Article <vq4ue1$1ejeg$1@dont-email.me>

Deutsch English Français Italiano
<vq4ue1$1ejeg$1@dont-email.me>

View for Bookmarking (what is this?)
Look up another Usenet article
Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail
From: Newyana2 <newyana@invalid.nospam>
Newsgroups: comp.mobile.android,uk.telecom.mobile
Subject: =?UTF-8?Q?Re=3a_=22=27Scammers_stole_=c2=a340k_after_EDF_gave_out_m?=
 =?UTF-8?Q?y_number=22?=
Date: Mon, 3 Mar 2025 14:04:25 -0500
Organization: A noiseless patient Spider
Lines: 41
Message-ID: <vq4ue1$1ejeg$1@dont-email.me>
References: <vq478a$1a6p9$1@dont-email.me> <m2m70fF4cnfU1@mid.individual.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Mon, 03 Mar 2025 20:03:30 +0100 (CET)
Injection-Info: dont-email.me; posting-host="57d0c5245e8363e67092187360678c7a";
	logging-data="1527248"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX1+OgV0tIMd4g4Z2LvvMWJi1U1RI+0lA100="
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.3.1
Cancel-Lock: sha1:iz54nT5HSyeUMrHAkuUYhuaNgoA=
In-Reply-To: <m2m70fF4cnfU1@mid.individual.net>
Content-Language: en-US
Bytes: 3317

On 3/3/2025 12:25 PM, Andy Burns wrote:
> Java Jive wrote:
> 
>> "Scammers stole �40k after EDF gave out my number"
> 
> Clearly EDF shouldn't go about giving out customer information, but I 
> ought to be able to paint my mobile number in 1ft high letters on the 
> side of my house and not have my SIM "swapped"
> 
> All UK networks should take extra security measures, such as writing to 
> customers at known address to confirm such a drastic action.
> 

    I think the problem is a balance between security and convenience.
If you lose your cellphone, you don't want to have to go somewhere
with a certified letter and drivers license to confirm you are who
you say you are. If scammers can get hold of enough personal info,
or trick phone operators, or find a dishonest phone company employee
to pay off, then they're all set. It's easy for them precisely because it's
convenient for you. From there they can just log into the
victim's email and other accounts, click "I forgot my password", receive
a reset code on their cellphone, and set a new password. Poof! They've
taken over your life.

   To pull it off, probably the biggest obstacle is getting enough personal
info, like email address, home address, birthdate, etc. That's exactly the
kind of info that gets regularly exposed in data hacks online, and it's
the kind of info they'll need to pull off a SIM swap.

   So the weak point here, which was supposed to be the strong point,
is 2FA. The secondary weak point is people having online accounts in
the first place. If you're banking online then you're vulnerable. But it's
not easy to avoid. I had to call my bank's corporate offices in order
to block the possibility of creating an online account. For most people
that's out of the question. People want convenience. Walk to the bank?
Fuggetaboutit!

   Ironically, unless someone can hack into my computer they have
virtually zero chance of taking over my accounts. First, I don't have
online accounts, generally. Second, since I don't use 2FA an attacker
would have to somehow get my email passwords.