CaraComp
CaraComp
Forensic-Grade AI Face Recognition for:
Get Started7-day refund guarantee**
Podcast

Your Bank Thinks You're Safe. The Math Says 7 in 10 Aren't.

Your Bank Thinks You're Safe. The Math Says 7 in 10 Aren't.

Your Bank Thinks You're Safe. The Math Says 7 in 10 Aren't.

0:00-0:00

This episode is based on our article:

Read the full article →

Your Bank Thinks You're Safe. The Math Says 7 in 10 Aren't.

Full Episode Transcript


A group of hackers spent all of last year targeting banks — and they never once stole a password. Instead, they called the help desk. They pretended to be an employee locked out of their account. And they talked I.T. support into resetting the security codes for them.


Trusted by Investigators Worldwide
Run Forensic-Grade Comparisons in Seconds
Court-ready facial comparison reports. Results in seconds.
Get Started
7-day refund guarantee**

If you bank online, this one's about you

If you bank online, this one's about you. Because your bank almost certainly told you it uses multi-factor authentication — that extra step where they text you a code or ping your phone. It sounds safe. The math says otherwise. According to a new survey from a security firm called Secret Double Octopus, more than four out of five banks believe they're protected. But only about one in four actually uses the kind of login that resists these attacks. So how did the gap between feeling safe and being safe get this wide?

Start with that help desk story. According to security researchers, the most active threat group hitting financial services this year skipped hacking entirely. They voice-phished — that means they called a human, put on a convincing act, and asked I.T. to reset the login. Then they registered their own phone as the trusted device. No malware. No stolen password. Just a phone call and a good story. That means the lock on your account is only as strong as the person answering the support line. This article is part of a series — start with Meta Smart Glasses Facial Recognition What It Means For You.

Now the confidence gap itself. Researchers found that nearly all banks — around ninety-four percent — saw more phishing attempts this past year. The threats went up. But the strong defenses didn't. Only about twenty-eight percent of the multi-factor logins in these institutions are what experts call phishing-resistant. The rest still lean on text-message codes and security questions — the stuff attackers can steal or trick out of you.

Why the lag? A lot of it comes down to old systems. The survey found that modern cloud apps have decent protection — about three-quarters covered. But the older, legacy systems? Only about half. And more than half of these organizations still run most of their operations on that older infrastructure. So the strongest locks sit on the newest doors — while the vault runs on twenty-year-old wiring. Previously in this series: Bank Mfa Phishing Resistant Gap Financial Security.


The Bottom Line

Then there's the part that isn't about technology at all. It's about the human brain. Attacks that exploit notification fatigue jumped more than two hundred percent in a single year. Here's how that works. An attacker floods your phone with approval requests. Tap after tap after tap. Eventually, tired and annoyed, you approve one just to make it stop. Researchers say that's not carelessness — it's biology. Under a flood of pings, your brain stops asking "did I start this?" and starts assuming "tapping yes makes this go away." Attackers aren't breaking the system. They're outsourcing the break-in to your own impatience.

So the real problem isn't that banks ignored security. It's that they confused turning it on with being protected. A text-message backup code sitting behind a fancy login isn't a safety net. It's an emergency exit — and the attacker walks right through it. Up next: Metas New Glasses Can Log Your Face At A Party And Youll Nev.

So here's the whole thing in plain terms. Most banks think they're locked down, but only about a quarter use logins that actually stop today's attacks. The hackers stopped stealing passwords — now they trick help desks and wear down your patience. And starting this year, regulators have run out of patience too, with no more grace periods for partial coverage. Whether you run a bank's security team or just check your balance on your phone, "we have multi-factor" and "we're actually safe" turned out to be two very different sentences. The full story's in the description if you want the deep dive.

Ready for forensic-grade facial comparison?

Full forensic reports with detailed similarity scoring. Results in seconds.

Run My First Search