Hacker News new | past | comments | ask | show | jobs | submit login

Maybe it's because I'm from a country that is full of 2FA scams exactly like this (particularly for WhatsApp), so I could immediately tell it was a scam, but I didn't find this convincing at all. If the person actively reached out to you on your phone number, it doesn't make sense that they would require you to further authenticate yourself



Financial institutions in the US do this constantly. They call you, and then they ask you for stuff like the last four of your SSN and what loans you might have with them to prove that they're speaking to the right person. They act surprised when you don't want to answer because they called you.


I assume they do this to make sure the number hasn't changed/being answered by someone else?


Yes, the client could be a "sim swap" victim, and in that case you would be talking to an attacker. So the identity validation can be useful in that case.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: