|
|
|
|
|
|
by majormajor
300 days ago
|
|
|
Routing and account numbers have been on every check written for decades. Banks usually aren't quite that naive to let anyone with the numbers transfer whatever they want. There's name validation they can do, but legally/contractually IIRC it's optional. So the numbers + a lot of social engineering skill can do damage. But I kinda suspect the ROI is higher for social engineering into an online account portal to Zelle a bunch of stuff around vs waiting for ACH transfers. Breach a login vs find an ACH list and transfer stuff out of the high-value accounts without triggering any flags (imagine you had access to that Paypal list - how are you trying to exfiltrate from millions of accounts without looking suspicious?). |
|
|