Thanks for the heads-up, BBI. Sorry for the brain damage you're going through because of this mess.
Thanks for the heads-up, BBI. Sorry for the brain damage you're going through because of this mess.
Thanks for the heads up. Not a Verizon customer, but I appreciate the warning as I am always concerned about unauthorized account access.
One thing I do not understand is the linkage between the phone number and the bank providing access to your accounts and money. If I get this right, the crook called the bank, said they were you with a new phone number, and the bank provided them mobile or online access to your account. The bank providing access is the part I do not understand. Does the bank offer two-factor authentication? For me to change my mobile number, I have to log into the web application with a unique username and password and then change a phone number. If I am logging into the web application from a new device, I have to complete the two-factor authentication process (security questions or PIN sent to phone/email) before I can access any account or settings information. And the two factor authentication messages go to my phone or my wife's phone listed on the account. So Verizon had given your phone number to the crooks which allowed them to get the two-factor authentication message, which provided them account access. But how did they get your bank username and password to get the message sent to your phone number?
Looking to learn from this, so I can see if I have a security hole than needs patching.
Changed.
From going through the process it would seem to me to be a really difficult endeavor to make a hack like this.
No, they stole my phone number and ported it to a new phone, so they were able to call from a phone number on my profile. As far as how they got access to reset my PIN, password, etc. I don't know since USAA doesn't have 24 hour fraud protection people. The customer service rep can only see my account is locked, nothing else, not even transactions. I won't have any info on that until later this morning.Originally Posted by farscott
They either couldn't, or didn't, change the associated email address as that's how I realized something was wrong.
Sorta around sometimes for some of your shitty mod needs.
Done. Thanks for the heads up!
Sent from my iPad using Tapatalk
PIN changed. Thanks for the heads up.
Sent from mah smertfone using tapathingy
Very Interesting. Please Update, I understand the stolen number, but I don't see how access to other accounts can happen.
Go to bank web site
Click "forgot user name"
Ask bank to send user name to a device linked to the account (phone)
Go to bank web site
Click "forgot password"
Ask Bank to send reset link to a device linked to your account.
"No free man shall ever be debarred the use of arms." - Thomas Jefferson, Virginia Constitution, Draft 1, 1776
. Wonder if a cheap phone&plan for a different method of 2 factor authentication or a physical security key is the way to go to secure your email as a better defense against these types of attacks.y
Last edited by scw2; 09-20-2018 at 08:00 AM.
Just to clarify this in my mind, is this a PIN you use on a daily basis or is this a PIN you set up to prevent cell phone port fraud? I have set up the "prevent port fraud" PIN on both our cell phones and our land line. For the landline AT&T allows me to pick a four-digit PIN as well as set a "flag" on the account, while Consumer Cellular allows up to 20 (!) digits for our cells.
Port fraud is most easily accomplished at local phone kiosks; I understand $80 is usually an adequate bribe amount to the local employees there for them to verify the scammer's identity as you and port your number to a new SIM card.
We switched to Consumer Cellular because I don't think they have any local kiosks. They're still vulnerable through social engineering, though.
Reply With Quote