How Scammers Are Using Two-Factor Authentication To Commit Fraud - Reportgist

How Scammers Are Using Two-Factor Authentication To Commit Fraud

Reportgist
7 Min Read
- Advertisement -

Two-factor authentication (2FA) is a method that allows users to gain access to their accounts and devices by presenting two separate and distinct forms of identification. A common form of second authentication is a text code sent to your smartphone. The idea behind 2FA is to prevent thieves from easily taking control of your devices and accounts with little more than a stolen password.>>>CONTINUE FULL READING HERE

Most people are familiar with the process of two-factor authentication, as it has been a prevailing method of authentication in the last two decades, utilized by virtually every financial institution, phone carrier, email service provider, online store, social media site and more digital spaces. Apple’s recent iOS update even offers a feature that automatically inputs and then deletes text codes to keep the volume of one-time text codes users routinely receive from cluttering iPhones.

- Advertisement -

To no one’s surprise, scammers have now devised a way to manipulate the two-factor authentication preventive system to achieve their ends. The Federal Communications Commission makes a subtle yet important distinction between two methods commonly used by scam artists to take advantage of 2FA and, in turn, take control of “consumers’ cell phone accounts and wreak havoc on people’s financial and digital lives without ever gaining physical control of a consumer’s phone.”

The first method, SIM swapping, starts when a cybercriminal obtains just enough personal information, by way of phishing schemes, leaked account credentials or other means. They are then able to trick their victim’s cell service provider into thinking they switched to a new provider. At that point, they’ve transferred the victim’s cell number to a new device and effectively gained control over their cell phone and stored data. All calls and text messages are routed directly to the scammer. Once the SIM-swapping is complete, 2FA, once a tool to prevent fraud, in the hands of scammers becomes a master key to open all doors; accessing the victim’s every bank account, email address, online shopping account, social media account and more.

- Advertisement -

The signs that one has become a victim of a SIM swapping scheme are usually overt: your cellphone will not be able to make or receive calls/texts. But in some cases, the signs can be subtle enough to lull victims into underestimating the extent of the damage.

Take, for example, the story of Sharon Hussey, a woman living in Maryland. Hussey received an email from a Verizon store in California thanking her for purchasing a new phone. She did not make this purchase, nor is she in California, so she reasonably assumed that this email was sent to her by mistake. Several minutes later, she learned her Bank of America account had been compromised and the contact information linked to her account had been changed. She hurriedly tried to make a call to the bank, only to discover that her cell phone could not make or receive calls. She found another phone to call the bank but was unable to verify her identity to the representative on the phone because her two-factor authentication code had been sent not to her but to the person committing fraud against her. In mere minutes, $17,000 was wiped from her account.

- Advertisement -

It took months of fighting several denied claims from Bank of America to finally restore her balance.

The other method scammers use to exploit the two-factor authentication system against consumers is committing port-out fraud, where cybercriminals open an account with a different cell phone carrier other than the service provider their victim uses. While this may sound a lot like the SIM swapping scheme, the subtle difference here is that the cybercriminal will contact the provider they just set up a new account with and request your number be transferred out to it, whereas SIM swapping merely involves activating a new SIM card, sometimes with your existing cell service provider.

The end result is similar, however: Once the port-out is complete, scammers then use two-factor authentication to gain boundless access to their victims’ digital and financial information and manipulate whatever they wish.

Both malicious methods of committing fraud by two-factor authentication are skyrocketing in the last few years, according to the FBI, which recommends consumers take precautionary measures to avoid falling prey to these scammers. Some of these measures include not advertising information about financial assets, including ownership or investments on social media or forums, even if your account is private, as well as not storing passwords, usernames or other information for easy login on mobile device applications.

In the last few months, the FCC has announced several new rule implementations aimed at thwarting the efforts of these scammers, as well as attempting to standardize the protocol across different cell service providers in how they verify a user’s identity. Any positive change that may come as a result of these newly implemented rules will remain to be seen. Luckily, the law already provides an avenue to remedy damage as a result of scams or identity theft in many of the forms it takes, and firms like my own help victims of fraud and identity theft no matter what scheme the perpetrators devise.

The information provided here is not investment, tax or financial advice. You should consult with a licensed professional for advice concerning your specific situation.>>>CONTINUE FULL READING HERE

- Advertisement -
Share This Article
Leave a comment

Leave a Reply