Join Early Retirement Today
Reply
 
Thread Tools Display Modes
Old 03-18-2017, 06:52 AM   #21
Thinks s/he gets paid by the post
Tadpole's Avatar
 
Join Date: Jul 2004
Posts: 1,428
I'm still wondering what I should do after something happened a couple of hours ago. I logged into Bank of America. Bank of America has this very irritating habit of generating a popover right after login. These are usually just promotions.

Today I logged into BoA and the popup said they were required to verify social security numbers. There was a grey box that, presumably, if you clicked on it, your social security number would appear and you could verify it. Beneath this box was a statement to the effect that BoA had greyed out the number to preserve my security. (How absolutely weird is that.) I didn't click on the box but rather chose the option that it was correct without looking at it.

BoA wouldn't let me close the popover without looking at my SS number but rather let me chose another option for finishing this later. As a sanity check I logged out and back in and the popover appeared again.

Everything in the bank account looks legit. Its https, the address box has the VeriSign approval and Trusteer Rapport which BoA issues says the connection is legit and is not suppose to allow a "man in the middle" of the connection. No alarms from Norton or Malwarebytes but they might not be able to detect this type of thing.

On the other hand, I don't really believe a bank would require you to expose your SS number online when they, themselves, do not think this is a good thing to do.

Very strange.
Tadpole is online now   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 03-18-2017, 07:02 AM   #22
Moderator
braumeister's Avatar
 
Join Date: Feb 2010
Location: Flyover country
Posts: 25,200
If I were you, I would do one or both of these:

Clear the browser cache and log in to BOA again by actually typing the URL, not using a bookmark. Does that same popup appear?

Log in using a different browser, clearing its cache first if you've used it recently.

Good luck!
braumeister is offline   Reply With Quote
Old 03-18-2017, 07:05 AM   #23
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 13,132
My email reader treats emails as plain text only. Then I can choose to read as html only if I choose to. I like that extra safety after having a keylogger in the past with a previous email reader.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is offline   Reply With Quote
Old 03-18-2017, 08:06 AM   #24
Thinks s/he gets paid by the post
Tadpole's Avatar
 
Join Date: Jul 2004
Posts: 1,428
Quote:
Originally Posted by braumeister View Post
If I were you, I would do one or both of these:

Clear the browser cache and log in to BOA again by actually typing the URL, not using a bookmark. Does that same popup appear?

Log in using a different browser, clearing its cache first if you've used it recently.

Good luck!
Followed your instructions. It's still there in IE11 and Firefox even after I clear the browser cache and type the web address into the address box. It looks like BoA might actually be sending this.
Tadpole is online now   Reply With Quote
Old 03-18-2017, 08:18 AM   #25
Thinks s/he gets paid by the post
Golden sunsets's Avatar
 
Join Date: Jun 2013
Posts: 2,518
Quote:
Originally Posted by Tadpole View Post
Followed your instructions. It's still there in IE11 and Firefox even after I clear the browser cache and type the web address into the address box. It looks like BoA might actually be sending this.
Are you using 2 party authentication with your BOA accounts? If not I would advise you to do so going forward. It's annoying but a good level of added security.
Golden sunsets is offline   Reply With Quote
Old 03-18-2017, 08:27 AM   #26
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 26,821
Quote:
Originally Posted by Hyperborea View Post
Another tool to use to help you figure out if an email is legit is to look at the raw email with all the headers. Most mail apps or webmail services will let you do this. The "From" field can be faked and you will need to look at the routing information. The email spec is from a simpler, less complicated, more trusting time in the internet's history.

Here's a simple introduction on how to do this.
https://www.arclab.com/en/kb/email/h...-spf-dkim.html
Why go through this technical song and dance and analysis instead of simply going directly to your account and sign on normally? If there is something requiring your attention, it will be there.

Misanalyze that header, and you are in trouble. Extra work, and still some risk. Keep It Simple Stanley - just go direct to the account!

-ERD50
ERD50 is offline   Reply With Quote
Old 03-18-2017, 08:31 AM   #27
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Nov 2009
Posts: 6,683
What about emails containing links to legitimate surveys asking for feedback from an actual in-person visit or a phone call to a financial institution? The emails include the day and, if in-person, the location of my visit, so they are legit. And they never ask for any personal info. Yes, I can always ignore the emails and decline to participate in the surveys.


Have any of you received fake emails asking you to participate in surveys?
__________________
Retired in late 2008 at age 45. Cashed in company stock, bought a lot of shares in a big bond fund and am living nicely off its dividends. IRA, SS, and a pension await me at age 60 and later. No kids, no debts.

"I want my money working for me instead of me working for my money!"
scrabbler1 is offline   Reply With Quote
Old 03-18-2017, 08:37 AM   #28
Thinks s/he gets paid by the post
Tadpole's Avatar
 
Join Date: Jul 2004
Posts: 1,428
Quote:
Originally Posted by Golden sunsets View Post
Are you using 2 party authentication with your BOA accounts? If not I would advise you to do so going forward. It's annoying but a good level of added security.
Yes, I meant to mention this. I am using 2 party authentication. So in addition to having already input my id and password, BoA sends me an email with a code number I input before the account page covered by this popover appears.
Tadpole is online now   Reply With Quote
Old 03-18-2017, 09:26 AM   #29
Thinks s/he gets paid by the post
redduck's Avatar
 
Join Date: Mar 2005
Location: yonder
Posts: 2,851
Quote:
Originally Posted by target2019 View Post
...The displayed arclab link was identical to the embedded link. It didn't contain mush else than a path to a web page. So I risked all.

Ha! Caught you!! I remember we're supposed to looked for misspelled words as an indicator of fraud!!!

note: highlight by redduck
__________________
When the people shall have nothing more to eat, they will eat the rich--philosopher Jean-Jacques Rousseau
redduck is offline   Reply With Quote
Old 03-18-2017, 09:48 AM   #30
Thinks s/he gets paid by the post
Hyperborea's Avatar
 
Join Date: Sep 2002
Location: Silicon Valley
Posts: 1,008
Quote:
Originally Posted by redduck View Post
After reading all the posts so far in this thread, there's no way I'd click on the above link.
It's just the first decent description I found doing a Google search that tells how to examine the headers. I started to type out how to do that and I realized it was going to take me far longer to do a good job than it would take to find a link.

Yeah, I would still recommend logging into any financial or other important sites directly in most cases and doing the operations directly that way rather than clicking on a link through an email. Examining the headers is just another tool to help you know whether an email is legitimate.

However, it can depend and sometimes it can be better to use the link in an email. Just a recent example, you are traveling and get an email from a credit card provider that you have. They say that they want to verify a purchase and give the purchase details - merchant, date, and amount. They have two links in the email: Yes or No. Do you click one or do you log on to the site? It's highly likely that the email is legitimate since the sender knows two separate facts about you that nobody else is likely to know - your email address and your purchase details. Everybody else at most know one of them. Clicking one of those links doesn't take you to a login page but instead to a custom url that was created just for this email and click that lets the credit card provider know your answer. If instead you log in to your credit card site that carries risk too while you are on vacation and roaming far from home - from the web cafe to the public WiFi that you use while on vacation.
Hyperborea is offline   Reply With Quote
Old 03-18-2017, 10:08 AM   #31
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
target2019's Avatar
 
Join Date: Dec 2008
Location: On a hill in the Pine Barrens
Posts: 9,687
They used to have phone numbers on the credit cards. One might call?
target2019 is online now   Reply With Quote
Old 03-18-2017, 10:15 AM   #32
Thinks s/he gets paid by the post
Hyperborea's Avatar
 
Join Date: Sep 2002
Location: Silicon Valley
Posts: 1,008
Quote:
Originally Posted by target2019 View Post
They used to have phone numbers on the credit cards. One might call?
You're on vacation in France/Japan/Botwana and the phone call will be whatever your roaming fee is. Could be $20 especially if you are on hold.

I feel pretty safe clicking one of those yes or no links. There is no login involved when you do so - just a custom URL that the provider built for this one purpose. You can also set it up so that you get a text and all you need to do is send a reply of 1 for yes or 2 for no. It doesn't seem that you've given up anything secure.
Hyperborea is offline   Reply With Quote
Old 03-18-2017, 10:18 AM   #33
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
target2019's Avatar
 
Join Date: Dec 2008
Location: On a hill in the Pine Barrens
Posts: 9,687
We used a Verizon option to add countries to our range. Cost $20, I think. There was some limit, in minutes, but we did not go over. It was useful when wandering streets of Vienna, and we were trying to contact our Euro friends. Included text messages, so very useful.
target2019 is online now   Reply With Quote
Old 03-18-2017, 10:48 AM   #34
Thinks s/he gets paid by the post
Sojourner's Avatar
 
Join Date: Jan 2012
Posts: 2,581
Trying to remember the last time I got a phishing email like any of those mentioned in this thread, and I honestly have to say I think it's been a very long time. I believe this might be due to the extremely smart spam/malware filters within Gmail. I'd be curious to know if any of the phishing emails mentioned (including the OP's) were delivered into your Gmail inbox. In my experience, Google has been virtually perfect in keeping phishing and malware emails from showing up in my inbox over the past few years.
Sojourner is offline   Reply With Quote
Old 03-18-2017, 10:51 AM   #35
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Sunset's Avatar
 
Join Date: Jul 2014
Location: Spending the Kids Inheritance and living in Chicago
Posts: 17,012
Quote:
Originally Posted by redduck View Post
After reading all the posts so far in this thread, there's no way I'd click on the above link.
Sunset is offline   Reply With Quote
Old 03-18-2017, 10:57 AM   #36
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Sunset's Avatar
 
Join Date: Jul 2014
Location: Spending the Kids Inheritance and living in Chicago
Posts: 17,012
Quote:
Originally Posted by scrabbler1 View Post
What about emails containing links to legitimate surveys asking for feedback from an actual in-person visit or a phone call to a financial institution? The emails include the day and, if in-person, the location of my visit, so they are legit. And they never ask for any personal info. Yes, I can always ignore the emails and decline to participate in the surveys.

Have any of you received fake emails asking you to participate in surveys?
I don't do any of those surveys.
Because if you go to a web site, they can download a virus/trojan to your computer even if you don't do the survey.

I'll do a survey on a cash register receipt.
Sunset is offline   Reply With Quote
Old 03-18-2017, 11:02 AM   #37
Thinks s/he gets paid by the post
Fedup's Avatar
 
Join Date: Mar 2014
Location: Southern Cal
Posts: 4,032
Quote:
Originally Posted by Tadpole View Post
Yes, I meant to mention this. I am using 2 party authentication. So in addition to having already input my id and password, BoA sends me an email with a code number I input before the account page covered by this popover appears.
I would notify Bankof America immediately if you are in doubt.
Fedup is offline   Reply With Quote
Old 03-18-2017, 11:57 AM   #38
Thinks s/he gets paid by the post
 
Join Date: Jun 2004
Location: W Wash
Posts: 1,644
Quote:
Originally Posted by audreyh1 View Post
I have never gotten a Docusign document from Fidelity. I didn't even know they used Docusign. Do they?

Regardless, the only reason to get a Docusign notification is because you initiated some major account action somewhere else.

Please forward your email showing the full headers to Fidelity fraud department. They probably have an address fraud@fidelity.com.
We did send the questionable email to Fidelity but rep asked it be sent to phishing@fidelity.com. Probably same group but focus on email phishing.
I think Fido does use DocuSign software but they own the software (like any other major player) so it is embedded in their docs. Likewise, I have also never received a message for a DocuSign doc from Fidelity. (I have gotten them from occasional users of DocuSign who don't own the full DocuSign software) Fortunately, when DW opened her emails and asked me why we were signing new docs again for Fido, the red flags went up
nwsteve is offline   Reply With Quote
Old 03-18-2017, 12:02 PM   #39
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 38,012
Quote:
Originally Posted by nwsteve View Post
We did send the questionable email to Fidelity but rep asked it be sent to phishing@fidelity.com. Probably same group but focus on email phishing.
I think Fido does use DocuSign software but they own the software (like any other major player) so it is embedded in their docs. Likewise, I have also never received a message for a DocuSign doc from Fidelity. (I have gotten them from occasional users of DocuSign who don't own the full DocuSign software) Fortunately, when DW opened her emails and asked me why we were signing new docs again for Fido, the red flags went up
OK - good to know that specific email address to report to Fidelity.
__________________
Retired since summer 1999.
audreyh1 is offline   Reply With Quote
Old 03-18-2017, 06:16 PM   #40
Thinks s/he gets paid by the post
redduck's Avatar
 
Join Date: Mar 2005
Location: yonder
Posts: 2,851
Quote:
Originally Posted by Sunset View Post
+1
note to redduck: wait for a translator to interpret the quote above. I do recall seeing this type of communication in the movie, "Arrival."

I have responded with "+1" in an attempt to buy time as I don't want Sunset to feel that I am ignoring him, becoming angry and then destroying the planet.
I also thought that displaying these photos (I figure they are universal objects of pleasure) would indicate an attempt to show hospitality--and what our planet has to offer.







See following photo in post below in a further offer of hospitality and good will.
__________________
When the people shall have nothing more to eat, they will eat the rich--philosopher Jean-Jacques Rousseau
redduck is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Fido bill pay and the newer Fido CC bingybear FIRE and Money 6 03-02-2017 07:44 AM
Scam or no scam ? Moemg Other topics 20 12-01-2009 08:19 PM
Hiding behind pseudo names windsurf Other topics 79 10-17-2008 12:35 PM
...yet another phishing scam via my email mickeyd Other topics 4 05-24-2008 04:14 PM

» Quick Links

 
All times are GMT -6. The time now is 08:21 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2024, vBulletin Solutions, Inc.