This topic contains 1 reply, has 2 voices, and was last updated by 
- Posts
The reason I’m asking this is that it apparently happened to a friend of my mom. They had ordered food from some website, and were on call with a “representative” while ordering. They were asked to enter their card details into the website and allegedly the scammers transferred around the equivalent of 1400 USD from two different bank accounts. Keep in mind that I live in a country which has mandatory two-factor authentication for every credit/debit card or net banking transaction (meaning one receives an OTP to authenticate every transaction). Apparently it was a series of transfers and the OPTs kept coming and somehow the scammers gained access to them. I’m personally very sceptical of the entire affair but I admit I do not know much about this area. Is such a thing possible, and if it is how so?
I’m not sure if this is the right subreddit to ask such a question so do forgive me if it isn’t.
InfosecModRules 4 and 9
ShiroiOkCheck the phone for malware, it sounds to me like the phone is infected and once you ordered food they seized the chance to issue numerous otps to throw you off whilst they withdrew the money.
einfallstollUnlikely. Very very unlikely by a regular phone call. That would be some well-engineered attack probably government-funded and unlikely to be wasted for such a small amount of money.
My guess is a phishing / scam site: Your “mandatory two-factor authentication for credit cards” is probably 3-D secure or similar – a standard for secure transactions. However, by design it’s just a question of liability. If a merchant uses (or has to) 3-D Secure they are not liable for credit card abuse. If they don’t, it’f their own fault. This is “security” for the merchant not the enduser.
You must be logged in to reply to this topic.
Comments