Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.mobile.android > #146914 > unrolled thread
| Started by | Java Jive <java@evij.com.invalid> |
|---|---|
| First post | 2025-03-03 12:27 +0000 |
| Last post | 2025-03-15 08:48 -0400 |
| Articles | 20 on this page of 123 — 14 participants |
Back to article view | Back to comp.mobile.android
"'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-03 12:27 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-03 10:47 -0500
Re: "'Scammers stole £40k after EDF gave out my number" David Rance <david@SPAMOFF.invalid> - 2025-03-03 17:13 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-03 17:33 +0000
Re: "'Scammers stole £40k after EDF gave out my number" David Rance <david@SPAMOFF.invalid> - 2025-03-03 18:20 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-03 15:54 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-03 17:25 +0000
Re: "'Scammers stole £40k after EDF gave out my number" AJL <noemail@none.com> - 2025-03-03 17:38 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-03 14:04 -0500
Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-03 19:28 +0000
Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-03 21:36 +0100
Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-03 21:35 +0100
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-03 17:35 -0500
Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-04 02:49 +0100
Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-04 08:07 +0000
Re: "'Scammers stole £40k after EDF gave out my number" AJL <noemail@none.com> - 2025-03-03 22:58 +0000
Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-04 02:50 +0100
Re: "'Scammers stole £40k after EDF gave out my number" AJL <noemail@none.com> - 2025-03-03 21:23 -0700
Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-04 06:43 +0000
Re: "'Scammers stole £40k after EDF gave out my number" AJL <noemail@none.com> - 2025-03-04 09:22 -0700
Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-04 16:40 +0000
Re: "'Scammers stole £40k after EDF gave out my number" AJL <noemail@none.com> - 2025-03-04 10:21 -0700
Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-04 18:37 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-04 14:46 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-03 21:38 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-03 17:31 -0500
Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-04 08:13 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-04 08:09 -0500
Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-04 16:22 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-04 21:09 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-04 19:43 -0500
Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-05 05:34 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 08:22 -0500
Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-05 16:15 +0000
Re: "'Scammers stole £40k after EDF gave out my number" David Wade <dave@g4ugm.invalid> - 2025-03-05 09:44 +0100
Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-05 13:15 +0100
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 08:47 -0500
Re: "'Scammers stole £40k after EDF gave out my number" Abandoned Trolley <that.bloke@microsoft.com> - 2025-03-05 14:27 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 10:42 -0500
Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 16:51 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Abandoned Trolley <that.bloke@microsoft.com> - 2025-03-05 17:21 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 12:37 -0500
Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-05 18:03 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 16:00 -0500
Re: "'Scammers stole £40k after EDF gave out my number" David Wade <dave@g4ugm.invalid> - 2025-03-05 22:07 +0100
Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-06 15:42 +0000
Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-06 19:28 +0100
Re: "'Scammers stole £40k after EDF gave out my number" Abandoned Trolley <that.bloke@microsoft.com> - 2025-03-05 18:23 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 16:01 -0500
Re: "'Scammers stole £40k after EDF gave out my number" Abandoned Trolley <that.bloke@microsoft.com> - 2025-03-05 21:03 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 18:40 +0000
Re: "'Scammers stole £40k after EDF gave out my number" David Wade <dave@g4ugm.invalid> - 2025-03-05 18:02 +0100
Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-05 21:04 +0100
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 08:12 -0500
Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 13:29 +0000
Re: "'Scammers stole £40k after EDF gave out my number" David Wade <dave@g4ugm.invalid> - 2025-03-05 17:38 +0100
Re: "'Scammers stole £40k after EDF gave out my number" Abandoned Trolley <that.bloke@microsoft.com> - 2025-03-05 17:25 +0000
Re: "'Scammers stole £40k after EDF gave out my number" David Wade <dave@g4ugm.invalid> - 2025-03-05 21:44 +0100
Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 18:45 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 13:25 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 13:25 +0000
Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-05 14:57 +0100
Re: "'Scammers stole £40k after EDF gave out my number" Theo <theom+news@chiark.greenend.org.uk> - 2025-03-05 14:10 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-05 16:26 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 14:33 +0000
Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-05 21:08 +0100
Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-03 19:25 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-03 19:43 +0000
Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-03 21:40 +0100
Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-03 21:26 +0000
Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-03 21:38 +0100
Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-03 20:54 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-04 07:19 +0000
Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-03 21:31 +0100
Re: "'Scammers stole £40k after EDF gave out my number" Brian Gregory <void-invalid-dead-dontuse@email.invalid> - 2025-03-06 01:56 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-06 13:54 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Tweed <usenet.tweed@gmail.com> - 2025-03-06 14:57 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-06 11:09 -0500
Re: "'Scammers stole £40k after EDF gave out my number" AJL <noemail@none.com> - 2025-03-06 11:17 -0700
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-07 09:12 -0500
Re: "'Scammers stole £40k after EDF gave out my number" AJL <noemail@none.com> - 2025-03-07 09:35 -0700
Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-06 18:24 +0000
Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-06 19:36 +0100
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-07 09:17 -0500
Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-07 16:16 +0100
Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-08 10:30 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Brian Gregory <void-invalid-dead-dontuse@email.invalid> - 2025-03-06 16:37 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-06 19:53 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-07 07:37 +0000
Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-07 10:46 +0100
Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-07 13:24 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-07 09:38 -0500
Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-07 15:35 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-07 15:46 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Theo <theom+news@chiark.greenend.org.uk> - 2025-03-14 18:49 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-15 09:53 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-15 11:46 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-15 08:35 -0400
Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-15 17:53 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Theo <theom+news@chiark.greenend.org.uk> - 2025-03-15 19:27 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-15 23:30 -0400
Re: "'Scammers stole £40k after EDF gave out my number" AJL <noemail@none.com> - 2025-03-16 05:01 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-16 08:47 -0400
Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-16 13:47 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Theo <theom+news@chiark.greenend.org.uk> - 2025-03-16 15:13 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-16 16:04 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Theo <theom+news@chiark.greenend.org.uk> - 2025-03-16 18:00 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-17 08:53 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-17 13:53 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-17 14:53 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-17 18:44 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-20 10:42 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-20 12:48 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-20 13:18 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-20 13:27 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-20 14:28 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-20 16:02 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-20 13:00 -0400
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-16 11:54 -0400
Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-16 16:09 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-16 19:23 +0000
Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-16 23:10 +0100
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-15 08:48 -0400
Page 5 of 7 — ← Prev page 1 2 3 4 [5] 6 7 Next page →
| From | AJL <noemail@none.com> |
|---|---|
| Date | 2025-03-07 09:35 -0700 |
| Message-ID | <vqf782$3kdvg$1@dont-email.me> |
| In reply to | #147078 |
On 3/7/2025 7:12 AM, Newyana2 wrote: > On 3/6/2025 1:17 PM, AJL wrote: >> On 3/6/2025 9:09 AM, Newyana2 wrote: >> >>> Anyone who assumes they're safe conducting their life online is >>> simply an ostrich who doesn't want to know the facts. In their >>> defense, the facts are well hidden. But it's still ostrich >>> mentality, driven by laziness. >> >> Perhaps the ostrich is anyone who thinks their life is not online >> these days. >> > > My life is not online. Of course there's data online. And that would be data about your life. > What I meant was living through a cellphone and all that entails. Same as living through a home computer only more convenient for me and many folks. YMMV. >> Go to the doctor? Your very personal info is online and available >> to the office staff, the computer service techs, the billing >> company, the insurance company, and of course hackers. Pay taxes? >> All online and available to many (honest?) government employees. >> Own a home? Here (AZ US) hackers are selling them without the >> owners knowledge using online government title info. Retired? My >> info is online for both my state and fed retirement accounts both >> of which are direct deposited into my online bank account. Likewise >> most of my investments. I could fill a couple of more paragraphs >> about folks living online these days but I think even an ostrich >> would get my point. > Which is what? That your laziness One can always tell when the opponent has no case. He resorts to insults. > is justified because the world has already gone to hell? My personal world is actually in pretty good shape right now. No complaints. I'm not sure what both our lives being online have to do with the world at large though... > That's a good example of ostrich logic. Non-ostrich means simply > relating to your life rather than looking for excuses not to. It's > not a black/white issue. The irony is that ostriches always put a lot > of effort into defending their ignorance: More insults, no facts. > "My doctor already knows my phone number, and my SS payment is > auto-deposited, so why should I care that Google tracks me everywhere > I go?" Good point. With 2.5 billion Google accounts what are the chances a Google PERSON chooses to track you? However if you're worried about a Google computer tracking you then my point was you should be worried about all those other computers that are tracking you as well. Or better yet not being worried and just enjoy the convenience our online world brings us... >> And of course if you think keeping your sensitive stuff only on >> your home computers keeps you safe then you should talk to my >> neighbor who lost all his electronics in a burglary... > You missed the whole point. But I know that you're in a rush to go > buy something you don't need so that you can get some cash back on > your credit card... And I know that you're proud of such clever > consumerism. So I won't bore you with clarifications. :) Sorry, the smiley doesn't negate the insulting flavor of your words. Try emotion free facts on your next reply. How is your life not online? For example I bet you go to a doctor that keeps your most personal info online. And I bet it's more likely to be seen by PEOPLE than any of my Google stuff... 8-O
[toc] | [prev] | [next] | [standalone]
| From | Frank Slootweg <this@ddress.is.invalid> |
|---|---|
| Date | 2025-03-06 18:24 +0000 |
| Message-ID | <vqcsq1.3co.1@ID-201911.user.individual.net> |
| In reply to | #147033 |
Newyana2 <newyana@invalid.nospam> wrote: [...] > Think of the average person. First there was the SIM swap, *That*, the SIM-swap, was the security breach, which never should have happened. 'the average person' has nothing to do with it. > so > now the scammer is getting all texts. They're also getting > 2FA codes. With the email address they go to that and say they > forgot their password. Then there are two possiiblities. They may > need to know security questions, or they may have a password > reset link sent to their cellphone. That would be yet another security breach. Generally, unauthorized persons will *not* get access to e-mail and other accounts. That why it's strongly advised to give your next of kin access to passwords, etc., because if you get indisposed or die, etc., your next of kin will not get access without them. > If it's the latter then they have > email access. That's part of the lesson here. 2FA is not safer. It's > riskier. Nonsense. Of course 2FA/2SV is safer. It's less *convenient*, but safer. Especially 2FA. That you say "2FA" while the context you describe is 2SV, not 2FA, doesn't do your 'argument' any favours. > It's bringing an insecure, portable device into the mix and > trusting that device fully. Here you go again! A smartphone is not insecure. That *you* do not understand - and apparently do not want to understand - how it really works, invalidates your claim. But stop your ranting and put your money where your mouth is: You have my smartphone in your hand. Now pray tell, *how* are you going to abuse (i.e. get into in) that "insecure, portable device" and do all those terrible things, upto accessing my bank accounts. After all, you are the expert and we are only gullible ostriches. [More of the same FUD ranting deleted.] > Anyone who assumes they're safe conducting their life online > is simply an ostrich who doesn't want to know the facts. In > their defense, the facts are well hidden. But it's still ostrich > mentality, driven by laziness. As has been said many, many times before: *Your* life *is* online. That you don't realize or/and acknowledge that, doesn't make it any less a fact. So also yours is "ostrich mentality'.
[toc] | [prev] | [next] | [standalone]
| From | "Carlos E.R." <robin_listas@es.invalid> |
|---|---|
| Date | 2025-03-06 19:36 +0100 |
| Message-ID | <9j6p9lx24e.ln2@Telcontar.valinor> |
| In reply to | #147033 |
On 2025-03-06 17:09, Newyana2 wrote: > On 3/6/2025 8:54 AM, Java Jive wrote: >> On 2025-03-06 01:56, Brian Gregory wrote: >>> >>> On 03/03/2025 12:27, Java Jive wrote: >>>> >>>> So, EDF allowed them to go from his email address to obtaining his >>>> mobile phone number for a SIM-swap scam, but I wonder how they >>>> managed to go from either to all his savings accounts, unless they'd >>>> also compromised his PC or phone as well; if the latter, why did >>>> they need to go via EDF? >>> >>> Once you've got the email and done the SIM swap scam or hacked SS7 to >>> read someone’s incoming SMS, that's enough, or almost enough, to get >>> in to all sorts of things via the I've forgotten my password link on >>> their websites. >> >> But how would they know which banks, savings accounts, etc, to target >> without additional information? Just knowing his email address on its >> own would not be enough for this, there must be hundreds of people who >> know my email address, because they send me emails via it, but that >> fact alone doesn't make me vulnerable to hacking. >> >> At very least, they would have had to be able to read his emails > > Think of the average person. First there was the SIM swap, so > now the scammer is getting all texts. Yes. This was the big problem, and was not his fault, but of the service that duplicated the SIM and gave it to the bad people. > They're also getting > 2FA codes. With the email address they go to that and say they > forgot their password. Then there are two possiiblities. They may > need to know security questions, or they may have a password > reset link sent to their cellphone. If it's the latter then they have > email access. That's part of the lesson here. 2FA is not safer. It's > riskier. It's bringing an insecure, portable device into the mix and > trusting that device fully. 2FA is safer, provided the bad guys can not clone the SIM. > > And most people use webmail, or at least IMAPwith email left > online so that they can read it from multiple devices. So all email > is there. It's not farfetched to think that they might find enough > data there to log into banking. No one has to bank online. No one > has to leave email on someone's server. Texts can be deleted. But > how many people follow such simple security guidelines? You can > see from the posts here that a lot of people will argue "'til the > cows come home" rather than admit that e-lifestyle is risky. > > Another possible factor is online data hacks, which have become > very common. There was a case awhile back of a company in Florida > that was just a data wholesaler, buying and selling personal info. > They got hacked. So getting security question info that way is > possible. Right. > > The mystery here is why anyone thinks that dealing with > things like banking online, or putting important info in email left > indefinitely on servers, or leaving texts on one's phone, might be > safe. It's convenient. Period. > > Anyone who assumes they're safe conducting their life online > is simply an ostrich who doesn't want to know the facts. In > their defense, the facts are well hidden. But it's still ostrich > mentality, driven by laziness. -- Cheers, Carlos.
[toc] | [prev] | [next] | [standalone]
| From | Newyana2 <newyana@invalid.nospam> |
|---|---|
| Date | 2025-03-07 09:17 -0500 |
| Message-ID | <vqev43$3it3a$1@dont-email.me> |
| In reply to | #147046 |
On 3/6/2025 1:36 PM, Carlos E.R. wrote:
>> They're also getting
>> 2FA codes. With the email address they go to that and say they
>> forgot their password. Then there are two possiiblities. They may
>> need to know security questions, or they may have a password
>> reset link sent to their cellphone. If it's the latter then they have
>> email access. That's part of the lesson here. 2FA is not safer. It's
>> riskier. It's bringing an insecure, portable device into the mix and
>> trusting that device fully.
>
> 2FA is safer, provided the bad guys can not clone the SIM.
>
Exactly. But that's what happened. So, let's see,
we don't need raincoats as long as it never rains, thus
we don't need raincoats... Wait... :)
[toc] | [prev] | [next] | [standalone]
| From | "Carlos E.R." <robin_listas@es.invalid> |
|---|---|
| Date | 2025-03-07 16:16 +0100 |
| Message-ID | <f7fr9lxj34.ln2@Telcontar.valinor> |
| In reply to | #147079 |
On 2025-03-07 15:17, Newyana2 wrote: > On 3/6/2025 1:36 PM, Carlos E.R. wrote: > >>> They're also getting >>> 2FA codes. With the email address they go to that and say they >>> forgot their password. Then there are two possiiblities. They may >>> need to know security questions, or they may have a password >>> reset link sent to their cellphone. If it's the latter then they have >>> email access. That's part of the lesson here. 2FA is not safer. It's >>> riskier. It's bringing an insecure, portable device into the mix and >>> trusting that device fully. >> >> 2FA is safer, provided the bad guys can not clone the SIM. >> > Exactly. But that's what happened. So, let's see, > we don't need raincoats as long as it never rains, thus > we don't need raincoats... Wait... :) No. You are looking at it wrong. We need 2FA, and also we need secure practices by everyone involved on the handling of SIMS. Any weak link and you are at risk. And 2FA strengths the link. -- Cheers, Carlos.
[toc] | [prev] | [next] | [standalone]
| From | Chris <ithinkiam@gmail.com> |
|---|---|
| Date | 2025-03-08 10:30 +0000 |
| Message-ID | <vqh692$3klc$1@dont-email.me> |
| In reply to | #147079 |
Newyana2 <newyana@invalid.nospam> wrote: > On 3/6/2025 1:36 PM, Carlos E.R. wrote: > >>> They're also getting >>> 2FA codes. With the email address they go to that and say they >>> forgot their password. Then there are two possiiblities. They may >>> need to know security questions, or they may have a password >>> reset link sent to their cellphone. If it's the latter then they have >>> email access. That's part of the lesson here. 2FA is not safer. It's >>> riskier. It's bringing an insecure, portable device into the mix and >>> trusting that device fully. >> >> 2FA is safer, provided the bad guys can not clone the SIM. >> > Exactly. But that's what happened. And had it been you, a SIM swap is unnecessary as 2FA isn't required to compromise you. > So, let's see, > we don't need raincoats as long as it never rains, thus > we don't need raincoats... Wait... :) Wrong analogy. People with 2FA have raincoats when they need them, but may not be always necessary. You don't even own a raincoat so will always get wet if caught in the rain.
[toc] | [prev] | [next] | [standalone]
| From | Brian Gregory <void-invalid-dead-dontuse@email.invalid> |
|---|---|
| Date | 2025-03-06 16:37 +0000 |
| Message-ID | <m2u1avF9uqaU1@mid.individual.net> |
| In reply to | #147027 |
On 06/03/2025 13:54, Java Jive wrote: > But how would they know which banks, savings accounts, etc, to target > without additional information? They're hackers after money. They are not lazy. They try them one by one. Why would you think they wouldn’t bother to do that? -- Brian Gregory (in England).
[toc] | [prev] | [next] | [standalone]
| From | Java Jive <java@evij.com.invalid> |
|---|---|
| Date | 2025-03-06 19:53 +0000 |
| Message-ID | <vqcug0$345ts$1@dont-email.me> |
| In reply to | #147035 |
On 2025-03-06 16:37, Brian Gregory wrote: > > On 06/03/2025 13:54, Java Jive wrote: >> >> But how would they know which banks, savings accounts, etc, to target >> without additional information? > > They're hackers after money. They are not lazy. They try them one by > one. Why would you think they wouldn’t bother to do that? Doesn't sound likely to me, they want the money, but they wouldn't want to take unnecessary risks of getting caught, and randomly trying banks and financial organisations without the necessary identifying information such as account numbers would likely fail, and perhaps cause the police to be contacted. -- Fake news kills! I may be contacted via the contact address given on my website: www.macfh.co.uk
[toc] | [prev] | [next] | [standalone]
| From | Chris <ithinkiam@gmail.com> |
|---|---|
| Date | 2025-03-07 07:37 +0000 |
| Message-ID | <vqe7oc$3e9o6$1@dont-email.me> |
| In reply to | #147048 |
Java Jive <java@evij.com.invalid> wrote: > On 2025-03-06 16:37, Brian Gregory wrote: >> >> On 06/03/2025 13:54, Java Jive wrote: >>> >>> But how would they know which banks, savings accounts, etc, to target >>> without additional information? >> >> They're hackers after money. They are not lazy. They try them one by >> one. Why would you think they wouldn’t bother to do that? > > Doesn't sound likely to me, they want the money, but they wouldn't want > to take unnecessary risks of getting caught, How would they get caught? They're using stolen identities after all. Worst case scenario is that access is blocked. Also if the email account is webmail, they will have access to the old emails from e.g. your bank. > and randomly trying banks > and financial organisations without the necessary identifying > information such as account numbers would likely fail, Correct. Then move onto the next. > and perhaps cause > the police to be contacted. And they would do what, exactly?
[toc] | [prev] | [next] | [standalone]
| From | "Carlos E.R." <robin_listas@es.invalid> |
|---|---|
| Date | 2025-03-07 10:46 +0100 |
| Message-ID | <3srq9lxm26.ln2@Telcontar.valinor> |
| In reply to | #147057 |
On 2025-03-07 08:37, Chris wrote: > Java Jive <java@evij.com.invalid> wrote: >> On 2025-03-06 16:37, Brian Gregory wrote: >>> >>> On 06/03/2025 13:54, Java Jive wrote: >>>> >>>> But how would they know which banks, savings accounts, etc, to target >>>> without additional information? >>> >>> They're hackers after money. They are not lazy. They try them one by >>> one. Why would you think they wouldn’t bother to do that? >> >> Doesn't sound likely to me, they want the money, but they wouldn't want >> to take unnecessary risks of getting caught, > > How would they get caught? They're using stolen identities after all. Worst > case scenario is that access is blocked. At some point they need to cash or transfer the moneys to their own account. This probably happens on some country that doesn't collaborates much with the police of other countries. > > Also if the email account is webmail, they will have access to the old > emails from e.g. your bank. > >> and randomly trying banks >> and financial organisations without the necessary identifying >> information such as account numbers would likely fail, > > Correct. Then move onto the next. > >> and perhaps cause >> the police to be contacted. > > And they would do what, exactly? > > > -- Cheers, Carlos.
[toc] | [prev] | [next] | [standalone]
| From | Java Jive <java@evij.com.invalid> |
|---|---|
| Date | 2025-03-07 13:24 +0000 |
| Message-ID | <vqes1l$3i7oj$1@dont-email.me> |
| In reply to | #147048 |
On 2025-03-06 19:53, Java Jive wrote:
>
> On 2025-03-06 16:37, Brian Gregory wrote:
>>
>> On 06/03/2025 13:54, Java Jive wrote:
>>>
>>> But how would they know which banks, savings accounts, etc, to target
>>> without additional information?
>>
>> They're hackers after money. They are not lazy. They try them one by
>> one. Why would you think they wouldn’t bother to do that?
>
> Doesn't sound likely to me, they want the money, but they wouldn't want
> to take unnecessary risks of getting caught, and randomly trying banks
> and financial organisations without the necessary identifying
> information such as account numbers would likely fail, and perhaps cause
> the police to be contacted.
It seems very likely that I was correct. Rereading the original BBC
report, there is a single sentence which most of us seem to have missed
on first reading ...
"O2 Virgin Media confirmed the scammer telephoned its call centre
requesting a new Sim and had hacked Stephen's emails."
... so, as I had supposed, they were reading the victim's emails, and
that is how they knew:
- His various account details;
- There was enough in them to be worth setting up the SIM swap scam.
--
Fake news kills!
I may be contacted via the contact address given on my website:
www.macfh.co.uk
[toc] | [prev] | [next] | [standalone]
| From | Newyana2 <newyana@invalid.nospam> |
|---|---|
| Date | 2025-03-07 09:38 -0500 |
| Message-ID | <vqf0ca$3j5oo$1@dont-email.me> |
| In reply to | #147073 |
On 3/7/2025 8:24 AM, Java Jive wrote: > It seems very likely that I was correct. Rereading the original BBC > report, there is a single sentence which most of us seem to have missed > on first reading ... > > "O2 Virgin Media confirmed the scammer telephoned its call centre > requesting a new Sim and had hacked Stephen's emails." > It's confusing, but that seems to be backward. The scammer called the phone company, giving email and name to get the cellphone number, then initiated a SIM swap. That, then, gave him the means to change the passwords. It would be interesting to see a security expert look at this in detail. There are many reports online, but they all seem to be reprints of one poorly researched article.
[toc] | [prev] | [next] | [standalone]
| From | Nick Finnigan <nix@genie.co.uk> |
|---|---|
| Date | 2025-03-07 15:35 +0000 |
| Message-ID | <vqf3oc$1aivq$4@dont-email.me> |
| In reply to | #147081 |
On 07/03/2025 14:38, Newyana2 wrote: > On 3/7/2025 8:24 AM, Java Jive wrote: > >> It seems very likely that I was correct. Rereading the original BBC >> report, there is a single sentence which most of us seem to have missed >> on first reading ... >> >> "O2 Virgin Media confirmed the scammer telephoned its call centre >> requesting a new Sim and had hacked Stephen's emails." >> > > It's confusing, but that seems to be backward. The scammer > called the phone company, giving email and name to get the > cellphone number, then initiated a SIM swap. That, then, gave him > the means to change the passwords. No, the scammer called EDF to get the mobile phone number.
[toc] | [prev] | [next] | [standalone]
| From | Andy Burns <usenet@andyburns.uk> |
|---|---|
| Date | 2025-03-07 15:46 +0000 |
| Message-ID | <m30imsFlmpmU1@mid.individual.net> |
| In reply to | #147081 |
Newyana2 wrote: > It would be interesting to see a security expert look at this > in detail. But they're not going to publish detail ... it'd be a scammer's text book.
[toc] | [prev] | [next] | [standalone]
| From | Theo <theom+news@chiark.greenend.org.uk> |
|---|---|
| Date | 2025-03-14 18:49 +0000 |
| Message-ID | <buh*n6r9z@news.chiark.greenend.org.uk> |
| In reply to | #147081 |
In comp.mobile.android Newyana2 <newyana@invalid.nospam> wrote: > On 3/7/2025 8:24 AM, Java Jive wrote: > > > It seems very likely that I was correct. Rereading the original BBC > > report, there is a single sentence which most of us seem to have missed > > on first reading ... > > > > "O2 Virgin Media confirmed the scammer telephoned its call centre > > requesting a new Sim and had hacked Stephen's emails." > > > > It's confusing, but that seems to be backward. The scammer > called the phone company, giving email and name to get the > cellphone number, then initiated a SIM swap. That, then, gave him > the means to change the passwords. > > It would be interesting to see a security expert look at this > in detail. There are many reports online, but they all seem to be > reprints of one poorly researched article. The radio programme is here and starts at 40m50s (not sure if BBC Sounds is geoblocked but I don't think so): https://www.bbc.co.uk/sounds/play/m0028bj1 In brief: - received a text from O2 (mobile operator) saying he'd changed his password - contacted O2 straightaway and told SIM had been swapped - told they'd stop that and send out a new SIM card, emailed to confirm - next morning, email from EDF (energy supplier) asking for feedback on recent contact with customer services - called EDF, told they'd pass it on to the fraud section and get back to him - nothing happened for over a week - called O2 again to make sure everything was stopped, put through to fraud department - just after received an email saying new SIM card had been sent out, connected to a different number. Queried with fraud department, said didn't know, need to go to an O2 shop - O2 shop couldn't do much as account had been stopped, couldn't look at it - told them to check his emails - contacted Virgin Media (ISP, merged with O2), told he'd changed his password, had to go through changing password back again, told they'd pass it to the fraud section - thus far not had a conversation with any fraud section - contacted various banks to check everything is ok, told they'd put in extra security - tried to make a payment on Nationwide card, couldn't go through because they couldn't use the landline for the OTP. Told there was a problem with the card, need to go to a Nationwide branch. - told someone had attempted to use the credit card for £200 of voucher codes, had been stopped. Gave two extra passwords to enhanced security. - got an email from National Savings &I to say password had been changed - rang NS&I straight away to say it hadn't, went through very long procedure to verify who he was and get a new password - after an hour, told you'd taken out a large amount of premium bonds, over £40k - NS&I fraud rang the next day, explained they had suspicions but asked for the money to come back, could be 15 working days - only way to get anywhere with O2, VM, EDF is to pay for Linkedin Premium and have access to messaging the executives. - Senior EDF executive contacted, listened to the call with the fraudster, said like it didn't sound like him at all. Seemed to have name and email address, asked EDF for mobile number and was given out to them. - Told scammer had gone through security just with name and email address. Offered £50 goodwill gesture for closing the case. Since agreed it has been a data breach. NS&I say he will be refunded fully. EDF say security procedures were followed but subsequently recognised it was fraud. VMO2 says scammer had called them and passed security. Expert says this all started from Ofcom (regulator) making it easier to change mobile provider in under 2 mins. Some mobile operators thinking in that way and not thinking about scams - can switch within networks without even needing the code. ---- Speculating, I would guess they started with the SIM swap. I don't know the O2 procedure, but it's possible to have SIMs which are unregistered or only lightly registered (eg no online account). In that case there isn't much security information the operator has, or it could be easy to find out (pet's name, place of birth, etc). Scammer contacts the provider to say you broke your SIM card and need a new one and they don't have very much to authenticate you. If they can make that stick they can maybe then do a password reset on the email which uses SMS as a recovery mechanism, and then they're in. Theo
[toc] | [prev] | [next] | [standalone]
| From | Nick Finnigan <nix@genie.co.uk> |
|---|---|
| Date | 2025-03-15 09:53 +0000 |
| Message-ID | <vr3ind$34sjd$1@dont-email.me> |
| In reply to | #147160 |
On 14/03/2025 18:49, Theo wrote: > > Speculating, I would guess they started with the SIM swap. I don't know the > O2 procedure, but it's possible to have SIMs which are unregistered or only > lightly registered (eg no online account). In that case there isn't much > security information the operator has, or it could be easy to find out > (pet's name, place of birth, etc). Scammer contacts the provider to say you > broke your SIM card and need a new one and they don't have very much to > authenticate you. Is that SIM card in a phone which they can still see on their network? If they can make that stick they can maybe then do a > password reset on the email which uses SMS as a recovery mechanism, and then > they're in. > > Theo
[toc] | [prev] | [next] | [standalone]
| From | Java Jive <java@evij.com.invalid> |
|---|---|
| Date | 2025-03-15 11:46 +0000 |
| Message-ID | <vr3pav$3eto7$1@dont-email.me> |
| In reply to | #147160 |
On 2025-03-14 18:49, Theo wrote: > > Speculating, I would guess they started with the SIM swap. The original report suggests that they started with an email hack, and used that to facilitate the SIM swap. -- Fake news kills! I may be contacted via the contact address given on my website: www.macfh.co.uk
[toc] | [prev] | [next] | [standalone]
| From | Newyana2 <newyana@invalid.nospam> |
|---|---|
| Date | 2025-03-15 08:35 -0400 |
| Message-ID | <vr3s4m$3hdbg$1@dont-email.me> |
| In reply to | #147163 |
On 3/15/2025 7:46 AM, Java Jive wrote:
> On 2025-03-14 18:49, Theo wrote:
>>
>> Speculating, I would guess they started with the SIM swap.
>
> The original report suggests that they started with an email hack, and
> used that to facilitate the SIM swap.
>
That's not what it said. "Suggests" gets into speculation.
The reoprt does imply that conning the phone company
into a SIM swap was where it started. Which also makes
the most sense. The point being that if you have someone's
phone then you have their texts, email, etc. So the rest is fairly
simple. His email server then assumes 2FA is adequate to let
him change his email password, so the scammer doesn't
need answers to security questions. It all centers on the
cellphone being depended upon as the most secure identity.
In that scenario, the scammer only needs some public facts,
like the email addess, name, maybe street address, etc. A
casual friend could have those things, or they might be found
in a data dump online. So the weak points are 2FA and the
human factor. The phone company wants to help, doesn't want
to anger the customer, so they can sometimes be tricked.
Though it would be interesting if this story is ever clarified
officially. Maybe they avoided details in order not to give
other scammers ideas. Taking away all human factors is also
a problem.
Meanwhile, I look forward to seeing a Bill Murray movie,
where his cellphone dies and he begins a comedic odyssey,
trying to convince everyone from his employer to his family
that he exists. (His family haven't looked up from their cellphones
for 30 years, so naturally they assumed that poor Bill died
when he stopped answering texts... and they don't know what
he looks like. Maybe they could call it Brazil 2.0. :)
[toc] | [prev] | [next] | [standalone]
| From | Java Jive <java@evij.com.invalid> |
|---|---|
| Date | 2025-03-15 17:53 +0000 |
| Message-ID | <vr4ere$eqk$1@dont-email.me> |
| In reply to | #147164 |
On 2025-03-15 12:35, Newyana2 wrote: > On 3/15/2025 7:46 AM, Java Jive wrote: >> On 2025-03-14 18:49, Theo wrote: >>> >>> Speculating, I would guess they started with the SIM swap. >> >> The original report suggests that they started with an email hack, and >> used that to facilitate the SIM swap. > > That's not what it said. Look back directly up thread to my post of 2025-03-06 19:53, where I quote the single sentence in the original report that stated that an email hack had occurred before the SIM-swap scam was done. -- Fake news kills! I may be contacted via the contact address given on my website: www.macfh.co.uk
[toc] | [prev] | [next] | [standalone]
| From | Theo <theom+news@chiark.greenend.org.uk> |
|---|---|
| Date | 2025-03-15 19:27 +0000 |
| Message-ID | <cuh*Rux9z@news.chiark.greenend.org.uk> |
| In reply to | #147167 |
In comp.mobile.android Java Jive <java@evij.com.invalid> wrote: > On 2025-03-15 12:35, Newyana2 wrote: > > On 3/15/2025 7:46 AM, Java Jive wrote: > >> On 2025-03-14 18:49, Theo wrote: > >>> > >>> Speculating, I would guess they started with the SIM swap. > >> > >> The original report suggests that they started with an email hack, and > >> used that to facilitate the SIM swap. > > > > That's not what it said. > > Look back directly up thread to my post of 2025-03-06 19:53, where I > quote the single sentence in the original report that stated that an > email hack had occurred before the SIM-swap scam was done. What's a complicating factor is that Virgin Media O2 is both his mobile phone provider and his email provider. I don't know how integrated VM and O2 systems are since the merger, but it's possible one login allows access to both the emails and the mobile account. That is an unfortunate single point of failure. Theo
[toc] | [prev] | [next] | [standalone]
Page 5 of 7 — ← Prev page 1 2 3 4 [5] 6 7 Next page →
Back to top | Article view | comp.mobile.android
csiph-web