Follow

🚨 🚨
Hackers Are Breaking Directly Into Telecom Companies to Take Over Customer Phone Numbers

SIM swappers have escalated from bribing employees to using remote desktop software to get direct access to internal T-Mobile, AT&T, and Sprint tools.

vice.com/en_us/article/5dmbjx/

^ I recommend people contact their mobile provider and add a passcode to their account. I did this a few years back. Any account changes require that passcode to be provided verbally to a customer service rep, which should shut down most SIM-swap attacks.

What's being described above though, that might still go through.

@voltronic 😬

This is a good reminder to not use text messing to your cellphone for two factor authentication on your accounts, and always use an authenticator app.

@jordicusmaximus
Absolutely, but a surprising number of very large companies only support MFA via SMS.

@th3j35t3r @voltronic I mean, to be fair, CoSo ain't your typical IT picnic basket when it comes to infosec. 😉

:jester:

@jordicusmaximus @th3j35t3r
Yup, I've got Authy enabled here, and CoSo also lets me use my preferred 128 random-character generated passwords as well. Stick that in your rainbow table and smoke it.

Oddly enough Google supports passwords of that length, but one of my banks is only 32 (and only SMS or email for MFA).

Sign in to participate in the conversation

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.