Posted on 01/24/2024 8:02:10 PM PST by 11th_VA
WASHINGTON (7News) — 7News is asking a security question that deals with your cell phone. How did a Maryland woman lose $17,000 even though she had two-factor authentication on all her accounts?
It all started when Hussey got an email thanking her for the purchase of a new phone at Verizon. Minutes later her contact information at Bank of America had changed.
The problem? She didn't do either transaction and had two-factor authentication on her accounts.
"And the bottom just kind of dropped out,” added Hussey.
She called Bank of America, but her cell phone was no longer active. An online attempt required a verification code her phone couldn't receive.
Within minutes, her $17,000 was gone.
"Initially, I didn't realize how big of a deal it was. I thought I had handled it on the first day by calling the bank, calling Verizon. Figuring things out,” said Hussey.
Hussey told 7News that Verizon said someone in California walked into one of its stores and purchased a new phone along with a new SIM card and used Hussey's current phone number to activate the new phone.
When the new phone was turned on Hussey's phone went dead.
Hussey used a landline to contact Bank of America, but it was too late. Her $17,000 was gone.
"And I have two-factor identification which ended up biting me in the face when it all came down to it. That was the thing that completely hijacked everything. They had complete control of my phone and there was nothing I could do about it,” said Hussey.
SIM card swapping has been around for the past four years, but security experts told 7News that the scale of this type of scam has recently skyrocketed...
(Excerpt) Read more at wjla.com ...
So you can just take someone’s phone number? Just like that?
..."The bad guys convince the telephone company that they have the SIM for your phone number and the minute the phone company does the swap they are in control of your number,...”
Appears to me that Verizon is an accessory.
“Hussey told 7News that Verizon said someone in California walked into one of its stores and purchased a new phone along with a new SIM card and used Hussey’s current phone number to activate the new phone.”
Seems like Verizon is on the hook for this.
Verizon should be on the hook for the $17,000.
Scammers are going to get really good, with AI getting involved and people who always thought themselves smarter than scammers are going to find themselves getting scammed.
I paid my Medicare Part B premiums for three months today.
They said it will take 3 to 5 days for the payment to go through.
...someone in California walked into one of its stores and purchased a new phone along with a new SIM card and used Hussey's current phone number to activate the new phone.Don't you have to 1) prove who you are and 2) prove you own that phone number before you can activate the new phone? How the hell could a complete stranger just stroll into a store, but a new phone, and provide any old random phone number to activate it?
Isn't that deducted from SS automatically ?
And how did they know where she banks ?
The banking system is a security mess.
For instance, bank cards should have two numbers. The chip card number should go through right away if the amounts are reasonable.
The face number payments should be held unless the recipient is reliable(i.e. Amazon or a big business or domestic government) and the recipient says there is no reason to suspect delay is indicated.
I have not been doing two party authentication so far, because it’s too tedious. Now, I seem to have another reason.
I’m so glad this lady got her money back.
All it takes for some people is for one financial domino to fall, then everything else begins to fall as well, with that person ending up homeless or virtually without a home of their own.
“Isn’t that deducted from SS automatically ?”
I’m waiting until about 70 to take Social Security, but would be penalized with higher Part B premiums if I don’t take and pay for my share(25%) of Part B within the age 65+- window.
It was easy to pay the premium, but signing up for Medicare was not easy.
It sounds to me like Verizon is going to lose a telephone number of dollars in her lawsuit.
How to Protect Yourself Against a SIM Swap Attack
Aug 19, 2018--> Flashpoint has found some indications that SIM hijackers recruit retail workers at mobile shops to gain access to protected accounts.
Enhanced Protection
1. Get a PIN from your carrier.
2. Use an Authenticator App instead of a text message to your phone.
3. Use a physical token like a YubiKey.“The challenge we have is these app developers need a universal identifier, and they’ve just decided that the phone numbers as good as anything. We don’t want national ID cards, and we don’t have any central authentication authority,” says Wisniewski. “They’re struggling to find something they can use to identify you, and sadly they’ve decided on the phone number, which is not incredibly secure.”
“And how did they know where she banks ?”
That’s easy, with access to her email, she probably has multiple promo messages about opening a CD or car loans or whatever.
What SIM card swap?
A new SIM card isn’t a “swap”.
These people had information beyond her telephone number.
“It was easy to pay the premium, but signing up for Medicare was not easy.”
I didn’t find it difficult, but please make sure you are not late signing up...the penalty applied goes on FOREVER.
I have a checking account and a savings account.
I keep almost all my liquid funds in the savings account.
I only buy or pay online when the checking account is just marginally sufficient.
I now have checks again. I’ll do a transfer on Friday to put the checking account over $1000.
I sent messages to my Congressman and Senator Rick Scott tonight.
My Windows PC snagged my new phone number.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.