Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
rmbyrro
on Sept 14, 2023
|
parent
|
context
|
favorite
| on:
When MFA isn't MFA, or how we got phished
I can understand how someone with my coworker's voice might lull myself into a false sense of urgency and safety.
To the point of sharing an OTP code over the phone from a strange number? I'm sorry, no.
SoftTalker
on Sept 14, 2023
|
next
[–]
You could give them a false number and see what happens. That
might
trip up their script enough to reveal they aren't who they seem to be. Just play dumb -- "I can't understand why it's not working, that's the number on my phone...."
rmbyrro
on Sept 14, 2023
|
parent
|
next
[–]
That's also a good idea.
matsemann
on Sept 14, 2023
|
prev
[–]
They could trivially spoof the number they're calling from to match.
rmbyrro
on Sept 14, 2023
|
parent
[–]
Or I could call them on a known point of contact, like a phone number or IM.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
To the point of sharing an OTP code over the phone from a strange number? I'm sorry, no.