I was tricked by a phone-phisher pretending to be from my bank, and he convinced me to hand over my credit-card number, then did $8,000+ worth of fraud with it before I figured out what happened.

  • @nivenkos@lemmy.world
    link
    fedilink
    English
    1710 months ago

    The real answer here is to have decent digital ID as 2-factor authentication.

    This scam would be practically impossible in Sweden with BankID for example.

    • @logicbomb@lemmy.world
      link
      fedilink
      English
      1910 months ago

      Another thing is that I feel like the era of the private phone number has passed. I see the use case for phone numbers for businesses, but people just don’t use them very much anymore otherwise.

      Like, we don’t memorize them. We don’t dial them. They’re just entries in our contacts.

      At this point, we could create an alternative way of contacting private phones. Something based on whitelisting instead of blacklisting. Something that can be easily shared but not easily guessed. Something that would be easy to trace who called you.

      All of these phone scams rely on the idea that a stranger can just up and contact you without any effort. It’s ridiculous. If we got rid of that, we’d save people from untold billions of dollars of scams almost instantly.

      • @nivenkos@lemmy.world
        link
        fedilink
        English
        610 months ago

        Yeah, my ex was scammed this way too - exactly like Cory describes, they happened to ring right as she was going through the whole visa and tax process and pretend to be regarding the IRS, etc. and since she was dealing with a lot of similar calls it was an easy mistake to make.

        More services available online and e-mail communication makes this a bit better.

    • gian
      link
      fedilink
      English
      110 months ago

      I think this is true in most of the EU banks.

      • @nivenkos@lemmy.world
        link
        fedilink
        English
        110 months ago

        Spain and the UK have no real digital ID (Spain has some horrible Java certificate based system, but you can’t use it for much). I think Germany’s digital ID is in a similar position too although it’s been many years since I lived there now.

        The UK is in the same position as the US with no national ID or residence registration at all.

        Only the Netherlands, Finland and Scandinavia really have it sorted out for banking and government services.

        • gian
          link
          fedilink
          English
          110 months ago

          Wait, I was talking about the fact that most EU bank (if not all) need to have a two factor authentication system in place, which limit a lot what a scammer can do.
          In this case I think that a scam like this would not be possible or at least it would be stopped in the moment the bank app would ask to confirm what I am supposedly doing.

          A national digital ID system is nice (in Italy we have the SPID), but it does not limit anything if you really can do everything with just the credid card number.

    • @0x0@programming.devOP
      link
      fedilink
      English
      210 months ago

      He gave them his CC number over the phone. How would Sweden’s BankID protect against that?

      • @nivenkos@lemmy.world
        link
        fedilink
        English
        410 months ago

        More that you’d never need to provide it, but many transactions will also require 2FA, even by the credit card.