XPost: uk.telecom.mobile

https://www.theguardian.com/money/article/2024/jul/13/mobile-banking-fraudsters-accounts-scams-refund-victims

"Mobile banking: alarm as fraudsters take over handsets and raid accounts

Scams underline risks of banking on mobile, with not all lenders
prepared to refund victims

The risks of doing banking on your mobile handset have been underlined
by the stories of Guardian Money readers who had their mobiles taken
over by fraudsters, who then emptied their bank accounts.

In recent months, Guardian Money has become increasingly alarmed at how
often people are reporting that their mobile phone account has been
taken over – with O2 our most complained-about provider.

In some of the cases we have heard about, victims initially had their
email account hacked, while in another, the phone may have been taken
over using malware. Once in control of the email account, and armed with
other personal data, the fraudsters then posed as the customer to the
mobile company, resetting all the passwords and ordering a replacement
sim card.

Having assumed control of someone’s mobile phone it is relatively easy
to pretend to be them to their bank, using two-step verification codes
sent to the phone, to take over the account, and ultimately empty it."

--

Fake news kills!

I may be contacted via the contact address given on my website:
www.macfh.co.uk

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

On 13.07.24 12:58, Java Jive wrote:

https://www.theguardian.com/money/article/2024/jul/13/mobile-banking-fraudsters-accounts-scams-refund-victims

"Mobile banking: alarm as fraudsters take over handsets and raid accounts

The article is extremely unspecific how the accounts/mobiles were taken
over. Not very helpful.

I'm suspicious that elementary security rules were violated by the user
and not the bank or the telecom provider.

In the first place a phone locked by a strong password or biometric
means cannot be taken over.

The bank account if professionally set up will at least need another
strong password or a biometric login, which should be mutually different
from the device login.

And sorry to say: If a device can be "taken over by malware" something
is fundamentally wrong with the user. For banking it is never a good
idea to use old hard- and software which is no longer supported.

And it is also not a good idea to load "security software" on a mobile
device. Wherever it comes from.

This article gives no relevant insight into anything that happened.

Jörg


--
"De gustibus non est disputandum."

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

Jörg Lorenz wrote:

The article is extremely unspecific how the accounts/mobiles were taken
over. Not very helpful.

Snatch the unlocked phone from the user's hands. Bonus points if they
can trick the owner into unlocking it, and then snatching it

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

On 13/07/2024 15:17, Jörg Lorenz wrote:

On 13.07.24 15:42, Andy Burns wrote:

Jörg Lorenz wrote:

The article is extremely unspecific how the accounts/mobiles were taken
over. Not very helpful.

Snatch the unlocked phone from the user's hands. Bonus points if they
can trick the owner into unlocking it, and then snatching it

Seriously?

Well that lets you onto the phone but most banking apps require the user re-authenticate after switching to a different app. I suppose you can
then reset access to the passwords.

Dave

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

On 13.07.24 15:42, Andy Burns wrote:

Jörg Lorenz wrote:

The article is extremely unspecific how the accounts/mobiles were taken
over. Not very helpful.

Snatch the unlocked phone from the user's hands. Bonus points if they
can trick the owner into unlocking it, and then snatching it

Seriously?

--
"De gustibus non est disputandum."

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

On Sat, 13 Jul 2024 14:42:31 +0100, Andy Burns <[email protected]>
wrote:

Jörg Lorenz wrote:

The article is extremely unspecific how the accounts/mobiles were taken
over. Not very helpful.

Snatch the unlocked phone from the user's hands. Bonus points if they
can trick the owner into unlocking it, and then snatching it

Or kidnap the owner and torture them till they reveal the passwords.

I don't have a banking app on my phone, partly for that reason, and
partly because there's no room.


--
Steve Hayes from Tshwane, South Africa
Web: http://www.khanya.org.za/stevesig.htm
Blog: http://khanya.wordpress.com
E-mail - see web page, or parse: shayes at dunelm full stop org full stop uk

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

In comp.mobile.android, on Sat, 13 Jul 2024 18:45:12 -0000 (UTC), Chris <[email protected]> wrote:

David Wade <[email protected]d> wrote:

On 13/07/2024 15:17, J�rg Lorenz wrote:

On 13.07.24 15:42, Andy Burns wrote:

J�rg Lorenz wrote:

The article is extremely unspecific how the accounts/mobiles were taken >>>>> over. Not very helpful.

Snatch the unlocked phone from the user's hands. Bonus points if they >>>> can trick the owner into unlocking it, and then snatching it

Seriously?

Well that lets you onto the phone but most banking apps require the user
re-authenticate after switching to a different app. I suppose you can

That's a no-brainer. Just snatch the phone when he's using the banking
app.

then reset access to the passwords.

Most people use the same passcode on the lock screen as for (banking) apps

Really? I would never do that. If I had a phone passcode it would be different from all the others. The bank password is the same as on the
PC, of course, where it was set a decade or more before there were
smartphones.

so the thief videos you typing in your code and then steals the phone. Now >they get access to your phone AND money.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

In comp.mobile.android, on Sat, 13 Jul 2024 18:45:14 +0200, Steve Hayes <[email protected]> wrote:

On Sat, 13 Jul 2024 14:42:31 +0100, Andy Burns <[email protected]>
wrote:

J�rg Lorenz wrote:

The article is extremely unspecific how the accounts/mobiles were taken
over. Not very helpful.

Snatch the unlocked phone from the user's hands. Bonus points if they
can trick the owner into unlocking it, and then snatching it

Or kidnap the owner and torture them till they reveal the passwords.

+1

I don't have a banking app on my phone, partly for that reason, and
partly because there's no room.

I do,but the only time I use it is to deposit a check. I don't get
many checks, but when I do, this saves a trip to the bank.

One time in Little Rock, I lost half my wallet**, the half with cards,
and only had a small amount of money left. I foudn someone who would
lend me enough money to get home on, gas and food, and motels. Long
aga, I don't think I had a cell phone then, but I did have my laptop
with me and we found out he had an account at the same bank. I was able
to transfer money to him even before he went home to get the cash. So I
didn't really borrow it. I went to a nother branch in Tennessee and got
a new card. So except for the time spent looking, I really wasn't inconvenienced.**

I didn't even know I could use the webpage to spend money. But I had
still guarded that password.

** I looked all over. I had it an hour earlier, I went back to cafeterie
where I used it to pay for lunch, I looked on the sidewalk and in street
trash cans wherever I had walked, I reported it to the police, I asked
them Where is Traveler's Aid. He'd never heard of it. (Apprently it's
mostly in movies made in NY during WW2.) AFAICT no one ever used or
tried to use the cards in the wallet. I wonder where I lost it and if
anyone found it.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

On 7/13/2024 12:10 PM, micky wrote:

One time in Little Rock, I lost half my wallet**, the half with
cards, and only had a small amount of money left.

On trips I used to keep emergency cash hidden under the floormat in the
car. Luckily I never needed it. I came close to forgetting about it one
time when I got home and put the car through the full service car
wash though... 8-O

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

On 2024-07-13 20:59, micky wrote:

In comp.mobile.android, on Sat, 13 Jul 2024 18:45:12 -0000 (UTC), Chris <[email protected]> wrote:

David Wade <[email protected]d> wrote:

On 13/07/2024 15:17, Jörg Lorenz wrote:

On 13.07.24 15:42, Andy Burns wrote:

Jörg Lorenz wrote:

The article is extremely unspecific how the accounts/mobiles were taken >>>>>> over. Not very helpful.

Snatch the unlocked phone from the user's hands. Bonus points if they >>>>> can trick the owner into unlocking it, and then snatching it

Seriously?

Well that lets you onto the phone but most banking apps require the user >>> re-authenticate after switching to a different app. I suppose you can

That's a no-brainer. Just snatch the phone when he's using the banking
app.

then reset access to the passwords.

Most people use the same passcode on the lock screen as for (banking) apps

Really? I would never do that. If I had a phone passcode it would be

The fingerprint is the same.

--
Cheers, Carlos.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

On 7/13/2024 6:42 AM, Andy Burns wrote:

Snatch the unlocked phone from the user's hands. Bonus points if
they can trick the owner into unlocking it, and then snatching it

No trick necessary if they snatch the phone while the victim is using it
and thus it's already unlocked. If a Google user all the Google apps are
also open in this theft method...

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

On 7/13/2024 11:45 AM, Chris wrote:

Most people use the same passcode on the lock screen as for
(banking) apps

I doubt that. Any links...

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

On 2024-07-13 16:20, Chris wrote:

AJL <[email protected]> wrote:

On 7/13/2024 11:45 AM, Chris wrote:

Most people use the same passcode on the lock screen as for
(banking) apps

I doubt that. Any links...

https://www.ft.com/content/26be349d-4717-4815-a221-a749e29de2b2

I know I did until I started reading about these types of thefts.

Nope.

Never did, never WOULD use my phone PIN for anything but...

...unlocking my PHONE!

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

On 7/13/2024 4:20 PM, Chris wrote:

AJL <[email protected]> wrote:

On 7/13/2024 11:45 AM, Chris wrote:

Most people use the same passcode on the lock screen as for
(banking) apps

I doubt that. Any links...

https://www.ft.com/content/26be349d-4717-4815-a221-a749e29de2b2

The link is locked for me...

I know I did until I started reading about these types of thefts.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

On 2024-07-13 17:06, AJL wrote:

On 7/13/2024 4:20 PM, Chris wrote:

AJL <[email protected]> wrote:

On 7/13/2024 11:45 AM, Chris wrote:

Most people use the same passcode on the lock screen as for
(banking) apps

I doubt that. Any links...

https://www.ft.com/content/26be349d-4717-4815-a221-a749e29de2b2

The link is locked for me...

Try this:

<https://archive.is/OsN5j>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

In comp.mobile.android, on Sat, 13 Jul 2024 14:09:14 -0700, AJL <[email protected]> wrote:

On 7/13/2024 12:10 PM, micky wrote:

One time in Little Rock, I lost half my wallet**, the half with
cards, and only had a small amount of money left.

On trips I used to keep emergency cash hidden under the floormat in the
car. Luckily I never needed it. I came close to forgetting about it one
time when I got home and put the car through the full service car
wash though... 8-O

When I got stopped for speeding in Chicago in 1970 -- I had the top down
and my long hair was blowing in the breeze, so he showed no mercy, LOL I
really was speeding. -- I had an outofstate license so I had to post 50
dollars bond, which I didn't have. It was summer, most people I knew
had gone home, I couldn't find my girlfriend at work, but fortunately
her girlfriend worked at a nearby desk and she came, when she got off
work. So I only spend 5 hours in stir.

After that, for 20 years I carried 60 dollars in travelers checks in the
trunk, but I stopped. I've thought about starting again.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

In comp.mobile.android, on Sat, 13 Jul 2024 23:20:55 -0000 (UTC), Chris <[email protected]> wrote:

micky <[email protected]> wrote:

In comp.mobile.android, on Sat, 13 Jul 2024 18:45:12 -0000 (UTC), Chris
<[email protected]> wrote:

David Wade <[email protected]d> wrote:

On 13/07/2024 15:17, J�rg Lorenz wrote:

On 13.07.24 15:42, Andy Burns wrote:

J�rg Lorenz wrote:

The article is extremely unspecific how the accounts/mobiles were taken >>>>>>> over. Not very helpful.

Snatch the unlocked phone from the user's hands. Bonus points if they >>>>>> can trick the owner into unlocking it, and then snatching it

Seriously?

Well that lets you onto the phone but most banking apps require the user >>>> re-authenticate after switching to a different app. I suppose you can

That's a no-brainer. Just snatch the phone when he's using the banking
app.

How would a thief know?

They're smart. LOL

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

In comp.mobile.android, on Sat, 13 Jul 2024 14:09:19 -0700, AJL <[email protected]> wrote:

victim

I thought this said violin. LOL


"No trick necessary if they snatch the phone while the victim is using
it"

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

On 7/13/2024 5:44 PM, micky wrote:

for 20 years I carried 60 dollars in travelers checks in the trunk,
but I stopped. I've thought about starting again.

Travelers checks?? My emergency stash hidden under the floormat was
cash cause everybody takes cash...

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

On 7/13/2024 5:17 PM, Alan wrote:

On 2024-07-13 17:06, AJL wrote:

On 7/13/2024 4:20 PM, Chris wrote:

AJL <[email protected]> wrote:

On 7/13/2024 11:45 AM, Chris wrote:

Most people use the same passcode on the lock screen as for
(banking) apps

I doubt that. Any links...

https://www.ft.com/content/26be349d-4717-4815-a221-a749e29de2b2

The link is locked for me...

Try this:

<https://archive.is/OsN5j>

That link worked. Interesting article. I also live in a large metro area (Phoenix AZ US) and the same stuff happens here.

But you said: "Most people use the same passcode on the lock screen as
for (banking) apps" and I saw nothing in that piece to verify that.
"Most" being over half the phone using population. I still doubt that
assertion but also can't prove otherwise...

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

In comp.mobile.android, on Sat, 13 Jul 2024 18:39:43 -0700, AJL <[email protected]> wrote:

On 7/13/2024 5:44 PM, micky wrote:

for 20 years I carried 60 dollars in travelers checks in the trunk,
but I stopped. I've thought about starting again.

Travelers checks?? My emergency stash hidden under the floormat was
cash cause everybody takes cash...

I thought about that. Would the police take traveler's checks?. I had
only bought $20's for my trip and I saved the last 3, so it was not 50
but 60, and I figured worst comes to worst I could get $50 if I was
willing to sign over 60 to someone who was there acting personally. I
only spent a couple weeks in Chicago after I got back from th etrip, but
of course it's not just traffic tickets that can cause one to really
need money.




--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

On 2024-07-13 18:39, AJL wrote:

On 7/13/2024 5:17 PM, Alan wrote:

On 2024-07-13 17:06, AJL wrote:

On 7/13/2024 4:20 PM, Chris wrote:

AJL <[email protected]> wrote:

On 7/13/2024 11:45 AM, Chris wrote:

Most people use the same passcode on the lock screen as for
(banking) apps

I doubt that. Any links...

https://www.ft.com/content/26be349d-4717-4815-a221-a749e29de2b2

The link is locked for me...

Try this:

<https://archive.is/OsN5j>

That link worked. Interesting article. I also live in a large metro area (Phoenix AZ US) and the same stuff happens here.

But you said: "Most people use the same passcode on the lock screen as
for (banking) apps" and I saw nothing in that piece to verify that.
"Most" being over half the phone using population. I still doubt that assertion but also can't prove otherwise...

I didn't say that.

Sorry.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

On 7/13/2024 6:45 PM, Alan wrote:

On 2024-07-13 18:39, AJL wrote:

But you said: "Most people use the same passcode on the lock screen as
for (banking) apps" and I saw nothing in that piece to verify that.
"Most" being over half the phone using population. I still doubt that
assertion but also can't prove otherwise...

I didn't say that.

Sorry.

Ah. My error. Apologies...

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

On 2024-07-13 18:54, AJL wrote:

On 7/13/2024 6:45 PM, Alan wrote:

On 2024-07-13 18:39, AJL wrote:

But you said: "Most people use the same passcode on the lock screen as
for (banking) apps" and I saw nothing in that piece to verify that.
"Most" being over half the phone using population. I still doubt that
assertion but also can't prove otherwise...

I didn't say that.

Sorry.

Ah. My error. Apologies...

No worries.

:-)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

On 7/13/2024 6:49 PM, micky wrote:

In comp.mobile.android, on Sat, 13 Jul 2024 18:39:43 -0700, AJL <[email protected]> wrote:

On 7/13/2024 5:44 PM, micky wrote:

for 20 years I carried 60 dollars in travelers checks in the
trunk, but I stopped. I've thought about starting again.

Travelers checks?? My emergency stash hidden under the floormat
was cash cause everybody takes cash...

I thought about that. Would the police take traveler's checks?.

Depends on where you are I imagine. I do know that in Phoenix a normal
speeding citation requires only a signature, no matter where you're from...

of course it's not just traffic tickets that can cause one to really
need money.

I always carry cash just in case the cards didn't work. More than once
it's saved me when a store's system was down and they only took cash...

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

In comp.mobile.android, on Sat, 13 Jul 2024 19:07:56 -0700, AJL <[email protected]> wrote:

On 7/13/2024 6:49 PM, micky wrote:

In comp.mobile.android, on Sat, 13 Jul 2024 18:39:43 -0700, AJL
<[email protected]> wrote:

On 7/13/2024 5:44 PM, micky wrote:

for 20 years I carried 60 dollars in travelers checks in the
trunk, but I stopped. I've thought about starting again.

Travelers checks?? My emergency stash hidden under the floormat
was cash cause everybody takes cash...

I thought about that. Would the police take traveler's checks?.

Depends on where you are I imagine. I do know that in Phoenix a normal >speeding citation requires only a signature, no matter where you're from...

of course it's not just traffic tickets that can cause one to really
need money.

I always carry cash just in case the cards didn't work. More than once
it's saved me when a store's system was down and they only took cash...

I carry cash too, but this was 1970 and 50 then is worth 300 or 400 now,
and I didn't carry that much. (And I was only 23 then.) In fact I still
don't. I've used cars more since covid. Before then when I was down to
50, I'd get 200. Now I get cash far less often, will go below 50, but
probably get 300.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

On 13/07/2024 19:45, Chris wrote:

David Wade <[email protected]d> wrote:

On 13/07/2024 15:17, Jörg Lorenz wrote:

On 13.07.24 15:42, Andy Burns wrote:

Jörg Lorenz wrote:

The article is extremely unspecific how the accounts/mobiles were taken >>>>> over. Not very helpful.

Snatch the unlocked phone from the user's hands. Bonus points if they >>>> can trick the owner into unlocking it, and then snatching it

Seriously?

Well that lets you onto the phone but most banking apps require the user
re-authenticate after switching to a different app. I suppose you can
then reset access to the passwords.

Most people use the same passcode on the lock screen as for (banking) apps
so the thief videos you typing in your code and then steals the phone. Now they get access to your phone AND money.

Yuk. I suppose on Apple that works. Once I know my Wifes passcode I can
access her password store and all her apps. I have android so the phone
unlock is pattern but the banking apps are a different code...

Dave

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

On 7/13/2024 5:09 PM, AJL wrote:

On 7/13/2024 11:45 AM, Chris wrote:

Most people use the same passcode on the lock screen as for
(banking) apps

I doubt that. Any links...

That's common knowledge. I don't have links but I've seen
articles detailing how common it is for people to use passwords
like "password" or "1234". Most people don't expect to have to
actually deal with security. And why should they? They've
been led to think that cellphone apps are nothing but convenience
and roses. It's similar with computers.

I came up with a system
for the woman I live with. She uses the name of her last cat,
along with specific parts of the company she's logging into. That
formula allows her to have different passwords for every site.
Before that she just used the first letters of her kids' names
whenever she needed a password. If they also demanded a number
then she'd add "1". :)

The majority of humanity are not geeky or OCD-ish. They just
don't do passwords, much less PIN codes. It's too much to
remember.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

On 7/14/2024 2:24 AM, Chris wrote:

AJL <[email protected]> wrote:

On 7/13/2024 4:20 PM, Chris wrote:

Bank apps ask you to set a PIN as an added level of security.
People are lazy and don't want to remember another PIN so use the
same one as the phone lock screen.

Depends on the bank app. Mine don't offer pin capability but do
require long passwords using all types of characters.

That's sounds like a PITA.

PITA? Not for me. Because I'm one of those paranoid folks who don't keep
any banking (or investment) apps on my phone for security reasons. I
really don't have to do any phone banking while out. And it's easy
enough to save for home.

As far a pin vs password I find passwords easier. That's because I use a formula for each site. Something like $ + my first employee number +
first 3 letters of site/app name + my second employee number + next 2
letters of the site/app name + the number 13. This is just an example
and it can give me a 15+ character password that I can easily remember
and type in in a just few seconds.

I use the formula for ALL my password requiring sites, sensitive or not.
I let Google remember and insert the non-sensitive ones.

Also I can remember and use my formula for ALL my sites, even at my age.
I doubt I (or most folks) could remember that many DIFFERENT pins...

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

On Sat, 13 Jul 2024 15:33:12 +0200, J�rg Lorenz <[email protected]>
wrote:

On 13.07.24 12:58, Java Jive wrote:

https://www.theguardian.com/money/article/2024/jul/13/mobile-banking-fraudsters-accounts-scams-refund-victims

"Mobile banking: alarm as fraudsters take over handsets and raid accounts

The article is extremely unspecific how the accounts/mobiles were taken
over. Not very helpful.

Probably not the greatest idea to publicise how to take over a phone.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

On 7/14/2024 12:54 PM, Chris wrote:

AJL <[email protected]> wrote:

On 7/14/2024 2:24 AM, Chris wrote:

AJL <[email protected]> wrote:

Mine [bank apps] don't offer pin capability but do require long
passwords using all types of characters.

That's sounds like a PITA.

PITA? Not for me. Because I'm one of those paranoid folks who don't
keep any banking (or investment) apps on my phone for security
reasons.

The topic is mobile banking...

And my sentence above DOES refer to mobile banking. The lack of it for
security reasons. If you're going to play on topic cop you should be
going after my speeding citation comments and other more ghastly off
topic violations I'm guilty of in this holy Android group. Personally I
dislike a dead group. YMMV...

As far a pin vs password I find passwords easier. That's because I
use a formula for each site. Something like $ + my first employee
number + first 3 letters of site/app name + my second employee
number + next 2 letters of the site/app name + the number 13. This
is just an example and it can give me a 15+ character password that
I can easily remember and type in in a just few seconds.

Some sites don't accept passwords longer than 8 or 9 chars and/or no
special character. What do you do then?

As I said, the above formula is just an example. It can be adjusted to
work with any site.

I gave up years ago and have a password manager.
Much easier. Only one password to remember.

Sounds scary. Google "password manager dangers". Some results:

"The same thing that makes password managers so convenient for you—all
your passwords are easily accessible in one spot—also represents the
greatest risk. If your personal device is infected with malware, then cybercriminals can steal your master password and take control of your
vault."

"While LifeLock has had several other issues over the years, in December
2022, LifeLock revealed that it had experienced a data breach resulting
in more than 6,000 of its customers losing access to their password
managers. Hackers had used a technique known as “credential stuffing” to take control of these customers"

"Password manager programs are a target for hackers. It's not easy to
login using multiple devices. If the main password is used/typed/saved
on a computer with malware, your main password can compromise all your
other passwords controlled by the PM"

BTW the topic is mobile banking. Give yourself 3 demerits... ;)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

Jörg Lorenz wrote:

Andy Burns wrote:

Snatch the unlocked phone from the user's hands. Bonus points if they
can trick the owner into unlocking it, and then snatching it

Seriously?

That's a warning doing the rounds over here, approach someone, convince
them they're cute, ask them to add you to their contacts, when they get
their phone out and unlock it, steal it.

Newspapers with stories of individuals stealing a dozens of phones per
hour, in city centres or at festivals.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

On 14/07/2024 00:20, Chris wrote:

Not the same thing. Bank apps ask you to set a PIN as an added level of security. People are lazy and don't want to remember another PIN so use the same one as the phone lock screen.

I have no idea why the banks have recently made the security of their apps weaker. I have two banking apps on my phone, each of them used to have a longish alphanumeric password that I had chosen (two different passwords of course). But recent
compulsory "upgrades" to each App have made me chose a 5-digit or 6-digit PIN. I have chosen different PINs and neither is the same as the one I use to unlock the phone, but all the same it's obviously less secure than before. Can anyone think why on
earth they have done that? It seems crazy to me.


--
Clive Page

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

AJL wrote:

Chris wrote:

https://www.ft.com/content/26be349d-4717-4815-a221-a749e29de2b2

The link is locked for me...

Go to google, search for 26be349d-4717-4815-a221-a749e29de2b2
follow the result link it gives you, that'll work based on cookies
and/or referrer

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

Am 15.07.24 um 09:45 schrieb Andy Burns:

Jörg Lorenz wrote:

Andy Burns wrote:

Snatch the unlocked phone from the user's hands. Bonus points if they
can trick the owner into unlocking it, and then snatching it

Seriously?

That's a warning doing the rounds over here, approach someone, convince
them they're cute, ask them to add you to their contacts, when they get
their phone out and unlock it, steal it.

Newspapers with stories of individuals stealing a dozens of phones per
hour, in city centres or at festivals.

Has absolutely nothing to do with smartphones and nothing with the story.

--
"Gutta cavat lapidem." (Ovid)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

On Mon, 15 Jul 2024 14:48:38 +0100
Clive Page <[email protected]> wrote:

On 14/07/2024 00:20, Chris wrote:

Not the same thing. Bank apps ask you to set a PIN as an added
level of security. People are lazy and don't want to remember
another PIN so use the same one as the phone lock screen.

I have no idea why the banks have recently made the security of their
apps weaker. I have two banking apps on my phone, each of them used
to have a longish alphanumeric password that I had chosen (two
different passwords of course). But recent compulsory "upgrades" to
each App have made me chose a 5-digit or 6-digit PIN. I have chosen different PINs and neither is the same as the one I use to unlock the
phone, but all the same it's obviously less secure than before. Can
anyone think why on earth they have done that? It seems crazy to me.

What is the banks' explanation?

--
Davey.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

On 15/07/2024 17:05, Davey wrote:

On Mon, 15 Jul 2024 14:48:38 +0100
Clive Page <[email protected]> wrote:

On 14/07/2024 00:20, Chris wrote:

Not the same thing. Bank apps ask you to set a PIN as an added
level of security. People are lazy and don't want to remember
another PIN so use the same one as the phone lock screen.

I have no idea why the banks have recently made the security of their
apps weaker. I have two banking apps on my phone, each of them used
to have a longish alphanumeric password that I had chosen (two
different passwords of course). But recent compulsory "upgrades" to
each App have made me chose a 5-digit or 6-digit PIN. I have chosen
different PINs and neither is the same as the one I use to unlock the
phone, but all the same it's obviously less secure than before. Can
anyone think why on earth they have done that? It seems crazy to me.

What is the banks' explanation?

Very amusing. Have you tried to get a bank to answer a question like that recently?

--
Clive Page

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

On 15/07/2024 17:05, Davey wrote:

On Mon, 15 Jul 2024 14:48:38 +0100
Clive Page <[email protected]> wrote:

On 14/07/2024 00:20, Chris wrote:

Not the same thing. Bank apps ask you to set a PIN as an added
level of security. People are lazy and don't want to remember
another PIN so use the same one as the phone lock screen.

I have no idea why the banks have recently made the security of their
apps weaker. I have two banking apps on my phone, each of them used
to have a longish alphanumeric password that I had chosen (two
different passwords of course). But recent compulsory "upgrades" to
each App have made me chose a 5-digit or 6-digit PIN. I have chosen
different PINs and neither is the same as the one I use to unlock the
phone, but all the same it's obviously less secure than before. Can
anyone think why on earth they have done that? It seems crazy to me.

What is the banks' explanation?

First Direct did something similar, their claim was 'use ... on more than
one device'. That may just have meant they were switching software to match HSBC, which already had 6 digit PINs and multiple devices; or maybe some devices only allow numeric input.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

Tweed wrote:

It’s usually a sim swap fraud. Somehow convince the mobile operator to port the number to another mobile operator where the new sim is in the
possession of the fraudster.

Whenever I've requested porting my number to a different operator, I've received texts giving 24 or more hours notice to port.

Which operators *don't* operate such a safeguard?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

On Tue, 16 Jul 2024 00:02:26 +0100, Andy Burns <[email protected]>
wrote:

Tweed wrote:

It’s usually a sim swap fraud. Somehow convince the mobile operator to port
the number to another mobile operator where the new sim is in the
possession of the fraudster.

Whenever I've requested porting my number to a different operator, I've >received texts giving 24 or more hours notice to port.

Which operators *don't* operate such a safeguard?

The fraudsters phone pretending to be the operator, to say that they
have had a SIM-swap request.


--
Steve Hayes from Tshwane, South Africa
Web: http://www.khanya.org.za/stevesig.htm
Blog: http://khanya.wordpress.com
E-mail - see web page, or parse: shayes at dunelm full stop org full stop uk

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

Steve Hayes wrote:

Andy Burns <[email protected]> wrote:

Which operators *don't* operate such a safeguard?>

The fraudsters phone pretending to be the operator, to say that they
have had a SIM-swap request.
The fraudsters phone pretending to be the operator, to say that they
have had a SIM-swap request.

Still, why no confirmation from the end-user, seems negligent of the
operator, they know email and/or postal addr for user to send bills to ...



p.s. I don't mind receiving cc: by email from usenet posters, but doing
so from a non-functioning email addr seems a little rude?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

On Mon, 15 Jul 2024 14:48:38 +0100, Clive Page <[email protected]>
wrote:

I have no idea why the banks have recently made the security of their apps weaker. I have two banking apps on my phone, each of them used to have a longish alphanumeric password that I had chosen (two different passwords of course). But recent

compulsory "upgrades" to each App have made me chose a 5-digit or 6-digit PIN. I have chosen different PINs and neither is the same as the one I use to unlock the phone, but all the same it's obviously less secure than before. Can anyone think why on
earth they have done that? It seems crazy to me.

If people are required to use complex passwords it's unlikely they'll
be able to memorize them, so will often write them down. People are
much more likely to be able to memorize a 6-digit password.

So the reduced security of a simple password is more than outweighed
by the risk of people writing a password down.

Chris

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: uk.telecom.mobile

On 16/07/2024 13:32, Chris in Makati wrote:

On Mon, 15 Jul 2024 14:48:38 +0100, Clive Page <[email protected]>
wrote:

I have no idea why the banks have recently made the security of their apps weaker. I have two banking apps on my phone, each of them used to have a longish alphanumeric password that I had chosen (two different passwords of course). But recent

compulsory "upgrades" to each App have made me chose a 5-digit or 6-digit PIN. I have chosen different PINs and neither is the same as the one I use to unlock the phone, but all the same it's obviously less secure than before. Can anyone think why on
earth they have done that? It seems crazy to me.

If people are required to use complex passwords it's unlikely they'll
be able to memorize them, so will often write them down. People are
much more likely to be able to memorize a 6-digit password.

So the reduced security of a simple password is more than outweighed
by the risk of people writing a password down.

Chris

Well that is possible, but I have no idea if it is true. But in that case, people like me who can memorize a few alphanumeric passwords should not be forced to switch instead to a set of 5-digit or 6-digit numbers instead. I think I'd like the choice
of weaker or stronger security. YMMV.

--
Clive Page

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)