• @[email protected]
    link
    fedilink
    English
    22 months ago

    I’m talking about TOTP in something like Bitwarden or Authy. You can still social engineer your way to getting a code, but a scammer would have to convince the user to reveal that secret, not just pretend to send a code.

    • @[email protected]
      link
      fedilink
      English
      2
      edit-2
      2 months ago

      It sounds like in the above case the codes were real 2fa codes from his bank as the scammers were resetting their login credentials then adding an external account to initiate a transfer. Presumably they were simply reusing info from a breach to make the scam smoother