SoylentNews is people
SoylentNews
posted by
Fnord666
on Thursday November 29 2018, @01:19PM
from the are-twitter-users-called-twits? dept.
from the are-twitter-users-called-twits? dept.
Mr Tinmouth wanted to open a business account to deal with the income and expenditure of some properties that he was letting to tenants.
He applied to Barclays, but the process dragged on and eventually he made a complaint on Twitter.
He even posted an email that he received from the bank which he felt was unprofessional and had to confirm was genuine. The bank urged him to delete this public post.
All this information, together with some personal details that were already available about him online, was enough for fraudsters to mimic the bank and appear to know details of the case.
Reason #7,003 not to use Twitter.
This discussion has been archived.
No new comments can be posted.
'Fraudsters Exploited My Angry Tweet'
|
Log In/Create an Account
| Top
| 15 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
It's not reality that's important, but how you perceive things.
(Score: 4, Insightful) by urza9814 on Thursday November 29 2018, @03:27PM (8 children)
Which one? The bank that uses email as though it's a secure communications medium, or the guy who didn't check the return path in the mail headers when he already had security concerns about the company in question?
They're both completely frikkin' incompetent as far as I'm concerned...but the bank at least should damn well know better...
(Score: 2) by DeathMonkey on Thursday November 29 2018, @06:06PM (5 children)
The bank that uses email as though it's a secure communications medium
I have literally never had a bank do that. If you have, it's probably time to get a new bank.
(Score: 2) by edIII on Thursday November 29 2018, @09:00PM (3 children)
Maybe a little off-topic, but banks, insurance agencies & carriers, and other big outfits often do treat email as a secure communications medium. Some of them have got better in the last 5 years, moving towards internal messaging systems with message waiting indicators sent via email. Big banks are now doing this.
The two things that they have still fucked up on big time, are SMS two-factor, and Fax Machines. I can't tell you how many different insurance carriers still, to this fucking day, demand certain secure communications and requests come via their fax machines. They honestly believe it's more secure than an encrypted document going across email.
If I wanted to intercept some truly juicy information, I would break into the utility room where there dmarc is and hook up analog recorders on their fax lines. You would think they got better, but in the insurance industry they were still using large spool tape drives to shuttle information between the carriers and the DMV for some states. Recently.
There is a lot of incompetence everywhere, which is why I'm certain that security only exists as a perception of the ignorant.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 1) by deimtee on Friday November 30 2018, @01:19AM (2 children)
Re. the fax machines. Sometimes it's not their stupidity, but the Law. There are many laws/regulations that were written back before the internet was ubiquitous that assumed you would provide either an original document or a photocopy. These generally allowed a fax copy to be considered a photocopy. Electronic documents do not have the same status under those regulations.
Just stupid stuff that nobody has got around to rewriting like "1. (c) The applicant must submit a signed form W43-F37 within 14 days." and that means either paper, photocopy, or fax.
If you cough while drinking cheap red wine it really cleans out your sinuses.
(Score: 2) by edIII on Friday November 30 2018, @02:13AM
Except new regulations came into play, allowing electronic documents. Where possible, I moved fax communications to cryptographically signed documents, which were acceptable by law. Not all carriers would though, which I found strange as fuck. Those that didn't often argued back with me that the fax was more secure, not telling me about regulations. I had not thought about that.
In general though, yeah, insurance is one of the most regulated industries in America, if not the most regulated. We're still required by law to send out multiple notices via snail mail regarding policies, at set times during the policy. We can't have the policy holder check a "green" box or sign up for electronic documents, because it doesn't matter. By law we must send a card in the mail.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by Whoever on Friday November 30 2018, @03:22AM
Some years ago, I was applying for a visa to visit Australia. This was all done electronically, documents had to be uploaded.
But, they wanted notarized documents. So, we got notarized copies, scanned them and uploaded them. I think there is a flaw in that process .....
(Score: 2) by urza9814 on Friday November 30 2018, @03:07PM
Neither have I, but apparently the bank in TFS did...
(Score: 1) by nitehawk214 on Thursday November 29 2018, @08:14PM (1 child)
My guess is the bank doesn't use email as a communication method outside of "you have a message waiting for you, please log in to our website to retrieve it", like pretty much every other bank on earth, and especially big ones.
"Don't you ever miss the days when you used to be nostalgic?" -Loiosh
(Score: 2) by urza9814 on Friday November 30 2018, @03:20PM
Then why would he tell him that it contains sensitive information and that he should delete the tweet? And how would that provide any information usable to scammers? If reading someone else's email gives you enough information to commit this kind of fraud, then there is something wrong with that email.