
“Was just subjected to the most credible phishing attempt I've had to date.” - minimaxir
https://twitter.com/DigitalLawyer/status/1181348689756864513
======
egdod
I don’t get it. How did they get access to his other transaction data when all
they’d done was trigger a password reset request?

~~~
segmondy
they used the "Verification pin" to reset his password, then they logged into
his account and could read the transaction data. they couldn't transfer funds
tho because the account has a PIN.

~~~
egdod
Oh good point.

