This is a MUST READ [if you are a mobile phone user [and everyone is ! ]]. [Originally posted May 24]
This is neither paranoia nor distrust. Neither skepticism nor suspicion. Just stating the facts straight up front. Mobile-based transactions have skyrocketed by leaps and bounds the past 2 years more than any other time in the past. That's not the headline though because the past 2 months [no thanks to COVID-19] we have been witnessing that unprecedented spike in mobile-based payments, among others.
PayPal, Google Wallet, Payoneer, you name it, these are secure payment platforms so there should be no apprehensions therein BUT where's the fear ? The fear crops up if and when you share too much of your personal information [so easily, effortlessly]. Your full name, well that's a given. BUT your date of birth ? Your residential address ? Your billing address ? Be very very wary [and worried] to toss out those critically important personal data out in the web. WHY ?
Now, this is as clear as water. For those with mobile postpaid plans, all it takes is for any unscrupulous person to pickup the phone and call your MNO [mobile network operator] a.k.a. TelCo [in many countries]. And when the MNO/Telco service desk/call center agent picks up that purported call coming from YOU [and not from him], that agent will politely advise you that for validation purposes, you will be prompted with some 'validation questions' and what could those be ? Surely you know those 'validation questions', right ? YOUR date of birth. YOUR billing address. And is that it ? Yes, in 99% of of those calls to the MNO/Telco service desk/call center, that's all it takes for any fraudster, any Tom, Dick and Harry to get through that level of authentication. BTW, most of our mobile applications are not even into the realms of 2FA [2-factor authentication] or MFA [multi-factor authentication].
Now, what happens next when that call from the fraudster gets pass through that service desk/call center agent ? There's a plethora of probabilities that can happen next but we'll share with you just 2 probabilities that will be akin to the 'last nail on the coffin'.
SIM SWAP
That fraudster caller will concoct a story that he's not receiving calls and text messages in his SIM card and instantly, the fraudster will request for a SIM SWAP. Simply put, once your MNO/Telco service desk/call center agent does the SIM SWAP, once that new SIM number gets activated [BTW even in the third world countries, generally a new SIM card gets activated within an hour], all incoming PIN authentications and messages coming from your bank will all be redirected to that new SIM card, phew ! Ba-bye to that SIM card you kept clinging on. But that's not the end of this 'horror story'.
CALL DIVERT
1+1=2. It's as basic as that. After the fraudster-caller gets his SIM SWAPPED number, he follows through with a seemingly innocent request: PLEASE DIVERT the calls from the PREVIOUS SIM to the SWAPPED SIM. That's it. For mobile payment platforms featuring MFA [multi-factor authentication] wherein on top of a PIN authentication number, the customer is authenticated verbally via VOICE RECOGNITION. And hey, BTW, my banker here features an IVR [interactive voice recognition] too but where's the crack ? if there is a 'MISMATCH' and the IVR validation fails, that service desk/call center agent will [so comfortably assuage your apprehensions by assuring you NOT TO WORRY because you will be sent instead a PIN authentication number via text message bypassing and overriding the supposedly crack-proof voice recognition !
That's it. It's GAME OVER ! All it takes is for SIM SWAP and CALL DIVERT to happen and it opens up the floodgates and by the time you could [probably] detect it, in today's digital world, all it takes is a flip of seconds and it's GAME OVER.
To be forewarned is to be forearmed.
[as of today, Oct 14, 2020], Sharing the screenshots below, reminders from the bank. What this means, these predators preying on us and becoming more brazen especially during this long-drawn pandemic where and when mobile banking/transactions are part of the 'new normal'.
p.s. Have you seen your phone's Call Logs? Unknown numbers calling? And these callers will present themselves as bonafide employees of your bank! These predators are lurking around. Again, TO BE FOREWARNED is to be FOREARMED.
No comments:
Post a Comment