| ▲ | QuadmasterXLII 5 days ago |
| The load bearing question is, why didn't the attacker also clear out OP's bank account, retirement savings, and max out his credit cards? Unfortunately, the difference is that banks care literally at all about their customers accounts being emptied. |
|
| ▲ | QuadmasterXLII 5 days ago | parent | next [-] |
| What I specifically mean by "care literally at all" : banks have a policy of reimbursing people who had their accounts emptied despite taking reasonable precautions. This creates sane, linear incentives: banks care 1000x more about a $100,000 fraud than a $100 fraud; they care 1000x more about a scam affecting 100 people than a scam affecting one person, etc. Unrelated, but for added spice, here's a thread from ten months where everyone agrees you're a fool unless you secure your coinbase account with google authenticator https://www.reddit.com/r/CoinBase/comments/1h65zuh/account_h... |
| |
| ▲ | nostrademons 4 days ago | parent | next [-] | | It's not linear at all. We had our identity stolen through an insurance scam (somebody used our bank account and somebody else's name to open a policy with Progressive, which apparently does not validate ACH debits). This resulted in premiums of ~$300, $300, ~$500, $1002.96, ~$900, ~$900, and ~$3000 as the attacker presumably racked up huge fraudulent claims on the insurance company. The first 3 bills were reversed by Wells Fargo because their fraud policy covers fraudulent charges under $1000. The 5th and 6th were reimbursed because they were reported within 60 days of being made (and were under the limit anyway). The 7th didn't go through because we had detected the fraud and closed the account by then. But the 4th was just over the $1000 limit that they would reimburse, and so they were like "Sorry, nope, you're on your own for that one." We even filed a police report and waved that at them, and they said "We don't care. Company policy." So the very counterintuitive and non-linear result was that they paid for the $300, $500, $900, $900, and $3000 charges, and stuck us with the $1000 one, just because it was $2.96 over their limit. (Part of me really regrets declining to prosecute, but I had a ton of other stuff going on at the time and the last thing I wanted to do was get involved in a court case.) | |
| ▲ | 3D30497420 5 days ago | parent | prev | next [-] | | This is one of the main reasons I don't like crypto. If you get hacked, even if you did everything right, then you're out of luck. The funds are (generally) unrecoverable. With my bank, I've been able to recover several thousand after a thief was able to bypass the 2FA app used to verify large transfers. (I still don't know how they were able to bypass the verification, and after investigating our bank never told us. Not sure that makes me feel all warm and fuzzy, but at least I was made whole with minimal fuss.) | | |
| ▲ | beeflet 4 days ago | parent [-] | | If you got hacked, you didn't do everything right | | |
| ▲ | trog 4 days ago | parent | next [-] | | This is elitist nonsense. Maybe this user didn't do everything right but people are hacked regularly through zero fault of their own. | | | |
| ▲ | 3D30497420 4 days ago | parent | prev [-] | | How about https://xkcd.com/538/ ? | | |
| ▲ | beeflet 3 days ago | parent [-] | | I'll take the $5 wrench and $10,000 hitman attack that I'm aware of instead of the $0 push-button attack that you don't discover until it's too late. |
|
|
| |
| ▲ | thrill 5 days ago | parent | prev | next [-] | | In my actual real world experience of digging my elderly mother out of $25,000+ of scam debt, banks do not care at all unless they can be shown to be at fault, and then they weigh the loss expense vs the likely legal expense. | | |
| ▲ | SpicyLemonZest 5 days ago | parent [-] | | What kind of scam debt in particular? I’m not blaming your mom, but there’s a big difference for a bank between “someone stole my identity to falsely authorize this transfer“ and “someone tricked me into authorizing this transfer”. | | |
| ▲ | janalsncm 5 days ago | parent [-] | | Never thought about it this way before, but phishing an individual is way higher ROI than identity fraud. So we should be extra vigilant about the former. With the former, your recourse is essentially zero. Banks won’t do anything, cops are useless. With the latter, banks try to prevent it and it’s harder and riskier. |
|
| |
| ▲ | petcat 5 days ago | parent | prev | next [-] | | > banks have a policy of reimbursing people who had their accounts emptied despite taking reasonable precautions In USA, banks are actually required by law to reimburse fraudulent account activity if reported within 60 days. However, this does not cover cases where the account holder themselves made the transfers even if they were tricked into doing so. But if someone gets your login and liquidates your bank account, in USA a least, the bank is 100% responsible for that fraud. Credit card companies are 100% responsible for fraud regardless. Even if they try to market it as a perk "You're never responsible for unauthorized transactions". Yeah, no shit. It's the law. | | |
| ▲ | jcalvinowens 4 days ago | parent [-] | | Banks really don't mind fraud, because they can use fraud to justify higher fees, which they ultimately make more money off of than the fraud actually costs them. |
| |
| ▲ | ycombinatrix 5 days ago | parent | prev [-] | | yubikey is better |
|
|
| ▲ | Tharre 4 days ago | parent | prev | next [-] |
| The flip side of that of course being that they increasingly force you to do your banking on a locked down smartphone for the same reason. Doesn't seem like there's a lot of middle ground between being responsible for your mistakes and being treated like you can't be trusted to make your own decisions. |
|
| ▲ | calmbell 5 days ago | parent | prev | next [-] |
| And transferring money from a bank or brokerage account takes time. Enough time that anyone paying attention should be able to report the transfer as fraudulent before it completes and have the account frozen. |
| |
| ▲ | dist-epoch 4 days ago | parent [-] | | It depends. In UK a transfer is instant. In most of EU it happens the same day, many times in hours. | | |
|
|
| ▲ | bdangubic 5 days ago | parent | prev [-] |
| the banks don’t give two shits about it :) |
| |
| ▲ | fn-mote 5 days ago | parent | next [-] | | The difference is that you have leverage to force the banks to care. There isn't any federal regulation at all covering your Bitcoin. | | |
| ▲ | wmf 5 days ago | parent | next [-] | | Bitcoin exchanges like Coinbase are regulated by the CFTC in the US. This case is more of a Google problem though. | | |
| ▲ | ameliaquining 5 days ago | parent [-] | | I don't believe the CFTC has any rules requiring crypto exchanges to reverse fraudulent transactions. | | |
| ▲ | bdangubic 4 days ago | parent | next [-] | | this isn't fradulent - you being silly and allowing someone full access to your account is your fault as much as leaving a wallet a strip club and calling owner joe for a refund | | |
| ▲ | otterley 4 days ago | parent [-] | | It is absolutely fraudulent. If you intentionally misrepresent yourself as the real account holder to the financial institution (by presenting credentials that do not belong to you), the institution relies on this misrepresentation, and damages result, that is fraud. Full stop. |
| |
| ▲ | wmf 4 days ago | parent | prev [-] | | It's generally impossible to reverse crypto transactions so such regulation would be pointless. CFTC could force Coinbase to use 2FA but that was already enabled. |
|
| |
| ▲ | bdangubic 4 days ago | parent | prev | next [-] | | what federal regulation is there where it is your fault that you allowed someone access into your account? name a statute (any state or federal)? :) | |
| ▲ | thrill 5 days ago | parent | prev [-] | | Fraud is fraud. There’s plenty of laws against it. | | |
| ▲ | ameliaquining 5 days ago | parent [-] | | The question is not whether it's legal to defraud someone, but what a financial services provider's obligations are if their customer gets defrauded. The answer here is quite different for banks and brokerages than for crypto exchanges. | | |
| ▲ | bdangubic 4 days ago | parent [-] | | it really is not. no bank is going to refund you money cause you are a moron (we have all been morons, I am not trying to disparage the person that got scammed, I sympathize with him) | | |
|
|
| |
| ▲ | adrr 5 days ago | parent | prev | next [-] | | Banks do care because they are on the hook. If someone commits identity theft and steals money from the bank via your account, its on them. | | |
| ▲ | beeflet 4 days ago | parent | next [-] | | There is no such thing as identity theft. That is a term made up by banks to pass the blame for their insecure means of authentication. | | |
| ▲ | otterley 4 days ago | parent [-] | | There is such a thing, if you equate “identity theft” with the fraud it enables. Stealing credentials just the first step. |
| |
| ▲ | bdangubic 4 days ago | parent | prev [-] | | this is not identify theft :) | | |
| ▲ | adrr 4 days ago | parent [-] | | As long as he didn't give out credentials to his bank account, he's well covered. | | |
| ▲ | bdangubic 4 days ago | parent [-] | | he's most definitely not covered. I would run this scam 24/7 with every bank in America if I was "covered" :) |
|
|
| |
| ▲ | insane_dreamer 4 days ago | parent | prev [-] | | but crypto exchanges/wallets give even fewer shits :) |
|
