More than 16,000 mobile phones were hijacked and bank accounts were hijacked



[ad_1]

The criminals emulated the phones of 16,000 users, who were also able to bypass two-step authentication. Victims often noticed the loss much later, Computerworld writes of the latest mobile fraud.

A recurring mantra for IT security professionals is for users to configure two-step authentication for web services for their own security: for example, to request a fingerprint scan in addition to the password, or to choose a code access sent by SMS. However, the latter has been shown to be easy for scammers to use: Microsoft has now warned that two-factor authentication using smst is not the most secure, and IBM Trusteer researchers have discovered a new theft method.

Scammers manage to steal millions of dollars from online bank branches using phone emulators. They manage to fool the banks’ access system and “imitate” 16,000 mobile users, which means that they managed to log into accounts whose data was previously obtained in some way with the ID they received in the text, Computerworld writes about the method, whose essence is, that they pretended that users were trying to access their account, but the verification code did not reach the mobile phone of the original owner, but virtual phones managed by scammers.

“The data sources, scripts and custom applications created by the attackers were part of a comprehensive and automated process that provided them with a speed that allowed them to obtain millions of dollars from the victim banks.” – read the IBM Trusteer announcement.

The PSD2 regulation came into force in 2021, which establishes new security requirements in banking access, which you can read about here.



[ad_2]