|
Fraud sucks and is ever evolving. Everyone gets hit in increasingly elaborate scams, and companies with degrading services makes it easier. Some things I'm surprised weren't in the article, given that the author describes extensive background in security: 1. Suspiciously well timed fraud attempts happen when you are vulnerable, because the attacker is tipped off. Travelling and visiting unfamiliar locations raises a lot of smoke, information wise. Relying on secrets doesn't work, because information is leaked in an uncountable number of ways. You should no longer be thinking "did my card number, phone number, PID, or other secret get stolen?" It should instead be "given that my info was stolen, did anything bad happen and who do I need to securely talk to?" 2. Always blow off incoming calls, you can always get a callback or fix later, and check email, text, or other comms to see if something important is going on. Saying anything is information. As little as a few seconds of your voice being recorded can be used to generate a usable AI voice clone, and at worse it only takes a few minutes. The act of answering a phone call is information, confirming that your phone number is active and belongs to you. Ironically, the reliance on a local CU also seems to be a miss. IME, big evil banks are more reliable in this area. They get scammed way more often, and as a result are much more resistant to these attacks via pure attrition. |