🍍David Longenecker🍍Apr 19, 2017

In March, crooks made off with personal information on around 100,000 taxpayers by breaching a website tool intended t help with the FAFSA.

This letter sent by the IRS to affected taxpayers implies the crooks made off with far more than just income data. Credit monitoring is OK for detecting fraudulent new accounts - but does nothing if the crook has enough information to social engineer your bank.

https://www.securityforrealpeople.com/2017/04/a-letter-from-irs.html

Show thread🍍David Longenecker🍍Apr 19, 2017

I just heard that USAA is adding multifactor authentication for human-to-human customer service calls. Nice move!

Anyone know of any other banks that do this?

Show threadterribleplanApr 19, 2017
@dnlongen Do they have a way to authenticate themselves before you give them the multifactor info?
Show thread🍍David Longenecker🍍Apr 19, 2017
@terribleplan that's a great question. Authenticating myself is more meaningful if I'm the one initiating the call. If the call originates from them, truth be told I am likely to hang up and call back through a trusted channel.
Loading replies...