Tech security expert warns about sim card scam on T-Mobile customers – FOX 2 Detroit

The bad guys take control. Then they call your phone company and tell them they want to switch your information to a new phone.
It’s Deja Vu for some T-Mobile customers. In August, hackers exposed 50 million customers' data.
Now there is another issue.  The bad guys finding a way to swap your SIM cards.
Cyber risk expert David Derigiotis with Burns & Wilcox explained how it works.
"Your phone essentially goes dead and the attacker ports out your number to their device and now they start receiving all of your calls, all of your text messages," Derigiotis said.
The bad guys take control.  Then they call your phone company and tell them they want to switch your information to a new phone.
"The other is, good old-fashioned social engineering," he said. "They called, they trick the individual pretend that they are you. And they’re asking to port out that number and they’re able to simply do that by deceiving and tricking which is social engineering, taking advantage of that human element."
There are some things you can do to protect your account
Here’s the real danger. Many of us have authentication for other programs on our computers tied to our phones.  So, think about it.  You try to get into a program on your laptop, it pushes an authentication message to the cellphone the crooks now have in their control.
"If you’re using the text message as a second form of authentication for logging into an account whether it be a banking, email, whatever it may be," Derigiotis said. "They got access to that second authentication mechanism. That’s what happened to a number of individuals."

So the best advice, double down on safety around your cell.
"What everyone should do is stop using their cell phone number, stop using that text as a second form of authentication," he said. "Because we see right here, this is the real weak spot, and breaking through that, and being able to get into an online account.
"I think it’s more important to use some type of app-based authentication, they have different forms out there, Google authenticator, Authy, there are also hardware out there where you can plug into the computer and by the computer, and it will present that additional code.
T-Mobile responding to people who were hit by this latest attack saying they’re taking immediate steps to help protect all individuals who may be at risk from this cyberattack.
Advertisement

 
This material may not be published, broadcast, rewritten, or redistributed. ©2021 FOX Television Stations

source

Share:

More Posts

Market Research

Pulse Surveys

Turn feedback into action

Our survey platform makes it easy to measure and understand feedback so you can drive growth and innovation

Pulse Handshak

Pulse Handshak

Collaborative online survey tool for the market research industry. Remote assisted surveying just like face-to-face interviews. Here interviewers can talk to the respondent over the web-console without the need for any other communication channel and share the same Q're with responses and click actions.

Pulse FE

Pulse FE

Pulse Field Expert or Pulse FE is the main platform for both offline and online survey at softofficepro.com. It is robust and used by hundreds of clients over tens of years with millions of responses. Do it once Q're and deploy on both offline devices (android) and online forms makes it a great cost effective platform for any kind of responses

Pulse Ultimate

Pulse Ultimate

Pulse Ultimate is targeted for tracking studies and retail audits. An offline survey system offering extreme field control including processes like data quality check, back-check, rework, comparison with previous wave data etc. helps to get the best results on a day-to-day basis

Pulse LS

Pulse LS

Use a managed Limesurvey and our expertise for creating complex forms and token based user management. Use optional mailing system to send survey invitation to each participant and track progress of the response status. Industry standard SPSS / R output supported