Deutsch   English   Français   Italiano  
<vr5git$t0ll$1@dont-email.me>

View for Bookmarking (what is this?)
Look up another Usenet article

Path: ...!weretis.net!feeder9.news.weretis.net!news.quux.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail
From: Newyana2 <newyana@invalid.nospam>
Newsgroups: comp.mobile.android,uk.telecom.mobile
Subject: =?UTF-8?Q?Re=3a_=22=27Scammers_stole_=c2=a340k_after_EDF_gave_out_m?=
 =?UTF-8?Q?y_number=22?=
Date: Sat, 15 Mar 2025 23:30:31 -0400
Organization: A noiseless patient Spider
Lines: 46
Message-ID: <vr5git$t0ll$1@dont-email.me>
References: <vq478a$1a6p9$1@dont-email.me> <m2sdlgF2fjiU1@mid.individual.net>
 <vqc9e4$30gdm$1@dont-email.me> <m2u1avF9uqaU1@mid.individual.net>
 <vqcug0$345ts$1@dont-email.me> <vqes1l$3i7oj$1@dont-email.me>
 <vqf0ca$3j5oo$1@dont-email.me> <buh*n6r9z@news.chiark.greenend.org.uk>
 <vr3pav$3eto7$1@dont-email.me> <vr3s4m$3hdbg$1@dont-email.me>
 <vr4ere$eqk$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 16 Mar 2025 04:29:41 +0100 (CET)
Injection-Info: dont-email.me; posting-host="12ae363a6f2aa69a2802dc60c2e42838";
	logging-data="950965"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX18CAo76B1XnlGimgejF/ZqBS5T4Asr75+Y="
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.3.1
Cancel-Lock: sha1:9vUddpTGP53MaX/sZ6HNay7qcHM=
Content-Language: en-US
In-Reply-To: <vr4ere$eqk$1@dont-email.me>
Bytes: 3388

On 3/15/2025 1:53 PM, Java Jive wrote:
> On 2025-03-15 12:35, Newyana2 wrote:
>> On 3/15/2025 7:46 AM, Java Jive wrote:
>>> On 2025-03-14 18:49, Theo wrote:
>>>>
>>>> Speculating, I would guess they started with the SIM swap.
>>>
>>> The original report suggests that they started with an email hack, 
>>> and used that to facilitate the SIM swap.
>>
>>    That's not what it said.
> 
> Look back directly up thread to my post of 2025-03-06 19:53, where I 
> quote the single sentence in the original report that stated that an 
> email hack had occurred before the SIM-swap scam was done.
> 
  You read it wrong.

"O2 Virgin Media confirmed the scammer telephoned its call centre 
requesting a new Sim and had hacked Stephen's emails."

   Both things happened. Nowhere does it say or imply that
hacking the email preceded the SIM swap. That wouldn't
make sense.

"
EDF explained the fraudster had his name and email address and had asked 
EDF to give them his mobile number, which the company did. ... The call 
from the fraudster to EDF happened three hours before O2 received a 
request to move his number in the Sim-swap scam. ...
"

So they called EDF with name and email, asking for their phone
number. With that they called O2 and asked to swap SIMs.
Once the SIM was swapped they could log in to email and say
the lost their password. They then have a password change
link sent via email or text... which they now control.

As the article then states: "Criminals do it to bypass two-factor
authentication to change passwords and access anything else
you need a code from a text message for."

    Hacking his email wouldn't have got the scammers a way to
bypass 2FA via cellphone, but a SIM swap would. So if the man
had not been using 2FA it's unlikely that he could have been
scammed.