[TriLUG] OT: lack of security at BofA

[Joseph Mack NA3T]

On Sun, 21 Dec 2014, Steve Litt wrote:

> You're right, Michael. But as a nation it's our fault. We didn't give
> BofA enough bailout money to do security right!

:-)

I was in at the Durham Intrex a few minutes ago and mentioned the events this 
morning to the friendly manager, Tim, to get a vendor-eye view of the matter.

He says when you get a phone call like this, it is from the bank and they won't 
ask you any PII. You just talk and if they ask anything they shouldn't already 
know, they're fraud.

So if they ask me for my passwd/securty_string (eg mother's maiden name), am I 
supposed to give it? Not till I know that they're BofA.

Tim's method fails. I would have to sit there on guard with every question. If I 
make a mistake, I've been phished. I get about half a dozen phone calls a day 
from people who have no business calling me; they're just scams. I get spam all 
day. I'm not interested in having a battle of wits every time. I only have to 
slip-up once and I'm hosed.

In response to my "hello", I regard it as the callers obligation to tell me who 
they are and why I should listen to them.

Joe

-- 
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) austintek (dot) com - azimuthal equidistant
map generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!