<!-- SC_OFF --><div class=“md”><p>TLDR: I have verified that Bank of America is in fact using phone numbers from 3rd party databases to authenticate users and that they are not using fake/decoy numbers as an extra security measure (the consensus from commenters on my original post).</p> <ol> <li><p>I posted that Bank of America is using phone numbers from 3rd party databases to authenticate and verify users when you call support (something B of A told me they’re doing). Original post here: <a href=“https://www.reddit.com/r/cybersecurity/s/EVAnsDl5xB”>https://www.reddit.com/r/cybersecurity/s/EVAnsDl5xB</a></p></li> <li><p>The overwhelming consensus from the community here was that B of A isn’t actually doing that and that rather they’re using fake/decoy numbers as an extra security measure. Similar to fake addresses during credit checks.</p></li> <li><p>Since posting about this, I did more research into the phone numbers that BofA offered to use to verify my account. I can now confirm that these are real cell phone numbers that were (very briefly) registered to my name in the past. And that both numbers they suggested have been unassociated with me for many years and these numbers were never provided by me to Bank of America.</p></li> <li><p>This confirms the theory that Bank of America is doing what they say they’re doing: using 3rd party databases of phone numbers to authenticate users when you call support.</p></li> <li><p>I got massively downvoted in the[…]