Scams & Phishing News Bank of America customer out $38K after falling victim to SIM swapping

H

HarborFront

Level 72
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,158
Content source
https://www.10news.com/news/team-10/bank-of-america-customer-out-38k-after-falling-victim-to-sim-swapping
Watch the video



You can still activate a SIM card lock if you have an eSIM. Even if you have a SIM card lock on a physical SIM, anyone can remove it and work on unlocking the SIM on another device. An eSIM is more secure because it can't be removed from your phone, so it's harder to unlock it without the SIM PIN. The above security works if the scammer is targeting the user phone directly.

In this case the scammer go through the provider who overrides the phone's security settings by providing the necessary info to the scammer to unlock the phone
 
  • Like
Reactions: Captain Awesome, Jonny Quest and TairikuOkami
TairikuOkami

TairikuOkami

Level 37
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,685
People fail to realize the main problem here, SMS! I have accounts in 4 banks and not a single one uses SMS for verifications or notifications.
Still, if you use online banking, you should use at least 2 devices for banking. It is no different from a backup. No backup = 100% your fault!
 
  • Like
Reactions: HarborFront
TairikuOkami

TairikuOkami

Level 37
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,685
Chigwells said:
What do you mean by 'use at least two devices?
Click to expand...
Usually you need to confirm login from a new device using an already verified device, just like 2FA on google. Some banks allow to disable SMS for verification and use the app instead. If you loose access to your phone, you can not login, you are locked out and you need to contact the bank. Thus it is required to have another verified device, like an old phone or a desktop.

People backup their pictures of cats, but not their banking credentials. In case of a scam, you can restore access to your account in a few days, after it has been zeroed. 🤷‍♂️
 
Last edited:
  • Like
Reactions: HarborFront
Chigwells

Chigwells

Level 4
Jan 16, 2012
194
TairikuOkami said:
Usually you need to confirm login from a new device using an already verified device, just like 2FA on google. Some banks allow to disable SMS for verification and use the app instead. If you loose access to your phone, you can not login, you are locked out and you need to contact the bank. Thus it is required to have another verified device, like an old phone or a desktop.

People backup their pictures of cats, but not their banking credentials. In case of a scam, you can restore access to your account in a few days, after it has been zeroed. 🤷‍♂️
Click to expand...
Great, I see now. That's like when you use a hardware authentication such as YubiKeys, you are advised to buy them in pairs, keep one somewhere safe in case you lose one. Makes sense, thanks for the pointer (y)
 
  • Like
Reactions: TairikuOkami

Similar threads

H
    • Like
Scams & Phishing News Singapore banks to allow customers to 'lock up' funds in latest move to guard against scam
Replies
0
Views
1,146
Security News
HarborFront
H
Gandalf_The_Grey
    • +Reputation
    • Like
    • Applause
FBI advises adblocker to protect against technical and customer support fraud
Replies
0
Views
1,027
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Wow
Android banking malware takes over calls to customer support
Replies
0
Views
678
News Archive
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top