That is a scam, they probably send mass texts linked to tracking numbers that have a registered phone number.
In order to pay import duties, these crazy fuckers are expecting me to enter my bank logon details into their website. What. The. Fuck.
Submitted 2 months ago by johsny@lemmy.world to mildlyinfuriating@lemmy.world
https://lemmy.world/pictrs/image/2945359c-4948-42ae-a822-ec05eedd74e2.png
Comments
indomara@lemmy.world 2 months ago
ByteOnBikes@slrpnk.net 2 months ago
I remember one of the funnier scams.
They said they were from USPS, and in order to finish shipping, they needed me to pay the tariff.
It didn’t have anything about me. No login. No address. No tracking number. It just wanted me to hit that pay now button.
But even then, why would I pay a tariff for something I didn’t order?
superkret@feddit.org 2 months ago
They didn’t send it just to you. They sent it to millions. If even one person happened to order something internationally and be stupid, it’s already worth it.
Hideakikarate@sh.itjust.works 2 months ago
For a while (and still every so often), I received fake texts from delivery companies, but they always referred to me as “There”. “There, we tried to deliver your package…”, “There, your package may be returned if you don’t click this link…”. I was curious what I typed in and where that they recorded my name as “There”.
Viking_Hippie@lemmy.world 2 months ago
I get that once in a while here in Denmark too, only replace USPS with PostNord, sometimes DHL or GLS
Buddahriffic@lemmy.world 2 months ago
And this is one of the ways to filter random scams. If a legitimate business or public entity is reaching out to contact you about an issue you need to deal with, they will know some identifying information about you. Especially the ones claiming that there’s a warrant (or will be). If that was the case, they would definitely know your name and other specific details.
That said, there are targeted scams, too, so don’t assume that if someone can tell you your name that they are legit. Ask them for a callback number (don’t call it, ask because they might be dumb enough to give you a number linked to them that you could pass on to investigators), then hang up and call the number you looked up online.
DannyBoy@sh.itjust.works 2 months ago
Don’t even need an associated list, just a random list of phone numbers. People online shop enough.
possiblylinux127@lemmy.zip 2 months ago
It probably isn’t as the banking industry is crazy
grandkaiser@lemmy.world 2 months ago
Baking network engineer here: Never give out your login details. Not to your mom. Not to your brother. Not to me. Not to a company. Not to a random guy in India. Don’t do it.
kia@lemmy.ca 2 months ago
Ask them for their bank login details so you can deposit the money directly into their account.
darkstar@sh.itjust.works 2 months ago
This is the best
Rooki@lemmy.world 2 months ago
Burn_The_Right@lemmy.world 2 months ago
It’s probably against your bank’s TOS to give your password to a 3rd party. No way this is legit.
hexdream@lemmy.world 2 months ago
My understanding is that should you disclose your credentials you would generally void any fraud protection the banks may offer.
possiblylinux127@lemmy.zip 2 months ago
It probably is. Its for convenience reasons. They pull up your bank page in the background and automatic login and parse the page.
It is incredibly dumb and I would strongly advise against it
echodot@feddit.uk 2 months ago
Why would you need to give them your login details why couldn’t you just sign into your bank account yourself? You still have to provide the details either way so it’s not convenient.
darkstar@sh.itjust.works 2 months ago
Scam
wesker@lemmy.sdf.org 2 months ago
Super massive red flag there.
NegativeInf@lemmy.world 2 months ago
Love that Muse song.
codapine@lemm.ee 2 months ago
🎶 Ooh baby don’t you know I suffer Oh baby when you phished my bank You sent me to a dodgy website Using a convincing link
Ooooooh-ooooh You drained my bank account Ooooooh-ooooh You drained my bank account🎶
1luv8008135@lemmy.world 2 months ago
Google seems to suggest they’re some sort of fintech company out of South Africa? Either way if that’s their product then I’d run a mile in the other direction, and then another just be sure.
codapine@lemm.ee 2 months ago
Yeah no. Plaid is one thing but giving access to your bank login to pay an invoice is something quite another. If it’s legit they can accept a card payment, or send you to a PayPal invoice.
tourist@lemmy.world 2 months ago
Yep. They’ve been around for years.
Normally you would just give them your card info like any other online pay site like PayPal etc.
I saw this shit yesterday when I was trying to buy a weed cart online (still not sure if it’s legal or not. I still hear stories of those moron cops arresting people for “drug possession” i.e. didn’t pay a bribe)
Noped out and just gave the clearnet grey market drug website virtual card info that’s gonna expire in a few hours anyway
ObviouslyNotBanana@lemmy.world 2 months ago
Well that’s a scam
Treczoks@lemmy.world 2 months ago
Don’t. And report them to your bank.
possiblylinux127@lemmy.zip 2 months ago
I’ve seen this in a few places
Just to be clear, the answer is absolutely NO.
anarchyrabbit@lemmy.world 2 months ago
Seen the same thing with other third party payment systems in south africa. Run away my dude.
hexdream@lemmy.world 2 months ago
As a fellow saffer, and a person who works with scam victims, I’m curious as to what services asked you to do that? Feel free to pm me.
barsoap@lemm.ee 2 months ago
This kind of stuff got legalised in Germany: Banks said that e.g. Sofortüberweisung was instigating their customers to break their TOS and should be shut down, anti-trust then said “nuh-uh you can’t just shut down legitimate business” (Sofort is indeed legitimate) and instead put third-party systems under banking regulations, and required ordinary banks to have APIs allowing third parties do do sensible things.
…which theoretically could mean that you’re sent to your actual bank to authorise and thus getting rid of the normalising phishing problem, dunno, haven’t checked I’m boycotting them out of principle for going down that route in the first place. Don’t serve any purpose now that we have real-time transfers, anyway.
henfredemars@infosec.pub 2 months ago
Do not share this info. Never. Always a bad idea.
dutchkimble@lemy.lol 2 months ago
Make sure you email them your mothers maiden name and date of birth too, just to be safe it goes through
Kolanaki@yiffit.net 2 months ago
Yeah… Fuck that noise. I ain’t giving my login details to anyone; not even the people who run the thing I’m logging into.
SatansMaggotyCumFart@lemmy.world 2 months ago
What could go wrong?
johsny@lemmy.world 2 months ago
They look trustworthy, right?
Phil_in_here@lemmy.ca 2 months ago
Hello sir, ozow.com is best most recognize branding. We are trust top tier bank accounts detailed are encrypted so most safe safer than banks actually!
FuglyDuck@lemmy.world 2 months ago
If you’d like, I can show you. Just uh, need you to sign a waiver saying you authorize this little demonstration and accept all risks.
Also, gonna need your login credentials…
jg1i@lemmy.world 2 months ago
They maybe use Plaid to connect your bank? I still wouldn’t do it though. Fuck Plaid. Fuck handing out creds. Find another way.
rockSlayer@lemmy.world 2 months ago
Whatever it is, it isn’t worth it
cheddar@programming.dev 2 months ago
The crazy part that the bank uses username+password method for authentication.
Madison420@lemmy.world 2 months ago
That’s fairly common, 2fa w/loc is after password in a lot of cases.
Gullible@sh.itjust.works 2 months ago
They’ve been doing essentially the same thing for years. Here’s the site from 2 years ago. Not to say that this is definitely safe, but scam sites usually don’t last this long
irotsoma@lemmy.world 2 months ago
Step 3: Log in and select your account to pay from. Don’t worry, we have security covered. 🤣
Yeah, scam or not, this method of getting your account and routing information is not at all secure. I’m actually more surprised that the banks allow another site to initiate the login with a plaintext password. This defies all decent security practices.
wesker@lemmy.sdf.org 2 months ago
I’ve had the same Nigerian prince emailing for the last 14 years.
Gullible@sh.itjust.works 2 months ago
From the same phone number?
ravhall@discuss.online 2 months ago
Well, it is a payment processor that uses bank accounts. So, that makes sense.
FuglyDuck@lemmy.world 2 months ago
That’s what wire transfers are for.
There should be no need for you to give them your credentials. Also, be aware that if you do give a third party credentials, and you get hacked, your banks going to blame you for being stupid.
Because it is stupid.
How stupid is it? Not even the bank support staff will ask for your credentials.
ravhall@discuss.online 2 months ago
I just noticed it was login details… my brain was thinking account and routing.
jqubed@lemmy.world 2 months ago
Are you sure this isn’t a scam?
lazylion_ca@lemmy.ca 2 months ago
Import duties are a scam to begin with.