I was tricked by a phone-phisher pretending to be from my bank, and he convinced me to hand over my credit-card number, then did $8,000+ worth of fraud with it before I figured out what happened.

  • nivenkos@lemmy.world
    link
    fedilink
    English
    arrow-up
    21
    arrow-down
    1
    ·
    8 months ago

    For BankID it somewhat does, because only registered services can make the request - so they’d need to register a scam service and then use that. Which also makes it an easier job for anti-fraud police.

    So it’d be a lot more complicated.

    Like obviously at a certain point if someone is willing to do everything they can - then they will be scammed, see this for example: https://www.bbc.com/news/uk-england-leeds-67208755

    But the more steps there are, the higher the chance the person realises it is a scam.

    • prole@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      8
      ·
      edit-2
      8 months ago

      For BankID it somewhat does, because only registered services can make the request

      I’m not an expert on digital banking, but this sounds like a no-brainer… Aside from marginally increasing compliance costs, why would this not just be the norm everywhere?

      I mean… It was rhetorical. I know why.

      • nivenkos@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        ·
        8 months ago

        It kind of is the norm.

        Just a few countries like the US are really backward in terms of accessible banking - mainly due to having no federal ID, residence registration, etc. too on top of outdated bureaucracy.

    • kernelle@0d.gs
      link
      fedilink
      English
      arrow-up
      4
      ·
      8 months ago

      “A chain is only as strong as its weakest link” - We are the weakest link in any security chain, and always will be. Social engineering is one hell of a drug.