you're active in your community.

0
pies

@grmpyprogrammer There's choice now, Kia, Hyundai, Polestar etc.

1
pies

@aral We really can't leave good enough alone. Now we need a badge on milk containers that specifies whether the cows were fed actual food or chicken shit? I feel like when I've noticed written on McDonalds packaging for an egg McMuffin "Made with real eggs!" Like wtf would it have been possibly made with instead? What's next, "This food product does not exceed the allowed percentage of rat droppings"?

1
pies

@Richard_Littler Because sexual assault on a non-spouse is a sin, whereas being sexually attacked is not a sin, so if he confesses his sins everything is A-OK. Christians, you couldn't make them up.

0
pies boosted
Prabhakar Ragde

The Guardian today has a photo of tents on the steps of UC Berkeley's Sproul Hall, the admin building. I spent a night in such a tent in 1985, as part of an anti-apartheid protest. That protest now has a lengthy Web page praising it on the official UC site, because the whole movement achieved its goals.

Ironically, today's protest could equally well have taken place in 1985, also.

1+
pies boosted
fullfathomfive

THEIR EXPERIENCE OF REJECTION IS THE ARTWORK

For the last 4 years, the Tasmanian Museum of Old and New Art has been running an installation called The Ladies Lounge. Only people who identify as ladies are allowed to enter. In the lounge, they can sit in luxury and look at famous artworks by Picasso etc, which are not available elsewhere in the museum. They are served champagne and pampered by male butlers. It was meant as a comment on exclusionary men's clubs (which still exist in Australia and elsewhere).

Some dude got upset about it and sued the gallery for entry at the anti-discrimination tribunal. The artist, Kirsha Kaechele, said she was "absolutely delighted" that the exhibit had been taken to court. “The men are experiencing Ladies Lounge, their experience of rejection is the artwork,” she said.

She then turned the tribunal hearing into part of the art as well, by having a group of women observing the hearing dress like her and mimic her every move. They did not disrupt the hearing, and at the end of proceedings they exited the tribunal to the song Simply Irresistible.

Kaechele argued in her defence the Ladies Lounge was a “a response to the lived experience of women forbidden from entering certain spaces throughout history” and promoted equal opportunity.

The tribunal found against the gallery and is ordering them to allow men to enter the exhibit. MONA is removing the exhibit instead.

Fucking love this artist 😂

#MONA #art #kristenkachele #sexism #discrimination #performanceart #australia

theguardian.com/artanddesign/2

1+
pies

@lcamtuf From my experience LLMs can only do the most banal parts of my work with constant supervision. Maybe that'll change, but right now it doesn't feel like it. I don't know what job, if any, they can replace.

0
pies

@frauenfelder Chilling.

0
pies

@emilygorcenski it definitely did something bad in previous life.

0
pies

@greegreehoist I don't think you're supposed to sleep in leggings? Tight clothing I mean. Although what do I know, I've not had any kind of pajamas in at least 30 years.

0
pies

@dgar God made people in His image. Except for a tiny tweak that needs to be applied after assembly.
If only God could do genetic engineering he could have made the changes in the source code. It's probably on His Jira board right after not giving cancer to toddlers.

0
pies

@lcamtuf Until we get AI assistants that can get a human on the line for us.

0
pies

@lcamtuf Pocket Casts did the same thing, I guess we're going to have to pay the AI tax on every interaction in the name of companies not hiring low level support.

1
pies boosted
potentate hawtshot

I'm trying to do something new every day, so I called the cop "boyo" and now I have enough new experiences for the week

0
pies

@fox I'm saying this because we've only had one female applicant ever (didn't work out), and we're not hostile at least as far as work environment - fully remote, flexible hours (4 hour overlap with business hours, otherwise as you like) sick leave as needed, hardware provided if needed, generous vacation days, holidays off, extra hours (i.e. on call) non mandatory and well paid for. Not sure what else we could do other than explicitly say "female or minority applicants only" which seems wrong and may be illegal.

0
Show older
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.

Trending now

Resources

Developers

What is Mastodon?

qoto.org

More…

v3.5.19-qoto · Privacy policy