Content pfp
Content
@
0 reply
0 recast
0 reaction

basil pfp
basil
@itsbasil
lil info sec storytime (1/2) so iā€™ve been under attack for a few days now; i was initially in disbelief bc everything is encrypted, 2FA, geolocated, and my passwords are all randomized & maximum-character length yet i was under attack & getting breeched, but how? thereā€™s no way they front doored me, im too protected, right? after much diagnosis, turns out, they didnā€™t they got in via calling customer service & resetting my passwords via security questions - which have been the same 3-4 questions iā€™ve used for pretty much my whole life now youā€™d think, wait they can reset your BANKING password by simply calling & reciting your mothers maiden name? well, yes, bc according to the largest bank in the world, that makes perfectly good sense & is strong customer protection geo tracking? last few transactions? social security? nah, i think this random call from indonesia is probably him. trust. i mean, he knows his grandmothers last nameā€¦ letā€™s give him the keys to the castle
3 replies
0 recast
5 reactions

Kieran Daniels šŸŽ© pfp
Kieran Daniels šŸŽ©
@kdaniels.eth
LOL WHAT omg dude Iā€™m so sorry. Thatā€™s crazy. Apparently the same is true for SIM swaps. There is literally no way to protect against them, even with their sim alert or whatever anyone at the company can still manually swap it. So they just need to know someone or bribe someone or mimic you well enough.
1 reply
0 recast
1 reaction

basil pfp
basil
@itsbasil
i mean the bank couldā€™ve asked any number of personal questions that only iā€™d know, or perhaps could even stop using the same 4 security questions as literally ever other site since the beginning of internet history, or perhaps even questioned the modzilla firefox login from an ip across the globe when iā€™ve never once used modzilla OR signed in from that ip, but hey what do i know itā€™s almost like they have a slew of super sensitive tax, financial & career information that no other soul on the planet would know but i donā€™t understand why they would use that to confirm a password change from across the world when they could just use my moms old name - which is most def not one google search away it was initially super scary but once i figured out what was happening it was fine. they didnā€™t get shit, just added to my covid headache for two days lol
1 reply
0 recast
0 reaction

Kieran Daniels šŸŽ© pfp
Kieran Daniels šŸŽ©
@kdaniels.eth
@bfix.eth he has IP
1 reply
0 recast
0 reaction

bfix.ethšŸŽ©šŸ– pfp
bfix.ethšŸŽ©šŸ–
@bfix.eth
If he still has access to @itsbasil ā€˜s email, we can plant a fake email from the bank requesting a password change verification in his inbox, to where he has to click the link in an attempt to bait the threat actor from clicking on it, at which point itā€™ll grab all his PII we need to track him.
1 reply
0 recast
0 reaction