The funny thing is; most banks hat I've experienced will plaster warnings all over the SMS and apps not to give this information to someone who calls you etc.
The issue is that people are afraid (to lose their money) and aren't educated about the risks, and who/what they should pay attention to, so they hand it over anyway.
I think it works because banks have nonsensical security already
Even if you are educated, you’re still confronted with insecure security measures and stonewalled by the customer service agent that’s asking you to complete a measure, until you complete it
Getting a call with another nonsensical security measure would be onbrand
> I think it works because banks have nonsensical security already
Like FirstDirect changing the password requirements for their app from the already far from best practice "between 5 and 9 case-sensitive alphanumeric" down to "6 digits" and making a show and dance about this being "just as secure as before"…
Suffice it to say that I've spread my financial resources a bit more widely than that one organisation now (and I'm considering a more complete move, but a lot of the competition is no better). I want there to be more than my unlocked phone and give digits between the bulk of my money and anyone who wants access to it.
This is just so messed up. I’ve spent so much time trying to teach the more vulnerable people in my life how to protect their accounts, only to have their f’n bank call them up and ask them to do the exact opposite.
Yeah, my bank hasn't done it in a while, so I'm hoping they've sorted them selves out, but it happened a lot years ago.
They'd call me to confirm a payment and ask me to identify myself, it wasn't even a payment I was making at that moment. At least now with the current tech it's done via the app etc at point of sale.
The issue is that people are afraid (to lose their money) and aren't educated about the risks, and who/what they should pay attention to, so they hand it over anyway.
People need to learn to fail shut.