On 3/3/25 10:25 AM, Andy Burns wrote:

Java Jive wrote:

"Scammers stole £40k after EDF gave out my number"

Clearly EDF shouldn't go about giving out customer information, but I
ought to be able to paint my mobile number in 1ft high letters on the
side of my house and not have my SIM "swapped"

All UK networks should take extra security measures, such as writing to >customers at known address to confirm such a drastic action.

I have a pin on file with my US phone company. They're not supposed to take
any action without it. Hopefully they'll stick to it...

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 3/3/25 1:35 PM, Carlos E.R. wrote:

On 2025-03-03 20:04, Newyana2 wrote:

  So the weak point here, which was supposed to be the strong point,
is 2FA. The secondary weak point is people having online accounts in
the first place. If you're banking online then you're vulnerable. But it's >> not easy to avoid. I had to call my bank's corporate offices in order
to block the possibility of creating an online account. For most people
that's out of the question. People want convenience. Walk to the bank?
Fuggetaboutit!

It is not a choice for us, they are removing physical offices, and they
have fewer employees. I even have to book an appointment to get inside
the bank office. Even if I want to cash a big cheque into my account!

I always cash checks using my bank's phone app. No physical bank necessary.
You don't have that capability there ??

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 3/15/25 8:30 PM, Newyana2 wrote:

On 3/15/2025 1:53 PM, Java Jive wrote:

On 2025-03-15 12:35, Newyana2 wrote:

On 3/15/2025 7:46 AM, Java Jive wrote:

On 2025-03-14 18:49, Theo wrote:

Speculating, I would guess they started with the SIM swap.

The original report suggests that they started with an email hack,
and used that to facilitate the SIM swap.

   That's not what it said.

Look back directly up thread to my post of 2025-03-06 19:53, where I
quote the single sentence in the original report that stated that an
email hack had occurred before the SIM-swap scam was done.

You read it wrong.

"O2 Virgin Media confirmed the scammer telephoned its call centre
requesting a new Sim and had hacked Stephen's emails."

Both things happened. Nowhere does it say or imply that
hacking the email preceded the SIM swap. That wouldn't
make sense.

"
EDF explained the fraudster had his name and email address and had asked
EDF to give them his mobile number, which the company did. ... The call
from the fraudster to EDF happened three hours before O2 received a
request to move his number in the Sim-swap scam. ...
"

So they called EDF with name and email, asking for their phone
number. With that they called O2 and asked to swap SIMs.
Once the SIM was swapped they could log in to email and say
the lost their password. They then have a password change
link sent via email or text... which they now control.

As the article then states: "Criminals do it to bypass two-factor >authentication to change passwords and access anything else
you need a code from a text message for."

Hacking his email wouldn't have got the scammers a way to
bypass 2FA via cellphone, but a SIM swap would. So if the man
had not been using 2FA it's unlikely that he could have been
scammed.

My phone company has my pin on file and is not 'supposed' to make ANY
changes without me giving it. Course that's no guarantee but at least it's
one more obstacle...

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)