SIM hacking-How they get call history & payment history

B

Bongleur

Full time employment: Posting here.
Joined
Dec 6, 2010
Messages
538
How can researchers (and hackers) get access to a victim's call history and payment history? By manipulating it. They can text multiple people fake offers that seem too good to refuse, until one person calls back. Now they have a recently called number. If the call happens to be from a prepaid account, the hacker has hit the jackpot because they can go to a convenience store, buy a refill card for a few dollars and then use it to refill that victim's account. Now the hacker has payment history. The next step is to call the carrier and request a SIM swap.

FULL ARTICLE:
https://www.lightreading.com/new-sim-swap-hacks-highlight-carriers-wobbly-security/d/d-id/756780?
 
Good advice here from Wired:

https://www.wired.com/story/sim-swap-attack-defend-phone/

I recently changed my major banking and important passwords to super-long generated passwords, added 2FA using an authentication app where possible, and added a PIN and separate longer PIN to my phone number on Telcel. As much of a pain as it was, that's how much this SIM swap thing bugged me. Literally all they need to have is your phone number and they can do the rest without you ever knowing...
 
Bongleur -- I saw that article and it was super scary. Particularly since I use 2FA using my phone all the time. And, it seems very difficult to combat this.
 
I take the SIM-swap threat very, very seriously.
 
I find SMS based authentication troublesome because I am sometimes without service or traveling and using a different SIM/phone number. I think device based apps like the mentioned "Google Authenticator" which appear to function much like earlier security token devices are a better solution. But there is still the problem of how to best recover if the smartphone is lost/stolen or dies; I am not sure how apps like Google Authenticator or Symantec’s Validation and ID Protection (VIP) handle that situation.
 
triangle said:
there is still the problem of how to best recover if the smartphone is lost/stolen or dies; I am not sure how apps like Google Authenticator or Symantec’s Validation and ID Protection (VIP) handle that situation.
Click to expand...

Obviously they can't handle that. But the financial institution has every reason to get you back into your account so they will work to facilitate it on a phone call. That's why you set up security questions, and as discussed in another thread the voice recognition systems used today are quite good at identifying you as long as you have that feature set up.
 
I switched to VOIP voice for 2fa. One extra step on my cell phone for peace of mind.
 
You must log in or register to reply here.

Similar threads

athena53
Anyone else get a one-time SSA Payment in November?
Replies
4
Views
714
athena53
athena53
R
  • Locked
Right to farm law-dealing with idiot city worker
2 3
Replies
67
Views
4K
braumeister
braumeister
O
Cellphone Rant.... warning it's long
2 3
Replies
73
Views
4K
HGTVFanatic
H
H
How to Get Help at Vanguard
Replies
16
Views
2K
harllee
H
E
PSA: Tips on getting a mortgage in retirement
2
Replies
32
Views
5K
ERD50
E

Latest posts

Back
Top Bottom