Stories
Slash Boxes
Comments

SoylentNews is people

posted by on Friday January 20 2017, @07:14PM   Printer-friendly
from the never-tell-anyone-anything dept.

ABC reports about a worrying scam involving phone number porting. The attacker finds the phone number, name, and date of birth, and other easy-to-find information about a first victim and uses that information to port their number to a new service under control of the attacker. This enables them to access the victim's Facebook account, which is used in a social engineering attack against the victim's friends, who become new victims when they hand over their banking details, which are then used to transfer money and make purchases.

This attack obviously works better with the large amount of personal information people are putting on social networks. But how well would this kind of thing work against the average Soylentil?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Kymation on Friday January 20 2017, @07:27PM

    by Kymation (1047) Subscriber Badge on Friday January 20 2017, @07:27PM (#456662)

    But this wouldn't get very far. They might get my phone number, which is annoying, but it stops there: I have no Facebook account. No social media = small attack surface.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 3, Touché) by Anonymous Coward on Friday January 20 2017, @07:57PM

    by Anonymous Coward on Friday January 20 2017, @07:57PM (#456670)

    I have no Facebook account. No social media = small attack surface
    AHHH even better now they can create whatever they want and not have to bother to break in.

    • (Score: 2) by edIII on Saturday January 21 2017, @12:15AM

      by edIII (791) on Saturday January 21 2017, @12:15AM (#456788)

      An interesting point! Similar to my credit report. Why spend any effort at maintaining credit when it's trivially simple to just use somebody else's and ruin it? Use their dependence on an artificial and contrived cage that is the credit reporting agencies against them.

      I was in my mid 20's when I decided to check just for the hell of it. At least a dozen other people were already using it. Tried to send in some letters, but one of the fucking assholes refused to believe I wasn't 30 years older and didn't live at such and such address. Spent a little time with it and then figured out it was one big game, an artificial market, for cleaning up credit. That and the credit agencies have extremely little to keep them honest and consumer oriented. I remember looking into submitting entries for a business once and I found that adding ONE black mark was easy, but adding a good mark? That had to batched, at least 1,000 transactions minimum, etc. Adding good marks to credit meets a much higher barrier to entry than adding bad marks. Gee, I wonder why? Credit isn't about representing who is good and who is bad, but to provide real and pragmatic duress upon people outside of due process and the court systems. Unlike the court systems, the credit agencies have a guilty before innocence approach.

      In other words, there is nothing to be gained from social networking or credit reporting agencies and everything to lose.

      All of that information in just a few places so that one can be abused easier and easier. Small attack footprint indeed when you refuse to participate. At least I embraced the corruption of my credit report! All that Bayesian poisoning and I don't even KNOW the people helping me :)

      --
      Technically, lunchtime is at any moment. It's just a wave function.
  • (Score: 4, Interesting) by bzipitidoo on Friday January 20 2017, @08:53PM

    by bzipitidoo (4388) on Friday January 20 2017, @08:53PM (#456697) Journal

    My father is not computer savvy and is always asking me for help with trivial stuff like sending an email. He has a shaky grasp of the difference between composing a letter in a web browser that's visiting a web based email site, and composing a letter in a word processor.

    So one of the many times he asked for my help was for Google mail asking him to login again. Complained about Google always logging him out, etc, but more than half the times he logged himself out without realizing it, or thought he was logged out but actually only "lost" the window. I told him to just log in. Should've checked first, because that one time he'd actually been spoofed and of course didn't realize. I would have spotted the phishing attempt before ever opening the email, but I took him at his word about what had happened, and when I got in front of the computer I saw the familiar looking Google login screen. When the login didn't go quite as expected, I saw, too late, that the address in the URL was not Google mail. I hastily logged him in to the real Google mail site and changed his password, in less than 1 minute. But the crooks had already managed to send out some spam from his email account, and harvested his contact list. They didn't for whatever reason lock us out by changing his password too, and I'm not sure why, perhaps Google has some protection in place to prevent password changes from strange locations, or more like they want their victims to continue using their accounts to give them more cover. His simple password change of changing one character at the end wasn't good enough to keep them out for long either, they broke back in in under 10 minutes. I made a real password change to something totally different, then checked for such things as changes to the alternate email address and/or phone numbers for password reset.

  • (Score: 2) by DannyB on Friday January 20 2017, @09:31PM

    by DannyB (5839) Subscriber Badge on Friday January 20 2017, @09:31PM (#456716) Journal

    I also do not have FaceTwit and seem ineligible for this attack.

    --
    People today are educated enough to repeat what they are taught but not to question what they are taught.
    • (Score: 3, Funny) by deimtee on Saturday January 21 2017, @01:43AM

      by deimtee (3272) on Saturday January 21 2017, @01:43AM (#456808) Journal

      Hah, I can do better. I don't have any of Facebook, Twitter, a credit rating, or friends.

      --
      If you cough while drinking cheap red wine it really cleans out your sinuses.
      • (Score: 1) by baldrick on Saturday January 21 2017, @03:45AM

        by baldrick (352) on Saturday January 21 2017, @03:45AM (#456845)

        I don't even have a basement

        I make do with a damp cave

        --
        ... I obey the Laws of Physics ...
        • (Score: 0) by Anonymous Coward on Saturday January 21 2017, @04:28AM

          by Anonymous Coward on Saturday January 21 2017, @04:28AM (#456853)

          I envy you, with your cave. I don't even have that, just my hoodie and my aviator sunglasses.

          • (Score: 0) by Anonymous Coward on Saturday January 21 2017, @01:13PM

            by Anonymous Coward on Saturday January 21 2017, @01:13PM (#456949)

            none of the above...and also no cell phone.

            • (Score: 2) by art guerrilla on Saturday January 21 2017, @01:59PM

              by art guerrilla (3082) on Saturday January 21 2017, @01:59PM (#456966)

              i can only communicate by letting my tears drip in a pattern of morse code on the bare dirt beneath my gimp box, the pattern being quickly erased by the rats scurrying to catch my feces...
              *sigh*
              its a hard life being a gimp with no wireless access...