When giving out your email you can use "plus addressing" with the name of the company/person you are giving it to, for example [email protected].
That way when you get some spam to that email address you can know what sod leaked it.
Warning: check your bank details from time to time!
- Thread starter Nitefly
- Start date
When giving out your email you can use "plus addressing" with the name of the company/person you are giving it to, for example [email protected].
That way when you get some spam to that email address you can know what sod leaked it.
Soldato
Can I ask what bank you bank with?
This kinda think will happen from time to time and there are processors in place to stop people from doing this.. in this case the process has worked.
I had all my accounts frozen with a bank as I was trying to pay off my new credit card twice within the same week before I got charged foreign exchange and withdraw fee. They noticed that I was aboard using a foreign IP address and a second large payment within the month would flag this, as they wasn’t used to the seeing transactions to that account.
Some banks now have a text system to ask you about those transactions. They will block the attempt, text you to verify.. then you have to make the transaction again.
It’s not likely the phone that they cloned, even when I legitimately do it with my phone I have to re-verify all my banking apps. It’s more likely the sim card that they cloned.
When I joined t-mobile a few years back I kept receiving calls from a person claiming to be t-mobile and asking me for my details. Even then I was “ermmm you called me, tell me what you want first.” And when I called t-mobile to complain, as they kept hanging up when questioned, t-mobile was claimed that it wasn’t them. I don’t accept cold calls, and I won’t give out any details unless I know what the purpose of the call is.
My bank has an message when you call them, stating that they will never call you and ask for your personal details. it’s best to familiarise yourself with how your bank operates over the phone, even with some operations; my bank tells me to login to their website and communicate via the secure chat as it’s more secure.
Personally I believe the idea of not having the app and not setting up a phone number on your account, is a bit of a false sense of security. Without one someone else can setup the app or a phone number more easier. Same goes for PayPal, banks are just so used to seeing PayPal transactions, they are more likely wave them through than block them. I personally would rather set it up and not use it if not needed that way I know that someone else hasn’t done it with my details.
While I would 100% agree that third party 2fa is more secure than just texting a phone number a code. In principle they are verifying in the same way. You are basically giving them a response from a device that only you should have access to.. but with the text message the bank is controlling the response code, with the third party 2fa, the third party is controlling the response code and the bank needs to be able trust that the 2fa system is secure, which opens another can of worms.
The most secure method is those funny little devices that most of the banks sent out a few years back. For them to work, you need to have the bank card, the PIN number and device, which is quite generic as I’ve used devices from other banks to generate a code.
There’s a balance between security and ease of use, not everyone is tech savvy and even then people get frustrated with having to repeat the same operations constantly. My bank still forces me to use that funny little device when I need to sent up a new standing order or more “expensive” operations but for logging into the site they just need my password and parts of a second code that I’ve setup. For me to change details and view transactions, they want a code from a text message. I think this tiered system is quite right, I shouldn’t have to jump though hoops just to see how much I have left in my account, making me do so would only stop me from doing it more often, increasing the risk of a longer period of time of not reporting foul play on my accounts.
This kinda think will happen from time to time and there are processors in place to stop people from doing this.. in this case the process has worked.
I had all my accounts frozen with a bank as I was trying to pay off my new credit card twice within the same week before I got charged foreign exchange and withdraw fee. They noticed that I was aboard using a foreign IP address and a second large payment within the month would flag this, as they wasn’t used to the seeing transactions to that account.
Some banks now have a text system to ask you about those transactions. They will block the attempt, text you to verify.. then you have to make the transaction again.
It’s not likely the phone that they cloned, even when I legitimately do it with my phone I have to re-verify all my banking apps. It’s more likely the sim card that they cloned.
When I joined t-mobile a few years back I kept receiving calls from a person claiming to be t-mobile and asking me for my details. Even then I was “ermmm you called me, tell me what you want first.” And when I called t-mobile to complain, as they kept hanging up when questioned, t-mobile was claimed that it wasn’t them. I don’t accept cold calls, and I won’t give out any details unless I know what the purpose of the call is.
My bank has an message when you call them, stating that they will never call you and ask for your personal details. it’s best to familiarise yourself with how your bank operates over the phone, even with some operations; my bank tells me to login to their website and communicate via the secure chat as it’s more secure.
Personally I believe the idea of not having the app and not setting up a phone number on your account, is a bit of a false sense of security. Without one someone else can setup the app or a phone number more easier. Same goes for PayPal, banks are just so used to seeing PayPal transactions, they are more likely wave them through than block them. I personally would rather set it up and not use it if not needed that way I know that someone else hasn’t done it with my details.
While I would 100% agree that third party 2fa is more secure than just texting a phone number a code. In principle they are verifying in the same way. You are basically giving them a response from a device that only you should have access to.. but with the text message the bank is controlling the response code, with the third party 2fa, the third party is controlling the response code and the bank needs to be able trust that the 2fa system is secure, which opens another can of worms.
The most secure method is those funny little devices that most of the banks sent out a few years back. For them to work, you need to have the bank card, the PIN number and device, which is quite generic as I’ve used devices from other banks to generate a code.
There’s a balance between security and ease of use, not everyone is tech savvy and even then people get frustrated with having to repeat the same operations constantly. My bank still forces me to use that funny little device when I need to sent up a new standing order or more “expensive” operations but for logging into the site they just need my password and parts of a second code that I’ve setup. For me to change details and view transactions, they want a code from a text message. I think this tiered system is quite right, I shouldn’t have to jump though hoops just to see how much I have left in my account, making me do so would only stop me from doing it more often, increasing the risk of a longer period of time of not reporting foul play on my accounts.
Banks insisting on SMS as the 2FA is the issue here. I hate it and would jump to authenticator immediately if it were an option.
I've even seen people get the codes sent to them and they don't need to unlock the phone as they have the setting to display messages on the lock screen.
I've even seen people get the codes sent to them and they don't need to unlock the phone as they have the setting to display messages on the lock screen.
Soldato
Yeah.. it’s the same as having great locks on your house and leaving the house wide open.
For banks to use 2fa they would need to link the systems with each other, which causes a higher security risk for the banks.
The company running the 2fa system would have to comply with security standards and have pen tests done regularly. Then have insurance on their system so they can pay their part of the costs of anything would happen.
Financial institutions don’t base their service on money, it’s just the by product. It’s base it on trust..
customers trust them to store their money, the bank needs the customers to play their part in the service too.
Soldato
We discovered an unknown mobile phone number on a joint account recently. We don't do internet banking and we do monthly reconciliations from paper statements but still.
Soldato
this made me think about using sim lock as it wasn't enabled but it wants a code so guessing I've forgotten or its a default carrier one, dangerous if i lose the phone
Soldato
'Mastermind' behind Lahore call centre that conned Brits is revealed
EXCLUSIVE: Ahmad Sarfraz was allegedly the boss at the centre of one of Pakistan 's most prolific fraud factories targeting British households and has now gone into hiding, MailOnline can reveal.
Soldato
My wife had "Monzo" call up saying they were investigating fraud on the account, sounded really genuine and was from a UK number, built rapport etc. They verified her identity (collecting things like DOB, middle names etc) and said she'd be sent a new card. She contacted Monzo by the app to check it was genuine (as nothing appeared in the app) and they knew nothing about it. Presumably whoever it was could now call the mobile mobile company with the data to try and get a SIM replacement etc, but thankfully her numbers under my name
Soldato
I am having a few spam emails at moment -One is telling me I have a voice mail do I want to listen to it --
it may be legit but I haven't clicked it yet
Another is from in.fo and it says your BT bill is ready to go ; looked at it and it said Hello - not my first name.
These have happened when mate wifes phone got hacked and took all her email addresses.
I do not do banking on my phone -I would find it to much of a hassle - will stick to online and a debit card and tap it.
The other reason is I need close up glasses to see phone and can't be assed to carry one more pair of glasses.
it may be legit but I haven't clicked it yet
Another is from in.fo and it says your BT bill is ready to go ; looked at it and it said Hello - not my first name.
These have happened when mate wifes phone got hacked and took all her email addresses.
I do not do banking on my phone -I would find it to much of a hassle - will stick to online and a debit card and tap it.
The other reason is I need close up glasses to see phone and can't be assed to carry one more pair of glasses.
Permabanned
- Joined
- 10 Nov 2005
- Posts
- 2,554
So did you still get the stuff you bought off the Dark Web in the end ok though?Had a bit of a scare this week - received a letter from my bank and it said to call them re: fraudulent transactions.
I called up and they said I had to go in-branch to sort it with ID. Mmm’kay… no dodgy transactions showing but might as well go in.
I went in this morning and after a lot of questions it turns out some fraudster(s) had managed to change my email address associated with my account- there had been various attempted transactions with card details and also my card added to another iPhone - yikes.
The only way they could have done this, apparently, is by calling up getting through security - which would require full details, or by having my telephone number compromised in some way (!?) so they could access my banking app. I still have no idea how that would work…
Anyway, worth checking in from time to time to make sure you’re not subject to similar mad h4x!
Soldato
I had a dodgy cousin and back in the day he worked at a car insurance company, his side hustle was selling peoples details to fraudsters at £25 per account. Card details / personal info etc
Don’t know the full details but they would get loans out on that name, not sure how they got the money out but usually involved getting a willing participant to transfer the money to.
Scum
Don’t know the full details but they would get loans out on that name, not sure how they got the money out but usually involved getting a willing participant to transfer the money to.
Scum
Soldato
- Joined
- 30 Nov 2011
- Posts
- 11,383
I have several email addresses, one I just use for banking type situations, one I use for "important" but not financial and then a junk email address for not important things like on here
Soldato
The question is why you don’t have it on in first place… I’ve always have a sim lock turned on, force of habit since my very first mobile phone in 1997.. in fact I think it’s been the same code since 1997.. lol
The phone only asks for it after a power cycle so, I rarely ever see it.
Permabanned
- Joined
- 10 Nov 2005
- Posts
- 2,554
I had a boss when I was a teen, that bragged about doing a credit card skimming scam whilst being a manager at a shop, this was pre chip and pin, they'd do all sorts with the money, he now has a villa in spain through all the money he laundered via his sister he set up over there to do so, the mad thing is, this really happened, I think he's retired there now.
He was so brazen about telling me as well. Apparently he only did it to 'bad people'. Hmm...