In France, basically every bank say (show in their app and everything) "if we call you and ask anything like code, confirmation, to do an action, anything, end the call and call us back, don't do anything on a call you didn't initiate".
Same in their app eg you try to do a sepa wire to a new recipient and you get a warning "are you on the phone with someone ? did someone ask you to do that ? please call your bank by pressing this button. By the way we will never call you to ask an auth code or to do a wire"
A few UK banks detect that you're on a phone call and show a message like "we've never called you" or "we are not calling you right now" in their app, I think that's really smart.
The amount of behind the scenes work to get that set up seems impressive.
Here is a fun one, my mobile phone company has an account lock along with a pin and OTP over SMS system. In order for me to activate a new device (like an phone upgrade) with eSIM over the phone, I need to unlock my account with account lock, give them the pin over the phone, and read the SMS OTP to the mobile phone rep online. I get doing the account unlock and verbal pin, but I don't get why they ask for the OTP especially when they train us to never share the OTP over the phone. I even asked the rep about it, but he mentioned that you should never share the OTP if you did not initiate the service request. From a security posture point of view I think that stinks. I am not exactly sure how they expect SMS OTP to work in the case where my phone is not functional.
And then we have the national post office sending its notifications from the scammiest-looking domain they could find: noreply@notif-colissimo-laposte.info
Unfortunately in the US, maybe elsewhere, pharmacies and medical offices have trained the elderly it’s okay to verify their dob when they call. Costco does that when they call and it drives me nuts.
US insurers expect you to click on sms links and log in with your username, password, and 2fa all so you can receive a fucking marketing message.
Why would anyone stick with an insurer that clearly doesn’t give a darn about them?
Just for a discount?
Don’t have much of a choice. Gotta love our system.