Mr Tinmouth wanted to open a business account to deal with the income and expenditure of some properties that he was letting to tenants.
He applied to Barclays, but the process dragged on and eventually he made a complaint on Twitter.
He even posted an email that he received from the bank which he felt was unprofessional and had to confirm was genuine. The bank urged him to delete this public post.
All this information, together with some personal details that were already available about him online, was enough for fraudsters to mimic the bank and appear to know details of the case.
Reason #7,003 not to use Twitter.
(Score: 2) by edIII on Thursday November 29 2018, @09:00PM (3 children)
Maybe a little off-topic, but banks, insurance agencies & carriers, and other big outfits often do treat email as a secure communications medium. Some of them have got better in the last 5 years, moving towards internal messaging systems with message waiting indicators sent via email. Big banks are now doing this.
The two things that they have still fucked up on big time, are SMS two-factor, and Fax Machines. I can't tell you how many different insurance carriers still, to this fucking day, demand certain secure communications and requests come via their fax machines. They honestly believe it's more secure than an encrypted document going across email.
If I wanted to intercept some truly juicy information, I would break into the utility room where there dmarc is and hook up analog recorders on their fax lines. You would think they got better, but in the insurance industry they were still using large spool tape drives to shuttle information between the carriers and the DMV for some states. Recently.
There is a lot of incompetence everywhere, which is why I'm certain that security only exists as a perception of the ignorant.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 1) by deimtee on Friday November 30 2018, @01:19AM (2 children)
Re. the fax machines. Sometimes it's not their stupidity, but the Law. There are many laws/regulations that were written back before the internet was ubiquitous that assumed you would provide either an original document or a photocopy. These generally allowed a fax copy to be considered a photocopy. Electronic documents do not have the same status under those regulations.
Just stupid stuff that nobody has got around to rewriting like "1. (c) The applicant must submit a signed form W43-F37 within 14 days." and that means either paper, photocopy, or fax.
If you cough while drinking cheap red wine it really cleans out your sinuses.
(Score: 2) by edIII on Friday November 30 2018, @02:13AM
Except new regulations came into play, allowing electronic documents. Where possible, I moved fax communications to cryptographically signed documents, which were acceptable by law. Not all carriers would though, which I found strange as fuck. Those that didn't often argued back with me that the fax was more secure, not telling me about regulations. I had not thought about that.
In general though, yeah, insurance is one of the most regulated industries in America, if not the most regulated. We're still required by law to send out multiple notices via snail mail regarding policies, at set times during the policy. We can't have the policy holder check a "green" box or sign up for electronic documents, because it doesn't matter. By law we must send a card in the mail.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by Whoever on Friday November 30 2018, @03:22AM
Some years ago, I was applying for a visa to visit Australia. This was all done electronically, documents had to be uploaded.
But, they wanted notarized documents. So, we got notarized copies, scanned them and uploaded them. I think there is a flaw in that process .....