This why I always go to the actual website. If I get an email that says its from my bank and there's a problem, I log directly into my bank account and don't click in any links in the email. The same for any phone calls. And thank you for helping people avoid these kinds of traps.
That's good as long as you're not currently being man in the middle attacked being forwarded to the fake bank site (typically done via wifi) . Ps I had my ex employer (from almost 2 years ago) send me an email with a malicious file in it. I checked it out under controlled conditions on a virtual machine and it tried to get me to logon to my microsoft account. Obviously my ex employer has been breached (not that I care. They weren't nice people)
If you're paranoid, you'd think the scammers temporarily paid for this search result to be first. If you're even more paranoid, you'd think your bank website was hacked and they catch anyone logging in, including you so you'd have to call on the phone. It could go even further but at that point you're definitely screwed if you still get scammed.
The scam is dumb and so are people that fall for it. I didn't need to know about this particular scam to not fall for it, unlike youtubers claim we do. Whole setup is stupid as well, why would you need the code to cancel? If this was legitimate they would just say: "wanna cancel, press 1" and that's it. No additional input needed. Common sense isn't a flower that grows in everyone's garden
Rather clever. I'd add that there are also call centres set up to get personal information off you with a seemingly legitimate company call, asking you to verify some personal information. NEVER give out personal information to an incoming call. Get the company name and look up a number on the internet to phone them back so you know if it's legitimate.
It is not that clever it is basically the UK credit card scam when they try and get you to give your pin over the phone claiming they're from a bank I'm not sure if this is the same in America but in the UK we have pins on our credit cards so it is basically the same scam The only place you enter that number is the ATM and shops no one else must have it Banks have their own way of seeing into your account it's the same with two step authentication do not get that code to anyone apart from when you log in the main page and if you get the email message saying someone's login in reject it and change your password I personally use the app because sometimes the text message number doesn't actually come through when I use it Google authentication app
Congratulations you have just allowed some people to be scammed. A lot of these guys will SEO fake sites with fake numbers so they appear in the top results when you search. What you should be doing, if you're going to try to look it up to verify, is looking it up on something they explicitly gave you at the branch. Not online, a physical copy of something they distroed. But really at the end of the day you don't want to do any of the above. Numbers can change, sites can change so if you are actually worried you want to go in and talk to someone at your branch. You're trying to be lazy about security otherwise, to make it more convenient to you, but when you're looking for convenience you're trading off freedom and security.
Thank your for the info Joe. Now I really have to be more careful. Although in my country I don't usually see that type of scam that smart but sometimes they would call you and pretend to be the police department. This is a very informative video thanks.
Aren't we so lucky to have all this technical bs to cause us more problems as if we don't already have enough on our plates LOL...thank you so much for your videos I appreciate all the help I can get with the computer and scams I think in the past I have been hit with all these scams × 10 at one time or another I just no longer answer my phone inless I know who is on the phone other wise they can leave a mess. Thanks again for your info.
Dude you are totally right!! Them sobs did that to me a couple months ago… Talk about a low blow man… i’m smarter than that but I guess I wasn’t smart enough to subscribe to you before it happened… Thanks for all your help!
If i ever get a call like that from paypal bots.,, i always go directly to the main web site to see if anything is charged on my account, I will not give any info over the phone
The weak link in 2FA is your mobile phone. They can port it over to a new phone they have and by the time YOUR phone turns into a brick, they have hacked your accounts and now have everything. Setup good passwords with your carrier, multiple if possible. Crypto accounts are particularly vulnerable. Banks move too slow for scammers most of the time.
My bank does not use username/password, but token ID and generated one time password valid for a minute or so. then I nave to sign my transaction using the same cryptographic token. The tokens come in two flavours: a phone app and a physical tamper-proof device (enve the battery cannot be changed - you get a new token if it runs out, but it lasts for at lest five years.) tokens are, of course, protected by PIN stored only in the token itself. I think this should be a minimum for e-banking. The same token can be used to access various government functions online (e.g. query into land registry, passport renewal etc), but high sensitivity operations require personal certificate on ID card that is technically a smartcard.
Yes they are pesky but i never use codes unless I initiated some transaction. My bank gives us a key which generates a random number every time I want to log in. Anyway great you gave us a heads up....just when you think you've seen it all.
Also, it's best not to store your passwords in your browser, but in a separate password manager with an autofill function instead. I'd name one that doesn't use stupid subscription model, but freaking RU-vid keeps deleting my comments whenever I mention it. Weird.
simple answer. "do not share your password with anyone..ever" that means it dont come out of you to anyone/thing unless you are putting it in for you personally to gain access. The 2factor or even million factor authentication code is a PASSWORD. And if any company calls about anything hang up, verify what you can. Check the account and see if there is a charge on there, check your order history. If you do need to call back, do not use the contact info from the incoming call, chat, email whatever. Find it on your own but make a note of the contact that was given and verify it as well with the agent YOU looked up and called.
Well good for me. Because I basically changed the method of multi factor authentication, from sms to app authentication on all of my accounts that support it. Because sms messages come unencrypted (basically they come in plain text).
@@Mega1andy2 Well, if you value the security of your Discord account or anything that it might drag down with it, yes. It is encrypted, but the encryption is weak. Then there is another vulnerability in the way different cellular networks communicate which allows access to messages sent to the specific phone number. And someone with your personal info might be able to convince your carrier to send them a new SIM with your number, too
Carey you are a legend, when I was young I learned a lot about computers from you. now im 21, grateful, and still benefiting from the knowledge given. thank you!
@@atd2666 Atd - Keep at it hard. I was your age at the beginning of the telecom boom, and I put everything into it, and it paid off. Nothing better that getting paid for a job you love doing! 👍
Or, if you get a request (call, SMS, email, etc…) about “security” that you did not initiate (for example, by logging in and changing your password), it’s pretty much guaranteed to be a scam!
Actually, better yet, I would just send the bot ":(){ :|:& };:" and revel in the very slim possibility the server executed it (And I certainly wouldn't hesitate to inject it if I could!) or at least passed it along to a very confused scammer it's the closest I can think of to a real Cognitohazard. Anyone with a brain running on Linux would certainly consider it so...
I don't trust AI phone call's anyway as I hate all of them. Great information but I do not trust anyone calling me on the phone asking for any information. I always talk to my bank as it is a small Credit Union so I know most of them. I gave my health insurance a bunch of questions proving that it was really them. If in the least bit of doubt MAKE THEM PROVE IT. LOL. If they do not understand than TOUGH, they will just have to like it. When one asked for my DOB, I made them give me part of it than I told them the rest. When they ask for your DOB and your in doubt. Make them tell you the day before giving them the month and year. They have a 1 in 30 change in getting it right the first time or make them give you the year you were born, than tell them the month and day. If they ask for your SSN then make them tell you the third number before you give them all four numbers. Point is to make them prove how they are, not the other way around and make them prove it first.
Wow, that method I didn't hear of yet. In my country we currently have a pretty smart scam as well, someone calls you and the caller phone is recognized as one of the credit card companies, the person on the other line is speaking Russian (they particularly call to Russian people as I've seen) and he says that they saw an unrecognized charge from your credit card (which you obviously didn't do) then in order to make sure you are the owner of the card they ask you to tell them your credit card details, which confuses people cause the phone call was recognized as from that company... BTW, might be a great idea to show how to set yubikey on multiple sites etc. (upcoming video??)
I'm curious, do the scammers sound Russian? Because usually when scammers call here (US) they don't sound like they're American. We have lots of regional accents, I recognize those, but the scammers usually sound completely different.
I would still check my own account and not trust those calls. They never ask for personal information even if the number seems legit, if they are a credit card company, they already have the details. I would look for a legit number on my credit card account and report those other calls while having them review my account.
That's why many banks are already migrating from OTP SMS codes to Secure Authenticator APPS - basically a virtual version of the security key you just showed.
The thing that I find funny about scammers is that if only they'd put that much thought and effort into a legitimate means of making money, they could actually make a lot of money
@@feynstein1004 yes they are but like any other business it's also usually the people at the top getting the most and then posting about their fancy stuff on Facebook.
the best is to call back using a known number, never give information to anyone who calls you no matter who they say they are from and how real the call seems to be.
That's insane because it's too useful of a feature! Once we've been dried of all valuable data right down to our DNA then we can pay $$$ for feature upgrades? Or even the services we've been getting for...ahem...FREE! I guess that's why someone got rid of a saying similar to don't be evil lol
Doesn’t Google already do this? I’ve had an alt email that got compromised a couple years ago, and every time someone tried to login from a different country as me, Google would block them and send me an alert.
6:15 this happened to me in discord server. A bot asking for my steam account because it detected some unrecognised login etc and the fake website looks 99% like steam so I never suspected it! The email verification is also very similar! I only realized it was fake after I entered my details and couldn't login to my steam. Pretty smart if you ask me. Thankfully I have not saved my credit card info on Steam. So they got nothing but my saved games progress..
The weakest link in any security is any place where a human is involved. The scammers know this . The security key is a great idea but unless we have a way to secure things that does not require human involvement at all, things like this will keep happening.
There are 2 great antiviruses for every electronic device of yours. They're called Common Sense and Responsibility. They're awesome, light and preinstalled most of the time in brains
Even the best have fallen unfortunately, the more confident u r that u wont fall for a scam the more likely u r to fall, the fact that even Jim Browning fell to a scammer should be a lesson to everyone
This is why you use separate emails for separate things. I have one email I use for banking and web pay accounts (e.g. paypal, google pay, credit score sites etc), which are secured with very lengthy passwords. I have another email for semi-secured things, like Nexus Mods, or Reddit, etc, which I might use with the same password for ease of use, and yet another email and password non-secured things like junk, surveys, petitions, etc. That way my secured and semi-secured sites are far less likely to get hacked and distributed.
@@MrSasunaru101 Well that's just it: You keep separate secured passwords for the sensitive stuff to one email. For the semi-secure stuff you still keep a very secured email but using the same password is no big deal. The third is a throw away. Use it for stuff that doesn't matter if it gets hacked, use a completely different universal password for that email and all of the throw away junk things that you don't care if the info gets stolen. The first email and associated accounts should use a complex password like those autogenerated by chrome as password suggestions and if available two step authentication enabled.
It’s worth adding that some password managers such as keychain on Apple devices also have a feature that lets you know if the password has been leaked. It then gives you the option of going onto the website to change the password. I can’t comment on how accurate it is as I’m just an every day iPhone user. Just thought I’d post in the hope it would potentially help someone.
Lmao, I wound never give code over the phone but thanks. Also it's crazy to hear there's banks with passwords. I need login number and banks own generator to login mine.
What you describe is "2 step authentication" NOT "2 factor authentication" All the information you provide is good. And applicable to all types of "2 step authentication". i.e. always susceptible to "man-in-the-middle". The "key" you show at the end of video is, in fact, "2 factor authentication". Could also be a hardware token or app that provides a numeric code to enter.
It's commonly referred you as 2 factor or Multi factor by everyone including Google and Microsoft because typing in a known password and also a constantly changing pin code is 2 different factors.
Two factor introduces something you know, something you have, or something you are. In this case, the something you have is a mobile phone and you have confirmed that you have it by entering the security code.
Had a call this morning claiming to be from Amazon re someone else using my credit card. Told them right away that I thought them a scammer. They rang off.
This just happened to me today. Robot voice telling me my Amazon was charged a certain amount and if that is correct then to just hang up. If it is a false charge I was to press 1. I just stayed on the line for a minute or two and it disconnected. Went to my Amazon account and of course there was no such charge. I am learning!
Are there really banks that do not use two factor authentication? In Finland that has been the norm since the beginning. The bank provides you a list of single use codes that you give either in order or as requested. In addition you have pin code that only you know. Nowadays they are switching to apps or specific electronic devices.
Thank for the tip man. What a coincidence that just now I received a text saying if i made a purchase of $450 to a Chase account and to click the link.
My security protection is to not pick up calls from unknown numbers . Then Google the number . If you pick up the bots will put you on a list of active numbers for these scumbags to use.
This is why SMS 2FA should never be used, and companies that still offer it as the only option should be heavily fined. Scammers can't trick you like this if you need to retrieve the code from an app on your phone instead of a text message.
If someone is gullible enough to give away the code that is only supposed to be used for authentification AND is literally described to not be shared with anyone, I don't think it's a stretch to imagine the same people giving away a code that an app gives them
i’m curious about number spoofing, which wasn’t mentioned here: as recently pointed out by linus and others, sms authentication is not considered safe because your phone number can be spoofed in order to receive an sms on your behalf.
A simple thing which i always do. If you receive a phone call from a bank or any other corporate that ask for a specific information Bot or Human, just hang up on them and call back the direct number you know for same company/bank and clarify. If you open a website you know from a link that ask for credentials, close the website from the that link and type the website address on a new tab and login from there.
Yeap. NEVER anyone else of any other skin color...-_- of course. That's racist against white people imo. It's NEVER portrayed as Indian from Indian, since literally MOST Microshit windows hackers and scammers speak Hindi and have really thick accents
Thank you, but I never about the security keys instead of the "two-step authentication " where does one get these security keys? Always seems the scammers are always one step ahead 🤐
Check YubiKey for security key. I use both YubiKey and SMS. When I log in on my BitWarden password manager, it would prompt me to use my YubiKey to get in to my account.
I've stopped making new accounts. Your website that I'll only ever use once requires a password to use your service? Take my business elsewhere. Sick of it all.
Sometimes scammer can hijack your phone features, like once I've accidentally sent something to a random scammer, and then it used my own caller id to call me. Always be vigilant of these scams, stay safe and don't always try to troll those scammers..
One of the best fraud prevention actions is to have all your bank and credit cards linked to your cell number so that they can send a text anytime there is a charge.
Yeah, 2FA; for you wealthy people out there. lololololol 💸💸💸💸 Seriously though; if I ever get a call like this, I hang up. I don't even bother. Or, better yet, if the caller ID leads me to believe that the incoming call is likely a scammer, I ignore the incoming call altogether. 🙅♀
Never answer the phone. Let it go to voicemail. Unless its a "person" in your contacts. Never trust any call from a company. Log into websites yourself...DO NOT CLICK LINKS! NEVER CALL ANY PHONE NUMBER THAT POPS UP ON THE SCREEN EITHER!!!!!!!!!
Being aware of this issue, might actually be good for one's security. If I ever get one of these calls, I'll know that it's definitely time to change the associated password
Hey Amazon, When the f*** you're going to add Physical Security Key to Amazon Store Website and Twitch? Facebook, Twitter, and Google has Physical Security Key. So, why is Amazon the trillion dollar cooperation don't have a Physical Security Key to all user Accounts besides AWS Accounts?
Thanks Jo. This is top notch support right there. The news don’t even talk about this or have a segment for it and cops where I live don’t have a RU-vid channel to share stuff like this.
i haven't even watched half the video yet and I know that one should never...NEVER...give any information to someone who contacts you about security online problems. Every legitimate credit company, bank, etc. has a toll-free number you can call to respond to alerts or suspicious behavior.
Someone tried to do this with my UNEMPLOYMENT Visa card! LOL I knew there was no money on it, so that scam never happened. I RARELY answer ANY calls from a number that I don't know, and I delete ALL unknown text messages. My actual phone number is not under my screen name and my screen names are not my actual name as well. I also do NOT bank online ever. Just sayin' This is an AWESOME channel. Glad I found it!
Wth i responded to your community post to write a comment... now spam messages are getting as replies whenever I post a comment on any other channel... This issue just started less than a week ago... What the f have you done ....!!!?? I am afraid that i have to delete my gmail account....🥴🥴🥴😵😵🥴🥴🥴😵🥴🥴🥴🥴🥴🥴 Joe or anyone please help me ..... Joe i didn't expect this from you..... Like...o m god..... I didn't even post the comment in the link you provided... I just replied to the community post...omg....i am going nuts ...please help... I am a young lad ...i don't know anything about computer and programming..... 🥴🥴🥴
Hint: No genuine finance company Paypal, Google Pay, your bank etc., will EVER call you unsolicited and ask you to log into your account or give them either your password or 2fa security code. EVER. So, don't fall for this scam tactic.
Just a note about my iPad Pro 2021, with 128GB his memory is now full with the system data folder taking 55GB. It gone rogue and didn’t stop increasing until run out of memory :( .what is apple doing with my iPad? some days when I wake up I have 1gb of data used (no auto updates). Who is using our equip. and what are they doing?
I can't and will not do any banking over my phones, so they can't hack my account by scamming. If I have a problem I call my bank or credit card company , myself, and straighten it out. NEVER call these jerks back, and never give any info to these bums. I've Never been scammed by these amateurs, and NEVER will be. Hang up immediately.
If I got a text or email claiming that I have a charge for anything on any of my accounts, I don’t even open the email. I just look at the site it claims to be from (based on the topic heading) and go to the site itself. Directly. No clicking links involved. And whether or not there’s the described charge, I change my password. Same if I get an email titled ‘Your password is such and such’, even if the password is something that I haven’t used for years. Heck, I make semi-regular rounds to all my accounts to change the password every few months. And I make them crazy long and randomized, no phrases or whole words to be found. I also don’t save them. Ever. Because you know what? I’d rather be overly safe when it comes to people going out of their way to figure out how to get at my accounts. I keep finding failed attempts to sync or log in on one account or another from places all over the world, which tells me that I have been appropriately paranoid.
And just a little tidbit. MOST of the scammers that have tried to scam me, don't speak Spanish. I do! LOL That usually shuts them down if I happen to answer a phone call by mistake.
