Security: The Police warn about a dangerous scam to rob you through the computer
Security Alert about a scam in Bizum posing as Social Security
When talking about robbery, the normal thing is to imagine a person taking something that does not belong to them by force.
But what if we told you that they
could steal the money you have in the bank without you knowing about it
and without using an iota of force, would that seem possible?
The wrongdoing is as simple to perpetrate as it is real.
This is the telephone fraud called
SIM swapping
, a technique that consists of duplicating the SIM card of the victim's mobile phone.
The purpose is to have access to the telephone number to usurp the identity of the injured party to access their bank account and steal their money.
By having a clone of the SIM card, criminals will
be
able to
receive SMS with the confirmation code
necessary to access the victim's bank account.
These SMS are a common security method when performing various banking operations such as transfers, loan applications, or simple balance inquiries.
Signs
If you are on a call and it is cut off suddenly,
if you notice that the coverage disappears intermittently
until it is completely gone, like the Internet access from the terminal, it may be a technical problem, but you may also be a victim of SIM swapping .
For example, from BBVA's own website they recommend that if
you observe these signs
or after suffering a direct theft of the terminal, "it is important to make the corresponding report immediately."
On social networks, many users tell their personal experience after having suffered this telephone fraud.
The writer of these lines herself was the
victim of a SIM card duplication
that could be canceled through the telephone company before any fraudulent bank management was carried out, although not all cases have a happy ending.
As we mentioned earlier, one of the clearest signs is the sudden loss of coverage.
Sometimes criminals,
aware of the importance of working against the clock
, take a very short time to access the bank account and empty what they can and even ask for a loan to take that extra money.
Previous cyberattacks
On many occasions, criminals know various personal data of the victims before
SIM swapping,
which would be the final step to take the money.
For example, they may know the passwords by phishing, a computer fraud with which all kinds of information are obtained.
To obtain this data there are mainly two techniques, through spam, sending emails, WhatsApp or SMS in bulk, posing as different services or entities to
directly request the data
.
Sometimes these messages can contain a link that if clicked, the terminal can be compromised by a hidden program that tracks all the information and sends it to criminals.
Another technique consists of a fairly exact recreation of the real bank websites.
Only in
these replicas
, after entering personal data, instead of showing the balance they steal it.
Power before money
This technique is not only used to steal money.
Duplicating the SIM
can recover the contacts and thus access, for example, the victim's WhatsApp.
This also applies to social networks, as was the case with Jack Dorsey, co-founder of Twitter, who paradoxically suffered a hack into his Twitter account.
Late last summer, Dorsey's account began posting a series of racist messages mentioning a server on Discord, asking people to join in and leave comments.
The key to knowing how they had managed to access
the account was in the tweets that revealed from which service they were being written.
It was Cloudhopper, a company, approved as a source with permissions to publish on the social network, which allows tweets to be published via SMS and owned by Twitter.
To achieve such a criminal feat, the perpetrators had duplicated Dorsey's SIM and if they were able to usurp the identity of the Twitter co-founder, doing it with yours would be a piece of cake.
How to avoid it
Ordering a duplicate SIM is a relatively straightforward procedure.
Additionally, two-step authentication or verification is vulnerable to attack, as is the case.
There is a percentage of responsibility that falls on the operators themselves, as they are not more demanding or scrupulous when it comes to providing duplicate SIMs.
But as users, there are also a series of recommendations to take into account to avoid being
victims of this fraud
.
First of all, if a loss of coverage is detected in the terminal, check with your operator to find out the status of the SIM and find out if a duplicate was requested.
Of course, do not provide personal data through SMS, phone calls or emails.
We must be wary of any person or entity who asks for personal data or passwords and also be careful with the information that may appear on receipts or vouchers.
It is best to
destroy them before disposing of them
.
Alternatives
Although many applications and services still use SMS as an authentication method, there are some alternatives such as Authy, Google Authenticator or Microsoft Authenticator.
These applications
can be installed on the mobile phone
and serve as an alternative to text messages.
Of course, the platform with which we want to operate must be compatible.
In an increasingly digital world, it is the less curious that one of the safest methods is a physical key.
U2F keys (Universal 2nd Factor keys) are an evolution of
conventional
double
authentication
systems
.
This system is hardware-based, so unless the key is physically stolen, they will not be able to access the services with which it is configured.
They work by connecting to the computer through a
USB port
.
The first time it is used, the system will create a random number, through which the different hashes will be generated (a special cryptographic function that is used to generate unique identifiers) that will serve to log into the platforms with which the key is linked.
Thanks to this system, every time you want to log in, just connect the key to the computer.
No SMS, no emails, no passwords,
our security safely in your pocket
.
According to the criteria of The Trust Project
Know more
Twitter
WhatsApp
Internet
TechnologyHow to know the location of your WhatsApp contacts
Interview Netflix CEO Reed Hastings: "Entertainment makes people more open without teaching them"
The trick to use WhatsApp in incognito mode without anyone knowing
See links of interest
Last News
TV programming
English translator
Work calendar
Movies TV
Topics
Stage 11: Porto Sant'Elpidio-Rimini, live
Real Madrid - Khimki Moscow