Almost scammed

I set up money transfer lockdown at Fidelity when I learned about the possibility of fraudulent asset transfers out of an account. They have perhaps cleaned up that vulnerability, but it seemed like a good idea anyway.
 
Last edited:
I've recently opened a PNC account because there are a few local branches, and they have a similar issue. Their verification texts look like this, which seems fine in and of itself:
PNC will NEVER call or text you for this code. DON'T share it. Your passcode is ######. If you didn't request this passcode call us at 1-800-762-2035.
Click to expand...
But then when I call them, they generate one of these and ask me to give them the code to verbally authenticate myself. I do it, because I know I called the number on the PNC website, but they still need to either change their message or stop using that to verify people, as it makes people ignore the instructions and so makes most people more lax about security.
 
JoeWras said:
Speaking of security theater... A few years back I got a Yubikey for Vanguard log ins.

Useless.

It was a lot of theater alright. Insert key/enter pin/touch key. Yeah!

Recently, it stopped working. Oh no! Now what? Oh yeah, I had an extra in the safe. Too much work. Let's see if I can reset my password. So during my log in, there was a link that said "Trouble logging in?" or something like that. Pressed it, gave it some info, got an MFA ping back to my phone and I was logged in. The first thing I did was disable the Yubikey.

The whole hardware key thing was useless since they let me reset my login so easily. Sure, there was the MFA to my phone, but see OP's OP. That was all about the scammer getting the MFA from you. MFA is theater too.
Click to expand...

Here was my experience with Vanguard and Yubikey from a couple of years ago: Vanguard with Yubikey is pointless

Idk if they've fixed it and I was surprised they had such a major gap in their Yubikey implementation.
 
tulak said:
Here was my experience with Vanguard and Yubikey from a couple of years ago: Vanguard with Yubikey is pointless

Idk if they've fixed it and I was surprised they had such a major gap in their Yubikey implementation.
Click to expand...
They didn't fix sh.... "pointless" is spot on. "totally useless" is my knee jerk reaction, but maybe not, you get to exercise your finger to touch the key.
 
tulak said:
Here was my experience with Vanguard and Yubikey from a couple of years ago: Vanguard with Yubikey is pointless

Idk if they've fixed it and I was surprised they had such a major gap in their Yubikey implementation.
Click to expand...
I think it’s fair to point out the weakness is caused by Vanguard’s implementation of security using other methods besides the Yubikey. It’s sort of like putting a big heavy gate with a big strong lock in front of your house, while the side gate is flimsily structure that can easily be broken open with one good kick.
 
I had set up a phone call to have a brokerage phone me to discuss some planning.
First thing the person did was ask me to verify myself by telling her some info.
It seems like an automatic thing they like to do.

I told her No. As I'm concerned about security and none of my questions need my account info involved.
So we proceeded without her accessing my account
 
Sunset said:
I had set up a phone call to have a brokerage phone me to discuss some planning.
First thing the person did was ask me to verify myself by telling her some info.
It seems like an automatic thing they like to do.

I told her No. As I'm concerned about security and none of my questions need my account info involved.
So we proceeded without her accessing my account
Click to expand...
Fidelity voice verifies me. I don’t have to state anything over the phone.
 
COcheesehead said:
Fidelity voice verifies me. I don’t have to state anything over the phone.
Click to expand...
Except when it doesn't. I have it set up too, but when I had the phishing attempt and called Fidelity they wouldn't use it. I had to get a 2FA number from them on my smart phone and read it back to them as detailed earlier in the thread!!
 
fosterscik said:
Except when it doesn't. I have it set up too, but when I had the phishing attempt and called Fidelity they wouldn't use it. I had to get a 2FA number from them on my smart phone and read it back to them as detailed earlier in the
Click to expand...
My reply was to sunset, not you.
 
I got an email from e.chase that looked legit. Said I needed to pay the $1.57 now..... View bill, etc. The last 4 card numbers were not mine. I called Chase. It wasn't them Obviously.
Don't open/view bill.
 
Got a party invite with no details today. Dangerous scam! It is a log-in collector.

Be extremely careful with invitations, especially "naked" ones with zero details.
 
I got one recently spoofing one of my email addresses and declaring the emails to from that address are now blocked and supposedly linking to our email provider to verify myself. I was a little stumped because my iOS device wasn't showing me the link, rather a preview, but I forwarded it to DH who told me it was a scam. I have since figured out how to disable link previews, yay.

And I actually did have my outgoing emails on one email address blocked by our email provider last year because I was emailing back and forth to a hotel in Spain from various locations in Greece. Had never had this happen before and we got it straight after a while. I could use the web interface to send emails, but not my email program. I had no idea one might need to give an email provider your travel agenda - that was so weird!!! I'm not sure you actually can.
 
fosterscik said:
Except when it doesn't. I have it set up too, but when I had the phishing attempt and called Fidelity they wouldn't use it. I had to get a 2FA number from them on my smart phone and read it back to them as detailed earlier in the thread!!
Click to expand...
Your 2FA text is different than mine. The text reads "Fidelity Investments: If anyone asks for this code, STOP. It's a SCAM. Our reps will NEVER ask for it. Only enter it online". I've never been asked by a rep for the code and if they asked, I would remind them what the text says.
I also have Fidelity voice verification like COcheesehead.
Agree with Erd, that we should all be aware by now of the scams. If you receive an unsolicited call don't give out any information. Call a known number if you have a question or need to verify.
 
You must log in or register to reply here.

Similar threads

Amethyst
New hack tactic? Someone bought Amazon (electronic) gift cards using my Amazon credit card, and the cards went to me!
2 3
audreyh1
audreyh1
O
Was this a scam ?
Crewer
C
Kings over Queens
PSA - Zelle Scam
2
audreyh1
audreyh1
S
Identity Theft via Auto Insurance
engineernerd
E
R
Musings... how to nudge "kid" to get a new car
2
Chuckanut
Chuckanut

Latest posts

Back
Top Bottom