Conversation
corbet

Jonathan Corbet

I'm currently dealing with a contractor to replace the gas furnace with a heat pump and actually use all that power that the rooftop panels are generating rather than burning gas. So far so good.

Today I got an email from a third-party site I'd never heard of with an invoice. To actually pay the invoice, the thing demands my login credentials for access to my bank account.

The contractor seemed surprised that I proved unwilling to do that. I guess I understand why phishing is such a lucrative exercise.
2
5
18
mcdanlj@social.makerforums.info

Michael K Johnson

Reply to @corbet

@corbet My credit union's new bill pay system wants me to do login credential sharing.

Their CTO actually responded to me when I complained, and essentially told me they they couldn't afford the good bill pay platform any more and this was all they could offer.

So all the bills that want credential sharing I'm now entering information manually.

The credit union have otherwise been good, so I haven't abandoned ship, but wow the bar seems to be low for software in the financial sector.

0
0
1
vbabka

Vlastimil Babka

Reply to @corbet
@corbet glad to hear the US finally moved on from the practice of "tell us your credit card details over phone" towards something more secure!
Oh wait...
1
0
1
corbet

Jonathan Corbet

Reply to @vbabka
@vbabka The thing is, of course, that giving your credit card info over the phone is a pretty safe thing to do in the US. Having people go nuts with it is an obnoxious event on a par with realizing that your puppy has just made a mess on the floor ... you're going to spend a while cleaning things up, but there will be no lasting consequences. Experience says that cleaning up the mess in Europe is not as easy.

OTOH giving some random business — and everybody they leak data to — complete access to all of your accounts at a given institution, all of the transactions you have made there, your bill-paying setup, and more ... *that* could have consequences.
1
0
2
broonie@mastodon.social

broonie

Reply to @corbet

@corbet @vbabka It’s not particularly bad in Europe either - it’s more that we generally have far more sensible systems available so why would you use that one?

0
0
1
About social.kernel.org

Terms of service

  1. Please do not use this service in violation of the Linux Kernel Code of Conduct. Doing so will result in your account suspension with the referral of the matter to the CoC committee.

  2. "Repeating"/"boosting" someone else's status on this platform will be treated as endorsement and will fall under rule #1.

  3. You are encouraged to use this platform to promote your work on the Linux Kernel, but there is no restriction on permitted topics (with the exception of anything covered by #1 above).

  4. There is no requirement to post in English, but it should be considered the primary language of communication on this platform.

Privacy notice

The admins of this service have access to all posted statuses. They aren't looking, but if it's something they shouldn't know about, then you should not post it on this platform.

Please see the Linux Foundation Privacy Policy, which applies to this platform as well.

Getting your own account

If you would like an account on this instance, please check that the following applies to you:

  • You are listed in MAINTAINERS or CREDITS

  • OR: You have a kernel.org account or email address

  • OR: You have a long and established history of involvement with the Linux Kernel

If the above is true and you agree with the Terms of Service and Privacy Notice listed above, please use these instructions to request an account: