Article <vq6u0r$1skm6$1@dont-email.me>

Deutsch English Français Italiano
<vq6u0r$1skm6$1@dont-email.me>

View for Bookmarking (what is this?)
Look up another Usenet article
Path: ...!weretis.net!feeder9.news.weretis.net!news.quux.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail
From: Newyana2 <newyana@invalid.nospam>
Newsgroups: uk.telecom.mobile,comp.mobile.android
Subject: =?UTF-8?Q?Re=3a_=22=27Scammers_stole_=c2=a340k_after_EDF_gave_out_m?=
 =?UTF-8?Q?y_number=22?=
Date: Tue, 4 Mar 2025 08:09:40 -0500
Organization: A noiseless patient Spider
Lines: 69
Message-ID: <vq6u0r$1skm6$1@dont-email.me>
References: <vq478a$1a6p9$1@dont-email.me> <m2m70fF4cnfU1@mid.individual.net>
 <vq4ue1$1ejeg$1@dont-email.me> <vq57fp$1g6j2$1@dont-email.me>
 <vq5aic$1gnna$1@dont-email.me> <vq6cnr$1pn8s$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Tue, 04 Mar 2025 14:08:46 +0100 (CET)
Injection-Info: dont-email.me; posting-host="e243a9e79f9694263c622f7c7ce2d48b";
	logging-data="1987270"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX18PSVBRZoPtanai3wcJ5he16sk+KCyNx+A="
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.3.1
Cancel-Lock: sha1:tv1khGgduRdet9PWdvy6c84ccHM=
Content-Language: en-US
In-Reply-To: <vq6cnr$1pn8s$1@dont-email.me>
Bytes: 4535

On 3/4/2025 3:13 AM, Chris wrote:
> Newyana2 <newyana@invalid.nospam> wrote:
>> On 3/3/2025 4:38 PM, Chris wrote:
>>
>>>> Ironically, unless someone can hack into my computer they have
>>>> virtually zero chance of taking over my accounts. First, I don't have
>>>> online accounts, generally. Second, since I don't use 2FA an attacker
>>>> would have to somehow get my email passwords.
>>>
>>> How does that work? 2FA requires a code *and* the password. You're removing
>>> a layer of security.
>>>
>>
>>   If they're able to take over your phone # they can just go
>> around to accounts and click "I lost my password". A reset
>> code wll then be sent to the cellphone.
> 
> That's not how it works. At best you get sent a reset link to your email.
> This means the attacker needs to know your email account details as well as
> the username/login for the service.
> 
   That's not typically necessary with 2FA. Remember, you've
clicked the link that says you forgot your password. Typically
that would trigger security questions. With 2FA it could involve
a code sent to a cellphone... which the scammer now controls.
That's the whole point. That's how people are being compromised
by only doing a SIM swap. In many cases the scammer need only
know a few personal details, which they might have found in a
data dump online.

> You're dependent on a single factor. If your password is exposed or, more
> likely, the company's security has been compromised via other means then an
> attacker has free reign.
> 
> Yes, the chances are low, but the potential damage is much higher then if
> had 2FA.
> 
    So you say. Yet this man was compromised. Someone was
able to do a SIM swap and get the rest from that. They may
have even got some of that information by simply waiting for
texts and emails after the swap. The problem is that the
cellphone has become the centerpiece of personal security,
and that trust is not justified.

    In my case all they need is my email password, but how are
they going to get it? Pretty much the only chance would be
a total data hack of my email host. Or they'll need to know
the answers to my security questions. Again, that will almost
certainly require hacking my email host. And since I don't bank
online or write credit card numbers in email, there's not much
that the scammer could benefit. They could order books in my
name from the library. But even then they'll need my library
card or my drivers license to pick up those books. And since
I use POP3 email, auto-deleting mail on the server, the scammer
can't look through my old email. So they can't even be a wiseguy
and change my dentist appt. :)

>>
>>    2FA is not a security improvement. It's a gimmick to enable
>> far more exptensive tracking of people by linking phone ID and
>> location to other data.
> 
> Your paranoia is clouding your judgement.
> 

   Famous last words of the ostrich. The whole point of this
thread is about a man who got SIM swapped and lost 40K
pounds! Your neighbor has just been eaten by a lion. Keeping
his head in a hole didn't protect him. What a shocker!