Exactly why I switched to Aegis several months ago.Is it possible to defeat 2FA by "simm-jacking"?
The mobile phone fraud scam has jumped up in popularity over the past couple of years, and there's very little to stop you from becoming a victim.
https://www.vice.com/en/article/3kx4ej/sim-jacking-mobile-phone-fraud
This relatively new crime is known as "SIM-jacking", and works like this: perpetrators obtain important details about their victims either by scouring social media or conning them into divulging personal information. Using these details, they pose as their victims, convince network providers to transfer their numbers to new SIM cards and post out those SIMs. Once the swap is complete, messages containing codes for those two-factor authentication systems we now all have can be intercepted, and fraudsters can hop into your email, social media or mobile banking accounts.
SIM-jacking differs from other forms of hacking in that it doesn't require any technical know-how; all you need is a conman's skills of persuasion and a basic grasp of identity-theft. This is perhaps why it's growing at such a rapid rate, with incidents jumping 60 percent between 2016 and 2018.
"One of the reasons SIM-swap attacks are so effective is that many mobile phone carrier representatives are easy to socially engineer," explained a former black hat hacker, who dabbled in SIM swaps before going straight and becoming a white hat hacker. "An attacker can call your phone provider, pretend to be you and spin some story to get the support agent to transfer your number to a SIM. If he runs into any friction, he can hang up and try again with another agent."
... if you receive 2FA passwords as a text message on your cell phone and someone successfully SIMM jacks your phone, 2FA is defeated.
Bookmarks