Never give out your mobile number, for anything.

Why Phone Numbers Stink As Identity Proof

(Allison) Nixon said countless companies have essentially built their customer authentication around the phone number, and that a great many sites still let users reset their passwords with nothing more than a one-time code texted to a phone number on the account. In this attack, the fraudster doesn’t need to know the victim’s password to hijack the account: He just needs to have access to the target’s mobile phone number.

And there are many ways that the crook can gain access even control over that number even if you are still using that number.  Most people have heard of SIM cards, the little thumbnail sized computer chip inside their mobile phone or tablet.  But SIM chip cloning isn’t as well known even though it has been around for decades.  By cloning (or copying the identification of your SIM chip) the crook can make and receive calls and texts that appear to be your phone.

It’s one of the major reasons I maintain a Land Line in this day and age.  It is the only number I give out or have listed for my accounts and a landline can’t receive ‘Texts’.   So if a crook steals the monthly statement out of the mailbox (email or snail mail, all the same) and attempts to hijack my account they will fail because they can’t text to the landline and they can’t steal it’s identity.

Sometimes your email accounts can be compromised by the Email Provider themselves, due to their complete lack of concern or caution over security.

A while ago I bought a new phone number. I went on Yahoo! mail and typed in the phone number in the login. It asked me if I wanted to receive an SMS to gain access. I said yes, and it sent me a verification key or access code via SMS. I typed the code I received. I was surprised that I didn’t access my own email, but the email I accessed was actually the email of the previous owner of my new number.

Yahoo! didn’t even ask me to type the email address, or the first and last name. It simply sent me the SMS, I typed the code I received, and without asking me to type an email or first and last name, it gave me access to the email of my number’s PREVIOUS OWNER. Didn’t ask for credentials or email address. This seriously needs to be revised. At minimum Yahoo! should ask me to type the email address or the first and last name before sending me an SMS which contains an access code.

I don’t want the government, especially a government with Obama appointees still sitting at a desk, to “Fix the issue”.  A joint committee or task force of business, banking, Federal and scientific members should hash out a set of new regulations for the way ecommerce and ebanking should be done.

In the meantime, don’t give anyone your cell phone or mobile number for any reason.  Practice saying, “Fuck off!”.

Advertisements

About On the North River

Forty years toiled in the Tel-com industry, married for 36 years widowed at sixty-one. New girlfriend at sixty-five. Tea Party supporter. Today a follower of the God-Emperor Donald. Do like to kayak, cook, take photos, bike, watch old movies and read.
This entry was posted in 2019, Blogbits, Crime, Economy. Bookmark the permalink.

Leave a Reply but please keep it polite.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s