Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
This is a myth: "Just be smart and you are safe from malware"
Message
<blockquote data-quote="ForgottenSeer 97327" data-source="post: 1014270"><p>Agree, completely. I have one experience which amazed me and (nearly) tricked me into entering my bank account and password.</p><p></p><p>1. I got an e- mail that I needed to confirm my details to get a new bank card</p><p></p><p>Because I had requested a new bank card (my contactless payment chip did not work any more) and the email looked authentic (it had my bank's e-mail sender address and was formated using my bank's corporate identity, colors, logo and layout) I clicked on the link. At that time to do payments, I needed that chip for an offline two factor authentication passkey calculator which generated a code which I had to enter to confirm a payment. Before my bank provided its users with a mobile app, it was still possible to login to your bank account with bank number and password for auto service (like requesting a new bank card) and secure communication with my bank.</p><p></p><p>2. When I clicked on the link, I was directed to a HTTP website which seemed like an exact copy of my bank's website.</p><p></p><p>When I was entering my bank account number, I noticed the padlock was missing (not a HTTPS website). Agitated I stopped entering my details (a confirmation screen) and made a print screen. With a sarcastic remark (regarding the fact it was a HTTP website) I send this screenprint to the general email address of my bank and continue working (at home). I did not enter my details, only the first half of my bank account number.</p><p></p><p>3. Two hours later (well after 18.00 hour) I was called by my wife (who was a bit angry) telling me our bank account was blocked (and se could not pay gasoline on a tankstation along the highway).</p><p></p><p>Luckily the tank stations have a fall back process to deal with that sort of situations, so my wife could get home. The next day I called my bank (as soon as they opened during office hours) and ask them why they had blocked our account. I got a service manager telling me they were afraid I had entered my details, because it was possible to change my e-mail address with the password only access to the website (and that were in the process of moving that functionality to more secure, two factor authentication).</p></blockquote><p></p>
[QUOTE="ForgottenSeer 97327, post: 1014270"] Agree, completely. I have one experience which amazed me and (nearly) tricked me into entering my bank account and password. 1. I got an e- mail that I needed to confirm my details to get a new bank card Because I had requested a new bank card (my contactless payment chip did not work any more) and the email looked authentic (it had my bank's e-mail sender address and was formated using my bank's corporate identity, colors, logo and layout) I clicked on the link. At that time to do payments, I needed that chip for an offline two factor authentication passkey calculator which generated a code which I had to enter to confirm a payment. Before my bank provided its users with a mobile app, it was still possible to login to your bank account with bank number and password for auto service (like requesting a new bank card) and secure communication with my bank. 2. When I clicked on the link, I was directed to a HTTP website which seemed like an exact copy of my bank's website. When I was entering my bank account number, I noticed the padlock was missing (not a HTTPS website). Agitated I stopped entering my details (a confirmation screen) and made a print screen. With a sarcastic remark (regarding the fact it was a HTTP website) I send this screenprint to the general email address of my bank and continue working (at home). I did not enter my details, only the first half of my bank account number. 3. Two hours later (well after 18.00 hour) I was called by my wife (who was a bit angry) telling me our bank account was blocked (and se could not pay gasoline on a tankstation along the highway). Luckily the tank stations have a fall back process to deal with that sort of situations, so my wife could get home. The next day I called my bank (as soon as they opened during office hours) and ask them why they had blocked our account. I got a service manager telling me they were afraid I had entered my details, because it was possible to change my e-mail address with the password only access to the website (and that were in the process of moving that functionality to more secure, two factor authentication). [/QUOTE]
Insert quotes…
Verification
Post reply
Top
