Cybersecurity

30 readers

17 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

founded 2 years ago

MODERATORS

shellsharks@fedia.io

tweedge@fedia.io

Woke this morning with an email from #Scotia bank about my account. I don't have a Scotia account. (hear-me.social)

submitted 4 months ago by Jerry@hear-me.social to c/cybersecurity@fedia.io

1 comments fedilink hide all child comments

Woke this morning with an email from #Scotia bank about my account. I don't have a Scotia account.

Usually, I ignore these as phishing, but I have a #Thunderbird add-on that tells me when SPF and DKIM pass. And the "from" domain was truly scotia bank. So, yes, it did come from them.

Spent 30 minutes on the phone bouncing around, queuing and waiting while they checked. Their conclusion is that their customer carelessly entered my email address instead of their own, and they will contact the customer.

Two things.

Email addresses should always be validated with an OTP. When will banks learn this?

Second: Some people are a pain in the ass.

#banking #phishing #cybersecurity

you are viewing a single comment's thread
view the rest of the comments

[–] Fiivemacs@lemmy.ca 1 points 4 months ago

Banks do the bare minimum, and only deploy things that take liability off them. Otherwise, they don't care.