I was tricked by a phone-phisher pretending to be from my bank, and he convinced me to hand over my credit-card number, then did $8,000+ worth of fraud with it before I figured out what happened.

  • kernelle@0d.gs
    link
    fedilink
    English
    arrow-up
    30
    arrow-down
    2
    ·
    8 months ago

    Adding multiple factors to authentication just adds another step to the scam, it doesn’t make it impossible by any means.

    • nivenkos@lemmy.world
      link
      fedilink
      English
      arrow-up
      21
      arrow-down
      1
      ·
      8 months ago

      For BankID it somewhat does, because only registered services can make the request - so they’d need to register a scam service and then use that. Which also makes it an easier job for anti-fraud police.

      So it’d be a lot more complicated.

      Like obviously at a certain point if someone is willing to do everything they can - then they will be scammed, see this for example: https://www.bbc.com/news/uk-england-leeds-67208755

      But the more steps there are, the higher the chance the person realises it is a scam.

      • prole@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        8
        ·
        edit-2
        8 months ago

        For BankID it somewhat does, because only registered services can make the request

        I’m not an expert on digital banking, but this sounds like a no-brainer… Aside from marginally increasing compliance costs, why would this not just be the norm everywhere?

        I mean… It was rhetorical. I know why.

        • nivenkos@lemmy.world
          link
          fedilink
          English
          arrow-up
          7
          ·
          8 months ago

          It kind of is the norm.

          Just a few countries like the US are really backward in terms of accessible banking - mainly due to having no federal ID, residence registration, etc. too on top of outdated bureaucracy.

      • kernelle@0d.gs
        link
        fedilink
        English
        arrow-up
        4
        ·
        8 months ago

        “A chain is only as strong as its weakest link” - We are the weakest link in any security chain, and always will be. Social engineering is one hell of a drug.

    • TORFdot0@lemmy.world
      link
      fedilink
      English
      arrow-up
      11
      ·
      8 months ago

      It doesn’t matter how many locks you have if you give the scammers the keys. And so many people give up the keys