Bank scammers using genuine push notifications to trick their victims

shkspr.mobi/blog/2024/05/bank-

You receive a call on your phone. The polite call centre worker on the line asks for you by name, and gives the name of your bank. They say they're calling from your bank's fraud department.

"Yeah, right!" You think. Obvious scam, isn't it? You tell the caller to do unmentionable things to a goat. They sigh.

"I can assure you I'm calling from Chase bank. I understand you're sceptical. I'll send a push notification through the app so you can see this is a genuine call."

Your phone buzzes. You tap the notification and this pops up on screen:

This is obviously a genuine caller! This is a genuine pop-up, from the genuine app, which is protected by your genuine fingerprint. You tap the "Yes" button.

Why wouldn't you? The caller knows your name and bank and they have sent you an in-app notification. Surely that can only be done by the bank. Right?

Right!

This is a genuine notification. It was sent by the bank.

You proceed to do as the fraud department asks. You give them more details. You move your money into a safe account. You're told you'll hear from them in the morning.

Congratulations. You just got played. Scammers have stolen your life savings.

How the scam works

This is reasonably sophisticated, and it is easy to see why people fall for it.

The scammer calls you up. They keep you on the phone while...
The scammer's accomplice calls your bank. They pretend to be you. So...
The bank sends you an in-app alert.
You confirm the alert.
The scammer on the phone to your bank now has control of your account.

Look closer at what that pop is actually asking you to confirm.

We need to check it is you on the phone to us.

It isn't saying "This is us calling you - it is quite the opposite!

This pop-up is a security disaster. It should say something like:

Did you call us?

If someone has called you claiming to be from us hang up now

Yes, I am calling Chase - No, someone called me

I dare say most people would fall for this. Oh, not you! You're far too clever and sceptical. You'd hang up and call the number on your card. You'd spend a terrifying 30 minute wait on hold to the fraud department, while hoping fraudsters haven't already drained your account.

But even if you were constantly packet sniffing the Internet connection on your phone, you'd see that this was a genuine pop-up from your genuine app. Would that bypass your defences? I reckon so.

Criminals are getting increasingly good at this. Banks are letting down customers by having vaguely worded security pop-up which they know their customers don't read properly.

And, yes, customers can sometimes be a little gullible. But it is hard to be constantly on the defensive.

Further reading

You can read the original story from the victim on Reddit. See more comments on Mastodon.

#bank #CyberSecurity #phishing #scam #security

When will the penny drop?

Once again the Tangerine Tyrant has failed to deliver what Keir Starmer hope he might have gained by his kowtowing... the UK is not in the first phase of trade deals to be negotiated by the US... and may not be in the second phase.

Read my lips: WE NEED TO BE WORKING TOWARDS AN ECONOMIC RAPPROCHEMENT WITH THE EU....

Starmer's 'red lines' are counter productive!

#politics #EU

theguardian.com/politics/2025/

As Christopher Marquis point out:

'Ultimately Musk’s story is a warning: those who climb the ladder with public help are inclined to later destroy the mechanisms that led to their success'....

Part of this is, of course, a lack of self-knowledge of the support people have benefited from, and part is due to a selfish desire to cement their privilege & ensure others don't come up behind them to dilute their privilege.

#inequality #politics #ElonMusk

theguardian.com/commentisfree/

OpenAI Is A Systemic Risk To The Tech Industry

wheresyoured.at/openai-is-a-sy

from _Where's Your Ed At_. I know I share his rants a lot, but that's because he's one of the only people pointing out the emperor's bare bum.

#PostgreSQL Event Calendar, Reminder:

⏳ CfP PGDay Lowlands

Date: 2025-05-01
Location: Blijdorp Zoo, Rotterdam, Netherlands

ICS file: ics.postgresql.life/7n9hjm4edq

Join us at PGConf.DE 2025 in Berlin on May 8–9!
The full program is now live postgresql.eu/events/pgconfde2 — with two days and two tracks of talks in both German and English, covering PostgreSQL and its growing ecosystem, everyone's bound to find something of interest.

Register now: 2025.pgconf.de/registration/

#PGConfDE #PostgreSQL #Conference #Berlin

Dear developers,
Please don't use JSON for configuration files. It is intended for carrying data, and nothing else. Therefore, it is good at carrying data, and nothing else.

I strongly believe that anything that doesn't support comments shouldn't be used for configs. Comments are indispensable for short documentation, or putting a URL to proper documentation.

There are other plain text file formats better fit for this purpose, such as TOML, YAML, and even XML.

New entry in #PostgreSQL Event Calendar:

👫 PGDay Lowlands

Date: 2025-09-12
Location: Blijdorp Zoo, Rotterdam, Netherlands

ICS file: ics.postgresql.life/h00414rkb2

New entry in #PostgreSQL Event Calendar:

⏳ CfP PGDay Lowlands

Date: 2025-05-01
Location: Blijdorp Zoo, Rotterdam, Netherlands

ICS file: ics.postgresql.life/7n9hjm4edq

We have a speaker change on Friday, instead of Bruce - who had to cancel - now Teresa Lopes is presenting: "Operational hazards of managing PostgreSQL DBs over 100TB"

#PostgreSQL #Conference #PGConfDE #Berlin

postgresql.eu/events/pgconfde2

@tchorix & I are presenting on data modeling within #PostgreSQL in a storytelling fashion at @posetteconf, a free virtual event hosted by #Microsoft that's all about #Postgres this June 10-12!

Want to tune in? Add the livestream to your calendar, or register (optionally) here: posetteconf.com/2025/talks/pos (or, wait until the recording is out after the event!)

Illustrations will be completed by Scarlett Riggs, who we are very excited to be working with.

This talk should be great for anyone that's looking to understand things from the perspectives of an application developer, and a seasoned database administrator; here, you'll be able to learn when it is best to handle logic within the database vs. the application!

Looking forward to seeing you there 📽️

#techevent #tech #opensource #foss #oss #data #database #dba #applicationdeveloper #dev #technology #freesoftware

On June 12, join our CEO @c2main at 11:30 AM CEST for a FREE livestream @ @posetteconf regarding Pressure Stall Information within the world of #PostgreSQL.

Use this link to add the livestream to your calendar & optionally register, or follow us to get the recording after the conference when it becomes available!

posetteconf.com/2025/talks/resource-control-admission-i-have-a-date-with-my-psi/

#POSETTEConf #Postgres #SQL #Linux #opensource #FOSS #OSS #developer #tech #techevent #DevOps

Paul Krugman’s latest brings up a point I’d missed:

This chicken-with-its-head-cut-off tariff policymaking is now “putting much higher tariffs on intermediate goods used in manufacturing than on final goods” (see screenshot below, taken from the article).

That means Trump has actually managed to •disincentivize• electronics manufacturing in the US.

…or at least this second, but who knows what US policy will be in 15 minutes? Way to go, geniuses! Companies, come invest here! You’ll get screwed now, but at least you can’t count on the future at all! USA! USA!

paulkrugman.substack.com/p/the

"Don't trust Carney, he's just a guy with a banker's haircut and "fancy" resume... trust my husband!" -- Mrs. Pierre Poilievre

#noSecurityClearance #elxn45 #cdnpoli #poilievre #canada

Show older
Mastodon

Time for a cuppa... Earl Grey please!