How hackers are hijacking mobile phone numbers to grab wallets

Discussion in 'mobile device security' started by Minimalist, Aug 22, 2017.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,414
    Location:
    Slovenia
    http://www.calgaryherald.com/techno...hone numbers grab wallets/14306435/story.html
     
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,730
    Location:
    U.S.A. (South)
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,414
    Location:
    Slovenia
    Do you use your phone for 2FA for your accounts? If not, than this kind of attack wouldn't work with you.
     
  4. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,414
    Location:
    Slovenia
    https://techcrunch.com/2017/08/23/i-was-hacked/
     
  5. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    5,144
    Location:
    USA still the best. But barely.
    So 2FA is more vulnerable?
     
  6. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,730
    Location:
    U.S.A. (South)
    Nope
     
  7. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,414
    Location:
    Slovenia
    If your phone is used as 2nd factor, it could be attacked this way.
    I don't know why service provider agents transfer phone numbers to new phones without proper identification.
     
  8. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    5,144
    Location:
    USA still the best. But barely.
    Then having cell service with an obscure MVNO that 99% of the public doesn't know about could be an additional layer of protection.
     
  9. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,414
    Location:
    Slovenia
    Yes, security through obscurity. You can also use burner phone that is used just for 2FA and noting else.
     
  10. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    The phone number is the one being hijacked, not your phone. Doesn't even have to be mobile, could be landline, VOIP, etc.

    The only surefire way to be secure from this is to not use that phone number for any account creation/identification/recovery purposes.

    2FA doesn't matter in this case as long as your account is associated with that phone number.
     
  11. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,730
    Location:
    U.S.A. (South)
    Good point and well taken.

    And also I NEVER use that number when asked every time they peddle that crap of "add your mobile number for better security". They can kiss my SD card in the rear. Ain't happening until these telecoms learn to act like they have an ounce of what they sorely lacked for much too long. Responsibility to their customers who fill their coffers while they throttle the hell and rob them of Bandwidth.

    Long timers like some of us already anticipated the implosion and lack of protection from these very carriers who carry our luggage (data) with these devices.
     
  12. kram7750

    kram7750 Guest

    It is the same most places even real life work places. You act friendly and nice, be patient and provide minimal baaic information (e-mail address, phone number, maybe date of birth) and you're all set.

    People want to be helpful so they do not want to waste your time, and they do not expect a hacker to really call them up.

    Sad truth :/
     
    Last edited by a moderator: Aug 24, 2017
  13. kram7750

    kram7750 Guest

    I agree, make sure to use a separate e-mail which is never shared for things like PayPal too!

    Do not link normal phone to the PayPal account as customer service can find the account via that phone number. But use the secondary not shared number for the account.

    Because while phone service providers may be bad with social engineering to give an attacker control, banking like PayPal are far from perfect too!
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.