SIM Swapping Hijacking Cybercrime defeats (some) Multifactor Authentication

Today, its absolutely vital that you have multi-factor authentication on every key website you access, especially banking ones.

In some cases, the multi-factor response is by way of a SMS text message sent to your phone, that you then enter into the website.

Imagine if a cyber-criminal could intercept your SMS messages, and therefore gain access to your accounts?  Turns out they might be able to. If they can call your cell provider and cook up a story, they might be able to get the provider to send your texts to them. I guess you’d notice if you stopped getting text messages yourself.

 

Social Engineering

The story they use for the cell-provider is called social engineering. They use whatever hooks they can to trick the provider into thinking that the person calling them is you, not a crook. Sometimes those strange social media polls (like who was your favourite teacher at school, or the name of your first pet, are designed simply to gather information on you so they can guess your ‘secret’ questions with people like the social providers)

That’s the first thing you can do – stop answering those strange polls. Another technique we saw was to set up the ‘secret questions’ with different answers. Rather than name your favourite teacher, name the school.

 

So what’s the answer?
Most importantly, wherever possible, use a phone app for MFA, not a text message

For more information : Check CERT NZ Q4 2019 Report or check out The New Zealand Herald