In order to pay import duties, these crazy fuckers are expecting me to enter my bank logon details into their website. What. The. Fuck.

johsny@lemmy.world to Mildly Infuriating@lemmy.world – 392 points –
79

You are viewing a single comment

That is a scam, they probably send mass texts linked to tracking numbers that have a registered phone number.

I remember one of the funnier scams.

They said they were from USPS, and in order to finish shipping, they needed me to pay the tariff.

It didn't have anything about me. No login. No address. No tracking number. It just wanted me to hit that pay now button.

But even then, why would I pay a tariff for something I didn't order?

They didn't send it just to you. They sent it to millions. If even one person happened to order something internationally and be stupid, it's already worth it.

For a while (and still every so often), I received fake texts from delivery companies, but they always referred to me as "There". "There, we tried to deliver your package...", "There, your package may be returned if you don't click this link...". I was curious what I typed in and where that they recorded my name as "There".

I get that once in a while here in Denmark too, only replace USPS with PostNord, sometimes DHL or GLS

And this is one of the ways to filter random scams. If a legitimate business or public entity is reaching out to contact you about an issue you need to deal with, they will know some identifying information about you. Especially the ones claiming that there's a warrant (or will be). If that was the case, they would definitely know your name and other specific details.

That said, there are targeted scams, too, so don't assume that if someone can tell you your name that they are legit. Ask them for a callback number (don't call it, ask because they might be dumb enough to give you a number linked to them that you could pass on to investigators), then hang up and call the number you looked up online.

Be careful looking up numbers online as well. There are lots of fake numbers and sites out there. Use previous known good communication as your guide for contacting the specific entity you are trying to contact. If at all possible. Also, smammers seem to have databases of scraped and leaked data so will often pull up your data based on your caller ID or other info you may disclose to them. Be careful out there.

Don't even need an associated list, just a random list of phone numbers. People online shop enough.

It probably isn't as the banking industry is crazy

Banking network engineer here: Never give out your login details. Not to your mom. Not to your brother. Not to me. Not to a company. Not to a random guy in India. Don't do it.

Agreed. However, there are services that login on your behalf. It is incredibly dumb but they exist.

Just to be entirely clear, DO NOT GIVE THEM YOUR LOGIN

Partners are the stupidest fuckers on the planet. I won't name names, but I have sicced my governance team on fucking http (NO S) websites, usage of certificate pinning, public-facing databases! (Protected by a shitty 2000's-era username+password login interface) transferring credit card numbers in CLEAR TEXT. I swear I've seen every possible idiotic move from partners.