Page 1 of 2 12 LastLast
Results 1 to 15 of 16

Thread: Scammers aren't taking a virus holiday

  1. #1

    Scammers aren't taking a virus holiday

    Of course, scammers can work from home...

    The wife has gotten several phone calls recently from "Apple", telling her that her Apple account(s) are compromised and being used to download and distribute porn, and for various other nefarious activities-- and they need her permission to access her phone, Apple and Google accounts in order to "fix the problem". Uh huh.

    Fortunately she's not falling for that nonsense, but I have to wonder how many do?

    ---Personally--- this is exactly why I absolutely positively and emphatically REFUSE to "add my mobile account"- or the wife's- pertaining to ANY financial institutions or transactions whatsoever to ANY of our mobile phones. Likewise with "clouds". None of our financial info, and definitely no passwords are stored in our phones or on any cloud. The only stored passwords on our phones (that I'm aware of anyway) are the login numbers.

    All saved passwords, banking, etc, is done via PC. If we need to know an account or loan balance, can't be done by phone.

    Anyway, this 'your account is being used to distribute pornography' scam is a good one as far as getting some folks to drop their guard. Be aware...
    ========================================
    ELEVEN - rotary cutter tool machines
    FOUR - CO2 lasers
    THREE - fiber lasers
    ONE - vinyl cutter
    CASmate, Corel, Gravostyle


  2. #2
    Join Date
    Mar 2003
    Location
    SE PA - Central Bucks County
    Posts
    52,407
    So what are you using for two-factor authentication which a number of entities now pretty much require if you won't use your mobile phone? (that's actually secure as long as you have a pin code on your wireless phone number as it's rare ... although certainly possible ... for a carrier to screw up and allow a number transfer to someone wanting to steal the number to get into other accounts) I'm just curious about your thoughts about this and have no issue with your personal preference.
    --

    The most expensive tool is the one you buy "cheaply" and often...

  3. #3
    Join Date
    Dec 2008
    Location
    WV
    Posts
    3,888
    Give these couple episodes a listen
    https://gimletmedia.com/shows/reply-...-long-distance

    https://gimletmedia.com/shows/reply-...snapchat-thief

    Second one is pretty scary. Speaks to two factor authentification being basically useless.
    Sometimes I just want to look at pretty pictures,... Thats when I go to the Turners Forum

  4. #4
    Join Date
    Mar 2006
    Location
    SoCal
    Posts
    20,136
    Quote Originally Posted by Kev Williams View Post
    Fortunately she's not falling for that nonsense, but I have to wonder how many do?
    Many, many more than one would believe. This seemingly mindless behavior echos back to the old Helpdesk Conversation joke ending in:

    Helpdesk: "Do you still have the box your computer came in?"
    User: "Yes."
    Helpdesk: "Good. Box up your computer and return it because you are way too stupid to own a computer."

    We have many folks who are now adults who have been raised that online access is some sort of right free of any personal responsibility. Surf carefully and have fun.
    Last edited by glenn bradley; 03-21-2020 at 3:06 PM.
    "What kind of chump do you take me for?"
    "First class."

  5. #5
    Join Date
    Jan 2009
    Location
    N.E, Ohio
    Posts
    2,831
    Quote Originally Posted by Jim Becker View Post
    So what are you using for two-factor authentication which a number of entities now pretty much require if you won't use your mobile phone? (that's actually secure as long as you have a pin code on your wireless phone number as it's rare ... although certainly possible ... for a carrier to screw up and allow a number transfer to someone wanting to steal the number to get into other accounts) I'm just curious about your thoughts about this and have no issue with your personal preference.
    Jim are you referring to having a pin to access your phone even to answer a call?
    George

    Making sawdust regularly, occasionally a project is completed.

  6. #6
    Join Date
    Mar 2003
    Location
    SE PA - Central Bucks County
    Posts
    52,407
    Quote Originally Posted by George Bokros View Post
    Jim are you referring to having a pin to access your phone even to answer a call?
    No. It's a PIN you put on your wireless account so that the phone numbers cannot be transferred out without the correct PIN being provided. Most of the folks who have their wireless numbers taken for two-factor hacks on financial accounts have it happen because their wireless account isn't secured from number porting.

    For example, let's say you have your account with Carrier A. You decide to move your business to Carrier B because the price is better for the level of service you want and you're out of contractual obligation to stay with Carrier A. If there is a PIN on porting for your account, you will be asked to provide that PIN before any action will be taken to allow your number to be ported. If you can't provide the pin, the number cannot be transferred. Without that PIN...it's gone. That's what thieves take advantage of. Bank account numbers are easy to come by and many folks don't have great passwords or use passwords too long. But most financial accounts are also secured with two-factor authentication these days and that generally involves sending a text to your wireless number if you want to do something like completely withdraw your funds and transfer them elsewhere. The text is automatic. So if the thief has your wireless number and your wireless number isn't secured at your carrier with a PIN, they first transfer the number to a burner SIM. Your phone stops working. By the time you've noticed it, your money is gone from your financial institution because the thief was able to get the two factor code while logging into your account with a compromised password and then transfer the money out. ALWAYS have your wireless account secured by a PIN for number portability!
    Last edited by Jim Becker; 03-21-2020 at 3:51 PM.
    --

    The most expensive tool is the one you buy "cheaply" and often...

  7. #7
    Lucky me, I still use a flip phone. It does everything I need, hello and good bye. Don't even have texting on it.

  8. #8
    Join Date
    Sep 2009
    Location
    Medina Ohio
    Posts
    3,943
    Quote Originally Posted by glenn bradley View Post
    Many, many more than one would believe. This seemingly mindless behavior echos back to the old Helpdesk Conversation joke ending in:

    Helpdesk: "Do you still have the box your computer came in?"
    User: "Yes."
    Helpdesk: "Good. Box up your computer and return it because you are way too stupid to own a computer."

    We have many folks who are now adults who have been raised that online access is some sort of right free of any personal responsibility. Surf carefully and have fun.
    When I got my first PC computer that is exactly what the tech told me to do. I ended up doing that as the computer was defective. I ended up with a different brand that worked.

  9. #9
    Quote Originally Posted by Jim Becker View Post
    So what are you using for two-factor authentication which a number of entities now pretty much require if you won't use your mobile phone?
    The only 2-factor authorizations I've run into is with my bank and credit union. Neither requires a mobile phone, their robot will just call me on my land line.

    Here's my credit union's message, the bank's is pretty much the same--

    sac.jpg
    ========================================
    ELEVEN - rotary cutter tool machines
    FOUR - CO2 lasers
    THREE - fiber lasers
    ONE - vinyl cutter
    CASmate, Corel, Gravostyle


  10. #10
    Join Date
    Mar 2003
    Location
    SE PA - Central Bucks County
    Posts
    52,407
    Ah, yes...some systems do allow a voice call to a "landline" for folks who still have them.
    --

    The most expensive tool is the one you buy "cheaply" and often...

  11. #11
    Join Date
    Jan 2009
    Location
    N.E, Ohio
    Posts
    2,831
    Some will send you an email also.
    George

    Making sawdust regularly, occasionally a project is completed.

  12. #12
    Join Date
    Mar 2003
    Location
    SE PA - Central Bucks County
    Posts
    52,407
    Quote Originally Posted by George Bokros View Post
    Some will send you an email also.
    True, but email is potentially less secure than a phone call because it's easier to have a "monkey in the middle" compromise on security, not to mention so many folks have very poor password habits. I'm much more comfortable with two-factor that involves my wireless number.
    --

    The most expensive tool is the one you buy "cheaply" and often...

  13. #13
    Join Date
    May 2007
    Location
    Fort Smith, Arkansas
    Posts
    1,644
    Jim, is what you discribed a SIM attack. I read a story the other day about someone who noticed his phone wasn't working one day and ended up losing a million dollars. His life savings from an IRA. The story literally scared me to the point I'm tempted to remove all financial account information from my and my wife's phone. Would that solve the problem? I don't believe my carrier has any PIN code protection you mention.
    My three favorite things are the Oxford comma, irony, and missed opportunities

    The problem with humanity is: we have paleolithic emotions; medieval institutions; and God-like technology

  14. #14
    Join Date
    Mar 2003
    Location
    SE PA - Central Bucks County
    Posts
    52,407
    Mike, the article was in fact about a mobile number take-over, although in that specific case, the carrier screwed up, too, according to the article. The person who got wacked likely wasn't without fault, too, because the bad person still needed to be able to log into the financial account which means the account name/password must have been compromised, too. If you are on a major carrier, should be able to have a PIN placed to protect you from unauthorized porting of your number. I had that with ATT and have it now with T-Mobile. And to your specific question...without the two-factor authentication, if your login information for the financial account is compromised, then the nefarious person doesn't even need to do the mobile number takeover...they just take the money and run. The whole purpose for two-factor authentication (something you know ...UN/PW and something you have ... mobile phone in your possession) is to insure that compromise of the former is backed up by something a person has to physically have present. Protect your wireless number/account and the latter works as intended. The one thing that would be more secure is a one-time password generator (many corporations use this) that is time synced where when you go to log in, you have to have a registered device in-hand to generate the code.
    --

    The most expensive tool is the one you buy "cheaply" and often...

  15. #15
    Join Date
    May 2007
    Location
    Fort Smith, Arkansas
    Posts
    1,644
    Thank you for the explanation Jim.
    My three favorite things are the Oxford comma, irony, and missed opportunities

    The problem with humanity is: we have paleolithic emotions; medieval institutions; and God-like technology

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •