How an SMS phishing attack works.
This victim gave up the code for their own bank account.
@fifonetworks wait, how the heck does "i used to own your number many years ago" even work?
doesn't every cellphone user get a _new_ number?
@devurandom When a customer gives up their phone number for any reason, the carriers put it on ice for a period of time, according to their aging algorithm. It may be up to a year, or as little as 30 days. Then the number is available for assignment again.
@fifonetworks I think the original post was from @firstname.lastname@example.org.
His claim is that he actually got access to his own account, that was connected to a former phone number.
@fifonetworks Those numbers aren't censored properly. I see this all the time and wonder why people won't use the rectangle coloring tool instead.
@fifonetworks he is a life saver, he just paid someone's rent, and maybe a little more than that
Frankly I think it's the bank's fault for not saying something like "here's the code for your account at x bank"
@fifonetworks this is false, the original tweet says that the request was legit "but they could've been giving up the code to anything"
bank fraud discussion
@knittingsquirrel @fifonetworks I don't think this is making fun, so much as educating about a basic mistake that anyone can (and should not) make. You don't trust people you don't know with your bank codes, even if they say they know you.
Also, what's a positive way to use "victim"? I think it's actually euphemistic here--a "negative" usage would be to call this poor person complicit in the theft of their own identity. Which we obviously don't want to do.
bank fraud discussion
@DialMforMara could be translation mistake, idk. in German it would be different to say "victim of xy criminality"/became vistim of... idk, is it the same in English? in German victim is currently used as a pejorativ. which i find highly problematic.
also it doesn't say "be warned, that's the strategies they use". in my ears it sounds very much like looking down at the person. idk.
but not too fond of discussions either so it would be ok to leave it, like it is...
@fifonetworks wow 😮
@fifonetworks Also, there is the old "call the customer's cell phone provider, claim to be them, assign their account to a burner phone, and get the target's SMS messages directly."
MANY people have lost bitcoin this way as scammers take over high value target phone accounts just long enough to authenticate to their bitcoin exchange accounts and drain them.
SMS is not secure.
@fifonetworks normally the code comes with some context though. If it comes from my bank, I'd have to stop and think...
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!