FBI warns of SIM-swapping outbreak
Holding a substantial amount of crypto-currency? You may want to take a close look at your multi-factor authentication settings on your online accounts, particularly your email, and protections on your cellphone plan.
The FBI is warning of what it says is an uptick in SIM-swapping fraudincidents. Criminals call a target’s phone carrier’s customer support, and, through blagging and social engineering, request that their mark’s mobile phone number be switched to a SIM card in a device belonging to the crooks.
Should the transfer work, the thieves then attempt to reset the password on the victim’s email account, using the two-factor authentication code sent to the mark’s phone number, which is directed to the crim’s handset. From there, the miscreants can reset the password on the victim’s cloud-based crypto-coin wallets, and drain it of digital dosh.
Either switch to physical hardware tokens to protect accounts, ideally, or authentication apps, and/or call your carrier and put SIM transfer protections on your plan.
“The FBI has seen an increase in the use of SIM swapping by criminals to steal digital currency using information found on social media,” said Special Agent John Bennett from the FBI San Francisco Division.
“This includes personally identifying information or details about the victim’s digital currency accounts.
“The FBI wants to help individuals make themselves harder targets and, if they are victimized, to quickly regain control of their accounts to mitigate any potential harm.”
In brief… If you’re wondering how some iOS jailbreakers and other infosec researchers crack certain parts of Apple’s iPhone security so fast when a new device comes out, it’s probably because they obtain prototypes of the hardware that have security measures disabled, allowing them to poke around the firmware for vulnerabilities…
Google temporarily switched off Android TV photo-sharingafter a privacy-busting bug caused hundreds of strangers’ pictures started showing up in the “linked accounts” feature in people’s accounts…
Debt collectors and stalkers have been caught pretending to be cops to extract folks’ smartphone location data from telcos in the US…
Chelsea Manning was jailed on Friday for refusing to testify before US grand jury probing WikiLeaks and its document dumps. The military whistleblower, or diplomatic cables leaker, depending on where you stand, will remain behind bars until she changes her mind, or the jury completes its investigation…
Finally, vulnerability hunter Victor Gevers detailed 18 MongoDB databases he found facing the public internet that appear to be part of China’s social-media-monitoring system that’s not terribly unlike the NSA’s PRISM program, processing 364 million online profiles and their chats and file transfers daily.