Content pfp
Content
@
0 reply
0 recast
0 reaction
basil pfp
basil
@itsbasil
lil info sec storytime (1/2) so i’ve been under attack for a few days now; i was initially in disbelief bc everything is encrypted, 2FA, geolocated, and my passwords are all randomized & maximum-character length yet i was under attack & getting breeched, but how? there’s no way they front doored me, im too protected, right? after much diagnosis, turns out, they didn’t they got in via calling customer service & resetting my passwords via security questions - which have been the same 3-4 questions i’ve used for pretty much my whole life now you’d think, wait they can reset your BANKING password by simply calling & reciting your mothers maiden name? well, yes, bc according to the largest bank in the world, that makes perfectly good sense & is strong customer protection geo tracking? last few transactions? social security? nah, i think this random call from indonesia is probably him. trust. i mean, he knows his grandmothers last name… let’s give him the keys to the castle
3 replies
0 recast
5 reactions
Kieran Daniels 🎩 pfp
Kieran Daniels 🎩
@kdaniels.eth
LOL WHAT omg dude I’m so sorry. That’s crazy. Apparently the same is true for SIM swaps. There is literally no way to protect against them, even with their sim alert or whatever anyone at the company can still manually swap it. So they just need to know someone or bribe someone or mimic you well enough.
1 reply
0 recast
1 reaction
basil pfp
basil
@itsbasil
i mean the bank could’ve asked any number of personal questions that only i’d know, or perhaps could even stop using the same 4 security questions as literally ever other site since the beginning of internet history, or perhaps even questioned the modzilla firefox login from an ip across the globe when i’ve never once used modzilla OR signed in from that ip, but hey what do i know it’s almost like they have a slew of super sensitive tax, financial & career information that no other soul on the planet would know but i don’t understand why they would use that to confirm a password change from across the world when they could just use my moms old name - which is most def not one google search away it was initially super scary but once i figured out what was happening it was fine. they didn’t get shit, just added to my covid headache for two days lol
1 reply
0 recast
0 reaction
Kieran Daniels 🎩 pfp
Kieran Daniels 🎩
@kdaniels.eth
@bfix.eth he has IP
1 reply
0 recast
0 reaction
bfix.eth🎩🍖 pfp
bfix.eth🎩🍖
@bfix.eth
If he still has access to @itsbasil ‘s email, we can plant a fake email from the bank requesting a password change verification in his inbox, to where he has to click the link in an attempt to bait the threat actor from clicking on it, at which point it’ll grab all his PII we need to track him.
1 reply
0 recast
0 reaction
bfix.eth🎩🍖 pfp
bfix.eth🎩🍖
@bfix.eth
This is a similar method I’ve done before then wrote up a report and sent to FBI for them to go after the guy
1 reply
0 recast
2 reactions
Kieran Daniels 🎩 pfp
Kieran Daniels 🎩
@kdaniels.eth
So hot 🔥
1 reply
0 recast
1 reaction
bfix.eth🎩🍖 pfp
bfix.eth🎩🍖
@bfix.eth
33/male/arizona 😘
0 reply
0 recast
0 reaction