Hacker News new | past | comments | ask | show | jobs | submit login

My citibank credit card redirects me to "cardservicesdirect.com.au" -- which reads like a phishing site if I've ever seen one.

I confirmed over the phone with their support that was indeed the correct site before typing anything into it.




But did you call the support phone number shown on the dodgy domain?


T-Mobile called me back one time instead of me waiting on hold. This was after I went through the song and dance of giving the automated system my details. The first thing this representative wanted to do was, again, confirm I am who I said I was.

I said think about what you're asking for a second. Should I answer your questions? Couldn't get them to understand. Wound up hanging up and calling again and waiting on hold.


My bank actually gets this right. They very, very rarely call me, but when they do it's

"Hello, am I talking to Nick Lamb?" "Yes, this is me" "OK, I'm calling from Example Bank and our confirmatory password is Melons" [not the actual bank or password] "Thanks, that checks out, what can I do for you?"

This happened because I had one of those conversations you're talking about, and they were like "Aha! We have something we can do for those situations, call us and set a password we can use" so I hung up and sure enough they've used that password ever since. I like it.

It's not a _good_ password, but hey, how many times does anyone try the wrong one? Literally never. So it's good enough.


This reminds me of something my local credit union used to do. They had something where you picked an image during signup that they would always show you during subsequent sign-ons so that you knew you were actually signing into their site.


This seems pointless because an attacker could just proxy the login back to your bank. Well, not pointless -- it raises the bar attackers have to pass -- but not a real solution. Or am I missing something?


Ha, same thing happened to me with Vodafone. Some guy called having some nice upgrade to my account. For some reason, to check something, he said, I need your online password. I said, wait, you call _me_ and want my password too? If I call you, tell I am from your bank and I need your PIN, would give it? Well no, came the reply. Then...

Obviously I terminated the conversation.


I hate it when someone calls me and asks me who I am. You called, you tell me who you want to talk to.


My previous mortgage company was a subsidiary of CENLAR. So the corporate branding of the monthly bill listed x&y.com, the actual owner of the company was cenlar.com, and the mortage was paid at loanadministration.com, which until recently had minimal branding even tying it back to cenlar, let alone the company I ostensibly have the direct relationship with.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: