• LDerJim@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    ·
    3 months ago

    How would that help in this case? “Sir, please accept the pop up from our app”

    • Telorand@reddthat.com
      link
      fedilink
      English
      arrow-up
      2
      ·
      3 months ago

      I’m talking about TOTP in something like Bitwarden or Authy. You can still social engineer your way to getting a code, but a scammer would have to convince the user to reveal that secret, not just pretend to send a code.

      • Trainguyrom@reddthat.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        3 months ago

        It sounds like in the above case the codes were real 2fa codes from his bank as the scammers were resetting their login credentials then adding an external account to initiate a transfer. Presumably they were simply reusing info from a breach to make the scam smoother