Tagged: two factor authentication Toggle Comment Threads | Keyboard Shortcuts

  • Geebo 9:00 am on March 7, 2023 Permalink | Reply
    Tags: , , , , , two factor authentication   

    Thousands lost in SIM-swapping attack 

    Thousands lost in SIM-swapping attack

    By Greg Collier

    If you own a smartphone, how lost would you be without it? We’re not talking about losing your phone in the couch cushions. We mean, how much would your personal life be at risk if your phone was stolen. For many, their smartphone is the only device they need to conduct their lives. For even more, their entire lives are contained in their smartphone. Bank accounts, email, family photos, and schedules are just a few of things that could be accessed through a stolen smartphone. Now, what if we told you that you can lose all these things from your phone without physically losing the device?

    SIM-swapping is a type of cybercrime where an attacker takes control of a victim’s mobile phone number by tricking the victim’s mobile carrier into transferring the number to a new SIM card. Once the attacker has control of the phone number, they can use it to access the victim’s online accounts, such as email, social media, and financial accounts, which often rely on text messaging for two-factor authentication. Then the attacker can not only access your accounts, but they can lock you out of them as well.

    Recently, a man from Colorado lost $24,500 out of his savings account after his phone received a SIM-swapping attack. The victim received an email from his bank that a large transfer was being made, but by the time he was able to contact his bank, the transfer had already gone through. You can almost imagine the shock on his face when he tried to call his bank, only to find out his phone had no service.

    There are several effective ways to protect yourself from SIM-swapping. One is to use an authenticator app instead of relying on text messages for two-factor authentication. Authenticator apps are linked to a device instead of a phone number, making them more secure. Additionally, it’s important to avoid using accurate information for security questions on online accounts, such as high school mascots or pet names, as this information can often be found on social media. Lastly, you can contact your carrier and request that they disallow any device switches on your account, but keep in mind that to unfreeze your account, you may need to visit a carrier store and present identification.

     
  • Geebo 8:00 am on October 18, 2022 Permalink | Reply
    Tags: , , , , two factor authentication,   

    This phone scam could steal your life 

    By Greg Collier

    How much of a panic would you be in if you lost your phone? Can your personal or business email accounts be accessed through your phone? Is your phone locked with a PIN or password? Or is it secured using a fingerprint or facial ID? Do you have banking apps that require a PIN or fingerprint to access? Could any random stranger just pick up your phone and start accessing your money and information? Even if your phone is completely locked down and secure from physical access by outsiders, there’s still a way you can lose all access to your phone without actually losing your phone.

    There is a scam out there that most mobile phones are vulnerable to, and it’s known as SIM-swapping. The name SIM-swapping is a misnomer, since physical access to your phone’s SIM card is not necessary. SIM-swapping works when scammers or identity thieves contact your mobile phone carrier and pose as you. The scammer will use information they’ve found out about you to convince the phone carrier they are you. This is known as social engineering.

    Once the scammer convinces the phone carrier that they’re you, they’ll have the phone company switch your service from your phone to theirs. As soon as that happens, the scammers have direct access to your phone number and text messages. Since most of us who use two-factor authentication have the authorization codes sent to our text messages, the scammers can then access any number of your personal accounts, including your financial accounts.

    This recently happened to a victim from Tennessee. She had received a text message from her carrier indicating a change on her account before her phone service went completely dead. She called her carrier, and another name had been added to the account. By the time she had her service restored, scammers had transferred thousands out of her bank account through the Zelle app.

    There are ways to protect yourself from SIM-swapping. One way is to use an authenticator app instead of using text messages for your two-factor authentication. Authenticator apps are tied to the device instead of being tied to a phone number. Also, when filling out your security questions for online accounts, don’t give the correct answers. Information like your high school mascot or your pet’s name can be discovered on your social media. Lastly, you can contact your carrier and tell them not to allow any device switching on your account. However, to get your account unfrozen, you may have to visit your carrier’s store with your ID.

     
  • Geebo 8:00 am on August 31, 2022 Permalink | Reply
    Tags: , , , , , , , two factor authentication   

    Victim loses $40K in bank scam 

    By Greg Collier

    A man from the Central Valley region of California recently lost close to $40,000 in a bank scam. As far as we can tell, Zelle wasn’t even used, which is a rarity these days. The man received a phone call from someone claiming to be from the fraud department at Bank of America. The caller is said to have told the man that there were fraudulent transactions on his account. But before the ‘fraud department’ could help him, they said they needed the man to give them a six-digit code they were sending to him, so he could verify his identity.

    The man gave the caller the code, and we’ll get to the importance of that in just a bit. The caller then told the man that since there was fraudulent activity on his account, they needed to shut down the online banking option on his account. The caller was actually a scammer who drained the man’s account of nearly $40,000 with several transactions.

    The most disturbing part of this scam is that the scammer already had the victim’s personal information. The victim didn’t have to give the caller any information, as the scammer was able to give the man’s personal information to him. The scammer even disabled the notifications the man should have received when the scammer started taking large amounts out of the man’s account.

    So how was the scammer able to access the man’s bank account? The news article doesn’t go into detail about that. However, if we were to hazard a guess, it seems like the scammer already had all the information needed to access the man’s account. The information could have been obtained through any number of data breaches that have happened in the past few years.

    The only thing the scammer really needed to access the account was the authorization code. Many banks require their customers secure their account using a two-factor authentication code. So even if someone tries to log in to a bank account with the username and password, they’ll still need the 2FA code that’s typically sent to the customer’s text messages. Once the scammer was able to obtain that code, they had complete access to the man’s bank account.

    Anytime you receive a phone call from your bank, especially about fraudulent activity, hang up and call the bank back using the number on the back of your debit card. Scammers almost always spoof the number they’re calling from. Also, never give anyone any authorization code over the phone. These codes aren’t just used for banking, either, as many online accounts can be hijacked if someone were to give this number out.

     
  • Geebo 8:00 am on June 23, 2022 Permalink | Reply
    Tags: , , , , , , two factor authentication   

    Marketplace scam could send angry strangers to your home 

    Marketplace scam could send angry strangers to your home

    By Greg Collier

    Typically, when we discuss scams carried out through Facebook Marketplace, they’re the ones that plague a lot of online marketplace platforms. Of course, there’s the fake check/overpayment scam. Lately, the Google Voice verification scam has been popular on Marketplace. There have also been a number of rental scams, just to name a few. Now, a new scam has been reported that could have unintended consequences for all victims involved.

    According to a report out of Tulsa, Oklahoma, scammers are hijacking the Facebook accounts of their victims through phishing attacks. The report states specifically that the scammers are posing as old friends that you may not have heard from in a while. However, the scammers use the hijacked accounts to place items for sale on Marketplace that didn’t actually exist. While some of the items have been mundane, like furniture, other listings have been advertising purebred puppies.

    As we have seen with previous puppy scams, scammers will often list a fake address to make their scam seem more legitimate. This has led to victims showing up to homes where they think they’re about to get a puppy, only to be turned away in disappointment. While some victims understood the situation, others have become angry at the people living at the address listed, thinking that the residents are part of the scam.

    If scammers are collecting money through apps like Venmo, Cash App, or Zelle, they could be sending their victims to the address of a person with a hijacked Facebook account. This scam could potentially lead to a violent encounter.

    The best way to protect yourself is to keep your Facebook account secure. Consider making your account private to your friends and family only. Use a password that can’t be guessed easily. For that, you can use a password generator service. Even most modern web browsers have a password manager built in. Lastly, you should enable two-factor authentication on your Facebook account. This means there would be a two-step process into signing in to your Facebook account.

    While none of these methods are foolproof, they do go a long way in keeping your digital life secure.

    Video: Stolen Facebook account posts fake ads, sends strangers to woman’s doorstep

     
  • Geebo 8:00 am on June 20, 2022 Permalink | Reply
    Tags: , , , , two factor authentication   

    FBI warns of social media cash scam 

    FBI warns of social media cash scam

    By Greg Collier

    The advent of personal payment apps like Cash App, Venmo, and Zelle has given rise to a new generation of scams. One of the most egregious scams is the cash flipping scam. This is mostly associated with Cash App, although it has appeared on other platforms. Cash flipping is when scammers try to convince their victims that they’ll give the victims a lot of money in exchange for a little money.

    For example, a scammer may promise victims $500 if the victims send the scammers $50 through Cash App. Once the victim sends the money through Cash App, the scammer blocks the victim and keeps their money. The scam is given legitimacy since Cash App itself holds giveaways called #CashAppFridays. Cash App policies give little recourse to victims in scams like this. Payments can often only be refunded if the person who receives the payment cancels the transaction.

    Recently, the Las Vegas office of the FBI has issued a warning about cash flipping scams. They say that scammers are using hijacked social media accounts to approach victims through private messages. Often these hijacked accounts show pictures of people with large amounts of cash to try and make the scam seem on the up and up.

    If the scammers don’t break off contact immediately, they’ll claim Cash app is holding up the transaction. The victim will then be instructed to use a certain email address on their Cash app account to make the transaction go through. This then allows the scammers to hijack the Cash App account itself.

    To avoid this scam, the FBI recommends using two-factor authentication on your payment and social media apps. While this can be an inconvenience to some, it goes a long way in keeping online accounts secure. If the scammers ever request any kind of verification code number, they’re trying to circumvent your two-factor authentication, and that code should never be given out to anyone.

    Lastly, people don’t get rich by giving away money for free. As with most scams, if it sounds too good to be true, it probably is.

     
  • Geebo 8:00 am on July 28, 2021 Permalink | Reply
    Tags: , , , red light camera, , , , TSA PreCheck, two factor authentication   

    Scam Round Up: Red Lights, the TSA, and Google Voice 

    Scam Round Up: Red Lights, the TSA, and Google Voice

    By Greg Collier

    Every so often, we come across scams that may not warrant an entire blog post. So here are three scams that caught our attention this week that be briefly summed up.

    In Renton, Washington, scammers are sending emails to victims claiming that the victim ran a red light and was caught on one of the city’s red light cameras. The email contains a link where you’re supposed to pay your fine but, of course, goes to the scammer instead. What makes this scam effective is that many jurisdictions use a third party online platform to collect some traffic fines. However, you can tell that this is a scam since most, if not all, cities send their red light tickets through the postal mail and not by email. Most states don’t even have your email address connected to your license plate number.

    ***

    If you travel a lot for business or leisure, you may have thought of signing up for TSA PreCheck. This program allows low-risk individuals to pay for a service where they can have an expedited security check when flying. As with a lot of government services, scammers are trying to trick PreCheck seekers into giving up their personal info by creating phony websites that claim they can register you with PreCheck. Again, there is a simple solution to this scam, but not everyone is aware of it. Only websites that have a .gov address can register you for PreCheck. Some of these scam websites may even have a .us address. Anybody can purchase a .us domain name, and it is not under the authority of the US Government. You can apply for TSA PreCheck at the TSA website.

    ***

    Our last scam for today is one we’ve previously discussed and also affects Geebo’s industry. If you’re selling something online, whether it’s with Geebo or someone else, be wary if someone says they want to prove ‘you’re real’. An authorization code will be sent to you and the buyer will ask for that code number. Do not give it to them. They’re trying to set up a Google Voice number that would be tied to your phone number. This way, they could continue scamming people using the Google Voice number, but would be traced back to you. This recently happened to a woman from New Hampshire who was selling her items on Facebook Marketplace.

    ***

    Please keep in mind that even though these scams may not be happening in your area, that doesn’t mean that it soon won’t be.

     
  • Geebo 8:00 am on July 26, 2021 Permalink | Reply
    Tags: , , , , , two factor authentication   

    Bank scam targets gig economy workers 

    Bank scam targets gig economy workers

    By Greg Collier

    For better or worse, millions of people have turned to work in the gig economy either as their primary income or as a secondary source of revenue. The gig economy is where people work for non-traditional companies as independent contractors. For example, if you drive for Uber or Lyft, or deliver for Grubhub or DoorDash, you’re part of the gig economy. Working as an independent contractor for any one of these types of companies already comes with its own pitfalls. Many say that the companies are already taking advantage of their workers by removing protections that many traditional jobs have. If that wasn’t bad enough, scammers are now targeting gig workers’ bank accounts.

    A DoorDash driver from North Carolina was recently a victim of this scam, where he ended up losing $1,000. While making his rounds, he received a phone call from someone claiming to be from DoorDash. They told him to pull over somewhere safe and then said that the driver’s DoorDash account had been compromised. The scammers were even able to give him details from his own account. The scammers then instructed the man that they were going to send him an authorization code to save his account. All he had to do was tell them the code, which the driver did. When he went to get his payment from his DoorDash account, he discovered that the scammers had directed his payment away from his bank account and into theirs.

    Authorization codes are usually sent to customers of whatever service if they need to make a change to their account. This is part of what’s known as two-factor authentication. If someone is claiming to be a representative of that company, they won’t need an authorization code to make changes or protect your account, as they already have your information. This affects everyone too, not just gig workers, as many of the services we rely on every day require authorization codes to access them.

     
  • Geebo 9:01 am on February 8, 2021 Permalink | Reply
    Tags: , , , two factor authentication,   

    Payment app scam preys on your kindness 

    Payment app scam preys on your kindness

    Most of us have some form of banking or payment app on our phones. Whether they’re through our local bank or one of the many mobile payment services available, a lot of us make payments or transactions through these platforms. But how many of us really have these apps secured on our devices? You may have your phone locked using a PIN or fingerprint check, but what if someone was able to bypass your phone lock?

    A woman in Charlotte, North Carolina recently found out the hard way what happens if you don’t secure your apps. She was working at home when a man knocked on her door and asked if he could use her phone. He claimed he had locked his possessions in his car and needed to text a relative. Being a kind person, she allowed the man to use her phone to get help. After using the phone, the man handed the phone back to the woman. That’s when she noticed the emails from Venmo. In that short amount of time, the man is said to have sent close to $1000 to himself through Venmo. The problem with many of these apps like Venmo is that once payment goes through, the victim of a scam can be blocked by the scammer making retrieval of your money almost impossible.

    If you’re the type of person who tends to be a good Samaritan you should be commended for being willing to help others that you may not even know. There is still a way for you to lend someone your phone without exposing your financial apps. Most financial apps have some form of two-factor authentication available to you. A PIN or biometric scan like a fingerprint or face unlock can be enabled. This means that even if your phone is unlocked for someone to use, your financial apps will still be secure. If they don’t offer this service, you may want to consider using an app that does. While you may think that enacting these measures may make it more inconvenient for you, in a short time you’ll hardly even notice the small amount of extra time it takes you.

     
  • Geebo 8:00 am on October 21, 2020 Permalink | Reply
    Tags: , , , , , two factor authentication,   

    A Cash App scam that could happen on the street 

    A Cash App scam that could happen on the street

    Most scams that happen on payment apps like Cash App happen online. However, we just came across one that happens on the street.

    The report we found about this scam comes out of Nashville, Tennessee but could happen in any city. In Nashville, the city is known for its music scene so there are a number of street musicians looking to get their name out there. There are also a number of scammers looking to take advantage of those interested in the music scene.

    The scammers will pose as a street musician and will approach a victim. The scammer will ask for the victim’s phone so they can pull up their music video on YouTube. Instead, the scammer accesses one of the victim’s payment apps like Cash App, Venmo, or PayPal and sends the victim’s money to themselves before fleeing the scene.

    While this particular approach may be exclusive to Nashville or any other city with a vibrant music scene, this scam could happen anywhere. You could be approached by someone asking to use your phone for an emergency where instead of calling someone they could be draining one of your payment app accounts.

    There are several ways to protect yourself against a scam like this. First off, it’s generally a good idea to never hand your phone over to someone you don’t know. Secondly, most of the leading payment apps have security features that prevent other people from accessing your account on your phone. Known as two-factor authentication, you can have a PIN set up to open the payment app or you could use your phone’s fingerprint reader to access your account. When these features are enabled, it goes a long way in preventing others from accessing your accounts on your phone.

     
  • Geebo 8:04 am on October 21, 2019 Permalink | Reply
    Tags: , , , , , , two factor authentication   

    Smart home camera hacked in baby’s room 

    Smart home camera hacked in baby's room

    A California CEO has written a column for The Mercury News where he relays the tale about how his smart home camera system was hacked. It is quite a rather harrowing tale as the digital vandals used the speaker on the camera in the baby’s room to harass the family’s nanny. The anonymous voice on the other end of the camera was using profanity and even threatened to come take the baby at one point. It wasn’t until all the cameras were disconnected did the harassment stop. The father later found out that this is a fairly common occurrence with internet-connected cameras, specifically the brand that he was using.

    The father then tried contacting the technical support arm of the corporation that manufactures the cameras and was on hold for over an hour. He also received emails that continued to push the idea of two-factor authentication to keep out would-be pranksters. The father was not satisfied with this response and has vowed not to use this brand of camera ever again. His outrage can be understood especially for parents with young children because you can never truly know who is watching your home while you’re unaware. A more sophisticated criminal could use such information gleaned from home cameras to tell when a home may be vulnerable to being robbed.

    [youtube https://www.youtube.com/watch?v=Tgfg4Dv2B2M%5D

    While the camera maker’s customer service may sound a little tone-deaf as far as the father’s mistrust is concerned, their advice about two-factor authentication is not wrong. 2FA, as it’s known, can go a long way in preventing these cameras from being hijacked. Also if you use the same password across multiple services you could be compromising your security greatly by making it easy for hackers to gain access to your devices. In this case, you may want to try some of the more reliable password managers out there. As we have said before, if you don’t take your internet security more seriously, it’s like having the most expensive lock that you just leave the key in.

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel