π±π± WOW... get this:
A friend went to his HR department today asking why he did not receive salary since two months. HR had to check and apparently, they got hit by fraudsters in the most insane way. You should read this as a warning π
A friend went to his HR department today asking why he did not receive salary since two months. HR had to check and apparently, they got hit by fraudsters in the most insane way. You should read this as a warning π
It all started with a friend searching for an apartment on german website @Immobilienscout. To verify his identity and income he had to upload his ID and the last two income reports from his employer - standard practice in german apartment hunting.
Thinking this data is only shared with serious apartment offers or not at all was something that he (and I until now) considered obvious. But *someone* now had his ID, bank account data, salary, employer name, employee number and signature. So...
That sneaky bastard sent a FAX(!!!) to the companies HR department to send the salary to a new account from now on. Happened 3 months ago. HR did it because it had his sig, employee #, etc. A fax is a valid official document even if the sender is not identified (opposed to email)
Neither HR nor the bank got suspicious that the new bank account had a different holder name but that name is also not bound. You can write whatever you want as long as your IBAN is correct.
There was no additional notification to the employee (two-factor-auth anyone?).
There was no additional notification to the employee (two-factor-auth anyone?).
Not sure why the fraudsters even tried though. Bank will refund everything but it's still a big blow to the privacy & data protection of the company and of course ImmoScout.
So please, black out all data that is not needed on this documents, like your employee number, bank account, etc. I blindly trusted those services and I'm definitely only lucky that it did not hit me yet. Uploading this data to @Immobilienscout seems like a huge mistake.
Seems to be exactly the reason why there are so many fake listings. Nice observation π
https://twitter.com/marklubkowitz/status/1082999315256274945?s=21
Small update: bank did not refund yet and itβs still up in the air. They obviously see the fault on HR side. So all parties are blaming each other right now.
I talked so much about this today with my colleagues as it is such an interesting attack, exploiting different weaknesses in different established systems. From german housing, to tech, to money transfer, auth, etc... π€. Interesting and scary.
Let me make this perfectly clear: I wanted to share this to show the problem with german apt hunting. I have no idea about @Immobilienscoutβs data topics. I never wanted to imply a leak or anything. Itβs normal to give salary verification and ID to landlords in Germany like this.
β’ β’ β’
Missing some Tweet in this thread? You can try to
force a refresh
γ
