This is an actual email from an actual Irish bank.
How these muppets aren’t hacked on a daily basis is beyond me.
(Note: this was in response to me telling them that no, I won’t be sending you private bank statements over unencrypted email, thank-you-very-much.)
*smh*
@aral This is just a joke, right? Right?
@aral They are a total joke. They get credit card numbers over the phone. They can't even open an account in a timely manner. Everything is a struggle with Irish banking. And they are probably confused why Revolut is too big now.
@fsniper Yeah. The incompetence is mind boggling.
@aral I wish they would send their high level executives to Turkish banks for a weeks collaboration. So that they could see how thing could be better. Not saying getting unsafe practices but their good practices.
@fsniper But then we’d just end up with all our details in Erdoğan’s hands, no? :)
@aral Considering banking aren't they already are? They have these data sharing agreements.
@aral that's..... that's quite something
@aral Good lord.
What is it with banks and fundamental security flaws? This is up there with "put your banking app on the same smartphone that has the 2FA app".
@eibhear @aral @Sevoris THIS! It makes me go nuts! And managers at most freaking banks think that is how its done! I work in the finance industry and can tell anecdotally that most are actively working on integrating 2FA into their banking app - because all neo-banks do it that way... and it reduces maintenance efforts by X%... sometimes I wish to be a person without morale and blackhat the shit out of this idiocy
@IzzyOnDroid @Sevoris @aral he was faster: @eibhear and I already ranted my answer to his post: https://mastodon.social/@buddhaha/112773373867938817
@IzzyOnDroid @Sevoris @aral @eibhear #Lifehacks8.0 and if any gets hacked apply for another and so on
@aral "Please write all your confidential information onto a postcard and post it to this address. We promise we'll take good care of it and treat the data very securely if and when it ever arrives..."
@nigenet Almost exactly what I told them in the email that this was in response to.
@aral ask for their gpg fingerprint so you can encrypt the information before sending it
@skribe The BOI security team are so hardcore they don’t need encryption.
@skribe If someone intercepts a message, Colm from IT tracks them down and gives them a good smack upside the head.
@aral it doesn’t surprise me… That reminds me I should check if the government finally find someone for highest infosec position in the country. Ah yes, in 2022 after 18 months…
@aral secure boi!
@aral BoI is a shit show. I have no idea how their CTO still has a job
@aral What a coincidence. I'm studying security and considering moving to Ireland. Maybe I can get contract work helping banks develop sane practices.
@PC_Fluesterer @aral I'll just tell them I am adding AI to their workflow
@Alephwyr That would require them to acknowledge they have a problem first :)
Good luck with the move + let me know if there’s anything I can help with from here.
@aral So not surprising. Welcome to the real tech-world were cosplaying engineers and Synergy Gregs run the show.
@aral they are being targeted for phishing with alarming frequency TBH
@Sh41 One wonders why.
The illusion of email being a secure medium is staggering. The other day I had the HR dept where I work ask me to send bank statements and SIN equivalent through the mail. A while back I had a foreign embassy ask me to send birth and citizenship documentation via email.
Stunning.
I think it's mainly down to the illusion of "everyone uses email, so it must be safe".