I was really bummed out, got scammed but thought at least I had an acc number with a name and address. I got hit by this myself a while ago when I sent some money for an online purchase that never delivered. That's the whole point of 2FA?īeyond that, it's surprising that bank fraud still happens seeing as in most countries there are very strict KYC/AML requirements, meaning you can only open a bank acc with an ID in person, with a registered address.
You don't suddenly get some kind of authentication pop up, and know to enter a particular code that authorises anything that isn't your password. You'd then have to go to a screen on your computer with that particular transaction, find it, and enter the code. So the message will say 'you're trying to send $200 to xyz at date yxz.
My bank will send me a 2FA code to my phone, it'll explain what it's for first. Update: Google removed Diigo Quick Note, but still has Awesome Screenshot which captures the identical data and sells it to third party crawlers.Įw, bank fail. I am thrilled to see Google finally acting to restore trust in their platform. Here's some more detail on similar stories about Diigo: Rogue extensions are wasting a huge amount of time and destroying trust in the Chrome platform. (All queries received 404 errors, but we remained concerned whether the rogue extension could read the submitted form credentials or the cookie store to get access.)
Rather than feeling that ChromeOS was improving our security, we had our chief software architect spend most of the weekend figuring out who was targeting our platform.
We just switched our 25 member customer service team to Chromeboxes and were very concerned to find soon after that an EC2-based crawler was querying private URLs of our platform.īecause the Chrome Web Store had not banned bad actors like Diigo, we now blacklisted all Chrome extensions except for a very small number that I personally approve. The Quick Note Chrome extension from Diigo (now removed) submits every URL visited to a third-party server and those URLs are then crawled the next day.