Tagged: phone security Toggle Comment Threads | Keyboard Shortcuts

  • Geebo 8:00 am on March 18, 2024 Permalink | Reply
    Tags: , , phone security, , ,   

    A cautionary tale of SIM swap scams 

    A cautionary tale of SIM swap scams

    By Greg Collier

    The nightmare of having your entire digital existence commandeered by malicious actors is a chilling reality for one unfortunate family from the Chicago area. What began as a routine day turned into a months-long ordeal of trying to reclaim control over their smartphones and, by extension, their digital lives after falling victim to a SIM swap scam.

    SIM swapping, also known as SIM hijacking or SIM porting, is a type of cyberattack where a malicious actor fraudulently gains control of an individual’s phone number by tricking the victim’s mobile carrier into transferring the number to a SIM card under the attacker’s control. This process involves exploiting vulnerabilities in the carrier’s authentication procedures or social engineering techniques to obtain personal information about the victim, such as their account PIN or other identifying details. The term SIM swapping can be misleading because the attacker doesn’t actually require physical possession of the victim’s SIM card to carry out the attack.

    It all started when the family’s wireless account was hacked, leading to the takeover of not just one, but all five of the family’s smartphones linked to the account. Suddenly, their devices were rendered useless, stripped of cellular service, and locked out of essential apps and services.

    Unauthorized apps were installed on their phones, contact numbers were altered, and passwords to numerous accounts were changed without their consent. The financial toll was staggering, with losses totaling thousands of dollars in stolen funds from various platforms, including investment and cryptocurrency apps.

    It’s suspected that the attackers obtained access to the family’s mobile phone account either by stealing or correctly guessing the account’s PIN. Experts advise regular changes to PINs and caution against using easily guessable information, such as birthdates, as security credentials. Moreover, limiting the dissemination of personal details on social media platforms can help mitigate the risk of identity theft.

    To mitigate the risk of SIM swapping attacks, individuals can take several precautionary measures. Avoid using easily guessable or recycled passwords, and consider using a password manager to securely store and manage your credentials. Whenever possible, use authentication methods beyond SMS-based two-factor authentication (2FA), such as app-based authentication or hardware security keys.

    Again, it’s not recommended to use text messaging to receive your authorization codes. Instead, it’s recommended you use an authenticator app along with a biometric authentication such as a fingerprint scanner. This way, your 2FA information is tied to your device and not your phone number.

     
  • Geebo 9:00 am on January 17, 2023 Permalink | Reply
    Tags: , , phone security,   

    Don’t hand your phone to strangers 

    Don't hand your phone to strangers

    By Greg Collier

    Before the advent of the smartphone, your wallet used to be the one thing you couldn’t leave the house without. Now, except for drivers’ licenses, just about anything your wallet used to hold can be done though your smartphone. Many smartphone superusers don’t even carry wallets anymore and just use their phone. Thanks to tap to pay platforms like Apple Pay, many don’t need to even carry their debit or credit cards anymore. However, too many smartphone users don’t treat their phone like they would their wallets.

    In a suburb of Memphis, Tennessee, some teenage scammers set up shop outside a supermarket. They claimed to be selling candy to help their football team. Like many of us today, their victims were not carrying cash. When the scammers were told by the victim they didn’t have any cash, the scammers would ask if the victim could support their YouTube channel. The scammers then offer to pull up their YouTube channel on the victim’s phone. What the scammers were really doing was going into the victim’s Cash App and sending the victim’s money to themselves. Some victims were taken for $300 while at least one other lost $1800 to the scam.

    This is a variation of a scam we’ve seen before. Previously, scammers would act as if they needed to call someone as if they were in an emergency situation. The scammers would then use the victim’s unlocked phone to access any number of financial accounts.

    The scam described above is essentially the same as handing someone your wallet so they can put their business card inside it. You wouldn’t just hand your wallet to a complete stranger so you shouldn’t do so with your phone.

    However, if you still want to help people out who may be needing your phone’s assistance, there are ways to protect yourself. Many apps like Cash App and Venmo have security precautions you can enable, so these apps can only be accessed by the phone’s owners. These can be done either by using a PIN or fingerprint scan, depending on the type of phone being used. This way you can still help those in need to make phone calls without risking your finances.

     
  • Geebo 8:00 am on May 26, 2022 Permalink | Reply
    Tags: , phone security,   

    Some phone scams are in person 

    By Greg Collier

    We talk about phone scams almost all of the time. So many scams are perpetrated either with or through smartphones. Whether it’s fake calls from someone pretending to be your bank, or an impostor landlord only communicating through text, the device that brings us the most convenience in our lives can also be the most risky. These scams are typically perpetrated from a great distance away. However, there is at least one phone scam that not only can be done under your nose, but can also take a lot of your money.

    A report out of Colorado Springs calls it a new scam, but unfortunately, it’s been around for at least a little while. In this scam, a stranger will say that they need to call a friend or relative and will ask to use your phone. Wanting to be a good Samaritan, a victim may unlock their phone and hand it to the person needing to make a call. What happens next is the person supposedly in distress makes it look like they’re trying to make a phone call. What they’re really doing is going into your payment accounts like Venmo, Cash App, and Zelle to send your money to themselves.

    There are a number of ways you can protect yourself from this scam. The first is to no hand the phone number. Instead, ask the person for the number they need to call and hold up the speaker for the person to use. You can also lock down your money transfer accounts with a PIN or require your fingerprint to access them.

    Most of us will always want to help people in need. Unfortunately, it’s become difficult to tell the difference between scammers and the needy. Hopefully, we’ve helped keep your guard up enough where you can help those in need and not get scammed.

     
  • Geebo 8:00 am on October 15, 2019 Permalink | Reply
    Tags: , phone security, , , , ,   

    SIM Swapping can cost you thousands if you’re not careful 

    SIM Swapping can cost you thousands if you're not careful

    Freelance British food writer Jack Monroe recently made news when she found out that someone stole the phone number to her smartphone. They were then able to transfer the number to another phone where they had access to some of her financial information and were able to steal £5,000 from her personal account. That amount equates to close to $6,300 in the U.S. This is a trick known as SIM_Swapping or SIM-Jacking named after the SIM cards in most smartphones that contain your calling information including your phone number. Unfortunately, there’s not a lot you can do to protect yourself against the attack.

    SIM Swapping works when the victim is targeted by someone with knowledge of how the attack works. First, they get your name, address, and date of birth, then they contact your cell phone carrier to try and convince them that they are you. If the attacker is successful, he can get the carrier to switch your number to their phone. The attacker can then receive all your calls, texts, emails and the like. That way they can receive the two-factor authentication texts that would allow them to access any of your sensitive online accounts including banking.

    [youtube https://www.youtube.com/watch?v=6occS3PyOss%5D

    While most victims of SIM Swapping don’t notice the attack until it’s too late, there are some steps you can take to try to protect yourself although nothing is a guarantee of preventing such an attack. You can instruct your cell phone carrier to require a PIN number if anyone calls to try and have any portion of your service changed. As with most PINs, don’t make it something obvious that an attacker can guess like your birthdate. You can also sign up for a Google Voice number which is much more secure and tougher to attack than a traditional cell phone number but work just like a traditional phone number and they are also free to get.

     
  • Geebo 8:00 am on October 9, 2019 Permalink | Reply
    Tags: , , , phone security, , ,   

    Twitter leaks phone numbers to advertisers 

    Twitter leaks phone numbers to advertisers

    We’ve mentioned two-factor authentication, or 2FA as it’s known, a few times lately. It’s the security protocol that has two or more layers of authentication that better secures your online accounts. The most common form of 2FA is through text messaging. For example, if you have 2FA enabled, when you sign in to an online account not only would you have to provide your password but you’d also have to provide a code that had been texted to you. While authentication sent through SMS texts isn’t the most secure form of 2FA it is better than nothing. However, thanks to so many platforms using SMS texting for 2FA it has led one platform to issue an apology recently.

    [youtube https://www.youtube.com/watch?v=07mRDyydCNY%5D

    Twitter recently announced phone numbers that users had registered with them for two-factor authentication were used for targeted advertising. The numbers were used to match users to marketing lists provided by advertisers. In some people’s eyes, that goes against everything that 2FA is supposed to stand for. One security expert even compared Twitter’s practice to that of trying to secure a tent against bears by using raw meat.

    Like we said, While SMS text messages are the most common form of 2FA, they’re not the most secure. There are alternatives that you can use that are more secure. There are hardware keys that act as authenticators that can be used on both computers and mobile devices. There are also software alternatives that are free, that create something along the lines of a temporary secondary password that can be used for the second layer of authentication. This way, you won’t have to worry about even more robocalls from advertisers and other bad actors from plaguing your phone.

     
  • Geebo 8:00 am on March 29, 2019 Permalink | Reply
    Tags: Alexa for Business, , , , phone security, Virgin Vinyl,   

    Using a second phone number, Virgin Records on the seas, and Alexa for work 

    Using a second phone number, Virgin Records on the seas, and Alexa for work

    Popular Science is offering a pretty good deal for an app called Hushed. Hushed allows you to have a secondary phone number that you can give out to people or companies that you may not be comfortable in giving your primary number to. The deal PopSci is offering is a much better deal than you can get from the Hushed website. However, if you would prefer a free alternative there is always Google Voice where you can also get a secondary number. The drawback to Google Voice is that even though the service has been around for years, Google has a habit of killing a number of their most beloved services with little to no warning.

    Previously, we’ve posted about Virgin Voyages, Richard Branson’s vacation cruise line with a more modern and extravagant appeal. Not surprisingly, there will be a record store aboard Virgin Voyage’s cruise ships. It won’t be a record store in name only as Virgin Vinyl will be selling actual vinyl records. Customers won’t be stuck with a record and nothing to play it on while on the cruise as the rooms come equipped with turntables.

    Amazon’s ubiquitous Alexa service will soon be offered to companies to use as a corporate assistant tool. Alexa for Business will offer several modules called Blueprints that companies can use to free up other resources.

    The blueprints include many of the questions employees regularly bug HR or IT desks about, including; “What’s the guest WiFi password,” “When does open enrollment start?” and “How do I set up email on my phone?” Other Alexa for Business blueprints can help with onboarding new employees, answer common questions, and even broadcast pre-recorded messages.

    However, it’s currently not made clear how secure the Alexa devices would be on corporate networks but one would have to assume it would be more secure than just bringing an Echo from home and letting employees plug in their own devices.

    Speaking of Amazon, they are once again on another hiring spree, this time for jobs in their Tech Hub in Austin, Texas. At current, Amazon is looking to fill 800 positions in Austin, however, if you’re in the market for one of these positions be careful of job scams that seem to crop up around Amazon hiring phases. Keep in mind that Amazon only has one official employment portal at Amazon.jobs and any other website with Amazon in the URL is more than likely run by scammers.

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel