Hacker News new | past | comments | ask | show | jobs | submit login

These are what I usually see, or else an automated call with the same approximate script. Is there anything insecure about doing this one? The only thing I can think of is a MiTM where your account credentials are already compromised and they are using your answers to reset your password.

These fraud alert calls (in my experience of course) generally don't have any ID verification so there's no real danger from the user side in interacting with them. They just ask do you recognize these charges and that's it and then initiate any fraud response. From the bank side the worst is if the number has been hijacked but the user would still be able to dispute the charges later through the normal means but CC cloners probably rarely do that so it's not a huge issue.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact