SoylentNews is people
SoylentNews
ABC reports about a worrying scam involving phone number porting. The attacker finds the phone number, name, and date of birth, and other easy-to-find information about a first victim and uses that information to port their number to a new service under control of the attacker. This enables them to access the victim's Facebook account, which is used in a social engineering attack against the victim's friends, who become new victims when they hand over their banking details, which are then used to transfer money and make purchases.
This attack obviously works better with the large amount of personal information people are putting on social networks. But how well would this kind of thing work against the average Soylentil?
This discussion has been archived.
No new comments can be posted.
Telco Union Officials Lured Into Identity Fraud Scam
|
Log In/Create an Account
| Top
| 30 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
The clothes have no emperor.
-- C. A. R. Hoare, commenting on ADA.
(Score: 4, Interesting) by bzipitidoo on Friday January 20 2017, @08:53PM
My father is not computer savvy and is always asking me for help with trivial stuff like sending an email. He has a shaky grasp of the difference between composing a letter in a web browser that's visiting a web based email site, and composing a letter in a word processor.
So one of the many times he asked for my help was for Google mail asking him to login again. Complained about Google always logging him out, etc, but more than half the times he logged himself out without realizing it, or thought he was logged out but actually only "lost" the window. I told him to just log in. Should've checked first, because that one time he'd actually been spoofed and of course didn't realize. I would have spotted the phishing attempt before ever opening the email, but I took him at his word about what had happened, and when I got in front of the computer I saw the familiar looking Google login screen. When the login didn't go quite as expected, I saw, too late, that the address in the URL was not Google mail. I hastily logged him in to the real Google mail site and changed his password, in less than 1 minute. But the crooks had already managed to send out some spam from his email account, and harvested his contact list. They didn't for whatever reason lock us out by changing his password too, and I'm not sure why, perhaps Google has some protection in place to prevent password changes from strange locations, or more like they want their victims to continue using their accounts to give them more cover. His simple password change of changing one character at the end wasn't good enough to keep them out for long either, they broke back in in under 10 minutes. I made a real password change to something totally different, then checked for such things as changes to the alternate email address and/or phone numbers for password reset.