Revolut - Fraudulent Transactions

losttheplot said:
Can't vouch for the accuracy of the survey, but it claims Ireland is the most phished country in the world.

www.rte.ie

Ireland 'most phished' country in the world, survey finds

Almost two-thirds of Irish adults have experienced phishing, making Ireland the most phished country in the world, according to new research.
www.rte.ie www.rte.ie
Click to expand...
It sounds like a nonsense headline. My interpretation from that brief article is that Irish adults are better at identifying phishing, so more of them said they'd experienced an attempt. I'd be very surprised if there's anyone anywhere who isn't regularly receiving phishing attempts.
 
Persius said:
Every site uses TLS encryption these days. Just look at the URL for this site. It begins with https. So there's no way for the Wi-Fi hotspot to snoop on the traffic. And if they tried to spoof the website (man in the middle attack), then they wouldn't have a valid TLS cert, so it would fail. And if they tried to downgrade the traffic to plain http, the browser would flash a warning.

If you ever try to install a new root certificate on your device you will get a big warning about whether to trust this, so I don't see how the operator of a malicious WiFi hotspot could get a user to download a rogue root cert without big warnings flashing up either.

That's not to say that there aren't other dangers with using public WiFi. But I think the danger of your passwords being snooped is minimal nowadays due to almost universal adoption of TLS for websites and browser warnings when anything unusual with TLS is happening. The exception is if the WiFi provider itself asks you to sign up to it's service with an email address and password and you re-use your existing password that you also use for your email account or anything else.
Click to expand...
Every phishing attempt I've received via a text message in the last 6 months (and I checked my messages before I typed this) has a link to a Https website. You can no longer assume that such a site is secure.

In terms of downloading rogue certs, totally agree with what you are saying but all the fraudsters need is one moron out of a hundred to do so and they are in business. A lot of people don't understand, read or assess these messages. Same kind of people who write PIN numbers on bits of paper and leave it in their wallet.
 
thedaddyman said:
Every phishing attempt I've received via a text message in the last 6 months (and I checked my messages before I typed this) has a link to a Https website. You can no longer assume that such a site is secure.

In terms of downloading rogue certs, totally agree with what you are saying but all the fraudsters need is one moron out of a hundred to do so and they are in business. A lot of people don't understand, read or assess these messages. Same kind of people who write PIN numbers on bits of paper and leave it in their wallet.
Click to expand...
Agree with the phishing issues. It's a major problem. But it doesn't matter whether you're on a public WiFi or sitting at home. You need to do your own examination of the link to see whether it's the actual bank website or a spoofed one with a slightly different name.
I'm not saying that https means that the site is secure. I'm just saying it prevents man in the middle attacks, which was traditionally a major concern on public WiFi.
 
You must log in or register to reply here.
Back
Top