1605
Be careful. (feddit.org)
submitted 5 months ago by 101@feddit.org to c/technology@lemmy.world
141 comments fedilink hide all child comments

Source.

you are viewing a single comment's thread
view the rest of the comments
[-] Telorand@reddthat.com 22 points 5 months ago

The fact that many banks still don't have at least app-based 2FA should be criminal.

[-] EngineerGaming@feddit.nl 13 points 5 months ago

App-based would be bad, as bank apps are notoriously unfriendly to people who don't own Google/Apple smartphones. Rather, a TOTP or Yubikey.

[-] Telorand@reddthat.com 4 points 5 months ago

That's what I mean by app-based. Something like Authy or Google Authenticator, etc.

[-] Appoxo@lemmy.dbzer0.com 4 points 5 months ago

At least use Aegis ;-;

[-] LDerJim@lemmy.world 7 points 5 months ago

How would that help in this case? "Sir, please accept the pop up from our app"

[-] Telorand@reddthat.com 2 points 5 months ago

I'm talking about TOTP in something like Bitwarden or Authy. You can still social engineer your way to getting a code, but a scammer would have to convince the user to reveal that secret, not just pretend to send a code.

[-] Trainguyrom@reddthat.com 2 points 5 months ago* (last edited 5 months ago)

It sounds like in the above case the codes were real 2fa codes from his bank as the scammers were resetting their login credentials then adding an external account to initiate a transfer. Presumably they were simply reusing info from a breach to make the scam smoother

[-] sugar_in_your_tea@sh.itjust.works 2 points 5 months ago

Yeah, I delayed setting up non-SMS 2FA because I didn't want to go through the hassle of installing and setting up Symantec VIP (requires a call to the bank). If they had supported regular TOTP, I would've had it configured when I set up the account years ago, and that would've prevented this issue since I know I'm never supposed to give out those codes. But SMS auth is used by phone agents to verify identity, as well as with automated systems, so it's easy to skim the message.

There are only a handful of banks that offer something other than SMS 2FA (and many don't even do that), and I picked this bank specifically because of that. However, I didn't realize they used Symantec VIP, so I put it off.

this post was submitted on 14 Sep 2024
1605 points (100.0% liked)

Technology

62596 readers
2053 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world