This is too easy because most people don't have two-factor authentication on their mobile account.
Like stick you with a phone handset upgrade financing that you didn't order.
Google "AT&T and SIM Swap fraud".
Two men from Massachusetts have been arrested and charged with 11 criminal counts stemming from a string of account takeovers and cryptocurrency thefts. 21 year-old Eric Meiggs and 20 year-old Declan Harrington each face charges of wire fraud, conspiracy, computer fraud and abuse, and aggravated identity theft for their …
How did the scrotes get hold of which numbers to ask for in the first place? It would sort of imply that either the mobile providers where... Duped on a level that my primary school children could and would question you on now.
Or that the marks used phones with public numbers for their 2FA?
Not that I'm trying to victim shame but the first is gross negligence of the network, the second implies an ignorance of the risks of letting others know in public the number you use for 2FA.
On the flipside, they start em' social engineering at a young age these days don't they?
Most people only have one personal device, used for 2FA and every other type of communication. Only a relatively large business or one quite paranoid about external security threats would have a separate device for 2FA purposes instead of using a corporate phone issued to whoever needs access or kept in the office of the relevant team. For nearly everything else, the cost of a separate mobile connection and possibly a separate device for a few SMS messages is considered of little value.
Biting the hand that feeds IT © 1998–2019