Canada

9813 readers

804 users here now

What's going on Canada?

Related Communities

🍁 Meta

🗺️ Provinces / Territories

🏙️ Cities / Local Communities

Sorted alphabetically by city name.

🏒 Sports

Hockey

Football (NFL): incomplete

Football (CFL): incomplete

Baseball

Toronto Blue Jays

Basketball

Toronto Raptors

Soccer

Main: /c/CanadaSoccer
Toronto FC

💻 Schools / Universities

Sorted by province, then by total full-time enrolment.

💵 Finance, Shopping, Sales

🗣️ Politics

General:
- Canada Politics
- FairVote Canada
Federal Parties (alphabetical):
- Animal Protection Party of Canada
- NDP
By Province (alphabetical):
- BC Greens

🍁 Social / Culture

Rules

Keep the original title when submitting an article. You can put your own commentary in the body of the post or in the comment section.

Reminder that the rules for lemmy.ca also apply here. See the sidebar on the homepage: lemmy.ca

founded 4 years ago

MODERATORS

otter

mp3

Scotiabank holds customer responsible for almost $20K in credit card fraud (www.cbc.ca)

submitted 4 days ago by [email protected] to c/canada

14 comments fedilink hide all child comments

The fraudster who called Judge asked for his birth date and mother's maiden name, which Judge shared. But then the fraudster asked him to share a "one-time passcode" — a type of two-step verification — that was texted to his phone.

Judge says he refused to do that, because the message also told him not to share the code with anyone, and said that no one from Scotiabank would ever ask for it.

The fraudster claimed that he stopped the charges from going through and hung up.

But two days later, Judge discovered a charge for $17,900 to Anglia Ruskin University in the U.K. on his statement, and a second for $1,800, supposedly paid to someone by the name of Paula S. Taylor.

"All that the bank has done is accuse [Judge] of either negligence or malice," said Claudiu Popa, who has 35 years' experience in cybersecurity and wrote The Canadian Cyberfraud Handbook.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 4 points 4 days ago (2 children)

Why is SMS bad as a 2FA? And what would be a better alternative?

Genuinely asking because I don’t know

[–] Sturgist 4 points 4 days ago

Because it's actually very easy to clone a number and intercept all the texts.

Veritasium video on it:

https://youtu.be/wVyu7NB7W6Y

[–] Showroom7561 4 points 4 days ago

SMS 2fa is considered the least secure of the multi-factor world.

An authenticator app is going to be a far better option, and doesn't rely on a user having a smartphone, either.

Hardware keys would also be good, but not everyone has one.