Ladies and gents, if I am ever caught trying to be serious your should seek immediate medical attention for me.
The nurse with the tranq dartgun is standing by in the Jurassic Park jeep.
As for the question, it depends. Fraud is a major issue.
Banks do all they can to alert people to scams, and they have systems in place that monitor every transaction for potentially fraudulent behaviour, but banks can't mitigate everything. There are many classes of attack, and they're getting more and more sophisticated.
Just the other day I got an email claiming to have taken over my PC and recorded compromising footage of me, threatening to send it to several of my Facebook Messenger contacts if I didn't hand over $1,000 in bitcoin. The proof that they had done so was that they had a now-ancient password of mine.
I know that they got my email address and that ancient password from the database of a hacked website.
(haveibeenpwned.com will tell you if your email address has been leaked via a website hack. Mine has, 7 times.) and as I don't re-use passwords, my PC doesn't have a webcam, my Facebook account was deactivated at the time of writing, and none of my devices can access any Facebook servers without me knowing, so even if they had taken over my PC they wouldn't be able to access my Facebook, I was fairly confident that they had nothing on me.
For the average person, however? Potentially enough to frighten them into paying, and if that person re-uses passwords, their entire life can legitimately be pulled apart with trivial ease. And a lot of people are running devices that haven't/can't be updated and which are several years behind the curve on security features and will have known exploits, and most are deeply incurious about the technology they use in their day to day lives.
Banks cannot be expected to bail out someone who reluctantly but knowingly hands over money to a scammer.
In the situation where an obviously fraudulent transaction goes through, it's on the banks, who purport to be experts in fraud prevention, to block it. If they don't, then they should be on the hook.
All of which is a long-winded way of saying:
- NEVER USE THE SAME PASSWORD ON DIFFERENT SITES
- KEEP YOUR DEVICES UP TO DATE
- ADD MULTI-FACTOR AUTHENTICATION ON EVERY WEBSITE THAT OFFERS IT
P.S. Also, banks should be broken up, because the psychopathic yahoos in investment banking are still gambling with YOUR money, despite being bailed out in 2008.
Edit 1: knew that they had nothing on me" to "fairly confident that they had nothing on me". A universal truth in information security is that pride comes before a fall.
Edit 2: It goes without saying that I knew they had no compromising footage of me because I would never do something compromising
