• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Sim Swap Attacks are a Thing? Man Loses Life Savings.

Page 3 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
BarkingGhostar said:
Trust your cell phone with banking? LOLOLOLOLOLOLOL I've got a couple of bridges for sale out in the Mojave.
Click to expand...

Most people do this today. Look at Apple, Google Pay. I have a Fitbit and my bank card is attached to it. It makes shopping super simple.

Maybe I should delete the card?
 
s0me0nesmind1 said:
Does FDIC protect against any of these things?

I guess it's a good thing that I don't keep all my money in one place, and have it randomly invested in different Savings, CDs, and investment accounts across a handful of different platforms.
Click to expand...
I would assume the bank or my broker would protect me somehow and make me whole again if something like this was ever happen to me. But FDIC insurance is only good up to $250k. If you have more than that in one bank, you need private insurance. My broker has a program where they automatically rollover my excess cash to multiple banks to keep me under the $250k limit so I'm FDIC covered up to like $2.75 million cash. Above $2.75 million, my broker will personally guarantee which isn't good as FDIC guarantee.
 
ponyo said:
I would assume the bank or my broker would protect me somehow and make me whole again if something like this was ever happen to me. But FDIC insurance is only good up to $250k. If you have more than that in one bank, you need private insurance. My broker has a program where they automatically rollover my excess cash to multiple banks to keep me under the $250k limit so I'm FDIC covered up to like $2.75 million cash. Above $2.75 million, my broker will personally guarantee which isn't good as FDIC guarantee.
Click to expand...

That's a problem I wouldn't mind having heh.

While I have a net worth well over $250k, it is well spread out across 401ks, IRAs, bank accounts, CDs, across multiple vendors.

I still do question though if FDIC covers something like this though - are you sure?
 
s0me0nesmind1 said:
That's a problem I wouldn't mind having heh.

While I have a net worth well over $250k, it is well spread out across 401ks, IRAs, bank accounts, CDs, across multiple vendors.

I still do question though if FDIC covers something like this though - are you sure?
Click to expand...
I think FDIC only covers bank failures so fraud like this have to be covered by the bank or broker liability insurance or by the bank or broker themselves. FDIC wouldn't get involved.

But stuff like FDIC is very important to know and consider as your net worth increases and you hold outsize cash position.
 
Svnla said:
I read an article a couple days ago about how Google is planning to do end to end encryption message system between users so no one could intercept/read the messages.

Google is rolling out end-to-end encryption for RCS in Android Messages beta - The Verge


Hopefully it and new systems such as biometric will help with problems like this in the op.

The phone SMS and 2FA are getting worse and worse with hackers.
Click to expand...
Privacy and security is why I switched from Google Android to Apple iPhone. I trust Apple way more with my security and privacy than Google or any other tech company.
 
s0me0nesmind1 said:
That's a problem I wouldn't mind having heh.

While I have a net worth well over $250k, it is well spread out across 401ks, IRAs, bank accounts, CDs, across multiple vendors.

I still do question though if FDIC covers something like this though - are you sure?
Click to expand...

I'm not sure if investment accounts are generally covered. I'm pretty sure 401ks are not; some IRAs may be.
 
Come to think of it, isn't there a big red flag and bells that go off the minute you try to move more than 10k? I wonder how 1M was allowed to be moved without any form of intervention. Moving such a large amount of money within a personal or even small business account is not exactly a normal day to day operation.
 
Mai72 said:
Most people do this today. Look at Apple, Google Pay. I have a Fitbit and my bank card is attached to it. It makes shopping super simple.

Maybe I should delete the card?
Click to expand...
I work for the cellular industry. I do not trust my employer, or any of their peering entities. I use them for voice, occasional candid texting and that's about it. Only once in the past 15 years have I gone over my household's meager 2GB of data allowance. Why should I have to when I work from home most of the time and have several desktops that can do a better job at it. Nothing is so important that it needs to be rushed right away in terms of banking. And using things like Uber, which is very minimal, the app doesn't stay on my phone. I reinstall it every time I need it--so rare as not to be a burden.

Maybe it is because I am old school, but think most doing the opposite of me are either ignorant or just don't give a damn about their privacy, money or identity. I pity no one doing banking on the cell phone and if they get smacked, then maybe it'll be from the hand of enlightenment.
 
I have a few finance things tied into my phone but not much. A checking account with a small balance so I can easily use venmo. And a couple of credit cards. But everything else is isolated in a way that the financial institution or my broker would be liable if anything happened
 
I thought this was well-known? A few prominent YouTuber / influencer accounts were hacked years ago after attackers social engineered mobile phone service reps to move the targets' phone numbers onto new SIMs. I've always preferred to use an authentication app. It doesn't require a signal or any network access at all. Combined with strong passwords / strong pin codes and biometric security, it's unlikely someone can do the same thing to me. Still, there are some services that I can't use with an authenticator app, but thankfully those can't be used to reset my other accounts.
 
I still don't get how this happens though, isn't the whole point of two factor auth that there are two factors? How are they stealing the account with only the SIM? Don't you still need the password too? Or do some sites let you not put a password at all if you use two factor?
 
Red Squirrel said:
I still don't get how this happens though, isn't the whole point of two factor auth that there are two factors? How are they stealing the account with only the SIM? Don't you still need the password too? Or do some sites let you not put a password at all if you use two factor?
Click to expand...
They call the mobile phone company and pretend to be you. They give some story about switching phones and they convince the representative to move your phone number onto a new SIM card. Then they have your phone number and they receive your text messages.

You lose your phone number until you prove your identity to the phone provider to get it back.
 
Ichinisan said:
They call the mobile phone company and pretend to be you. They give some story about switching phones and they convince the representative to move your phone number onto a new SIM card. Then they have your phone number and they receive your text messages.

You lose your phone number until you prove your identity to the phone provider to get it back.
Click to expand...

Yeah I get that part, but don't you also need a password to get into a two factor account? Like normally you need to login with username and password, and then it will prompt for the code.
 
Red Squirrel said:
Yeah I get that part, but don't you also need a password to get into a two factor account? Like normally you need to login with username and password, and then it will prompt for the code.
Click to expand...

Some websites let you reset the password with just the two-factor part (yes very stupid).
Other websites might also ask you for some basic information like birth date or pets name too, but people often post that on facebook.
 
KB said:
Some websites let you reset the password with just the two-factor part (yes very stupid).
Other websites might also ask you for some basic information like birth date or pets name too, but people often post that on facebook.
Click to expand...

Oh wow yeah that's shitty design then lol. And yeah I hate the ones that ask "secret" questions. I usually just make another password and use that password as the answer lol.
 
Red Squirrel said:
Yeah I get that part, but don't you also need a password to get into a two factor account? Like normally you need to login with username and password, and then it will prompt for the code.
Click to expand...
Many password reset processes involve a text message or phone call. When they have your phone number, they can usually reset one or two of your passwords, unlocking access to more information they can use to access and reset your other accounts.

If they get into your main email, they can basically get into anything.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top