Recycle Your Phone, Sure, But Maybe Not Your Number

Credit to Author: BrianKrebs| Date: Wed, 19 May 2021 15:13:30 +0000

Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can be devastating. Even so, plenty of people willingly abandon a mobile number without considering the potential fallout to their digital identities when those digits invariably get reassigned to someone else. New research shows how fraudsters can abuse wireless provider websites to identify available, recycled mobile numbers that allow password resets at a range of email providers and financial services online.

Read more

Fintech Startup Offers $500 for Payroll Passwords

Credit to Author: BrianKrebs| Date: Mon, 10 May 2021 14:25:37 +0000

How much is your payroll data worth? Probably a lot more than you think. One financial startup that’s targeting the gig worker market is offering up to $500 to anyone willing to hand over the payroll account username and password given to them by their employer, plus a regular payment for each month afterwards in which those credentials still work.

Read more

Maine inches closer to shutting down ISP pay-for-privacy schemes

Credit to Author: David Ruiz| Date: Wed, 05 Jun 2019 15:00:00 +0000

Unlike a data privacy proposal in the US and a new data privacy law in California, the Maine data privacy bill aimed at Internet Service Providers (ISPs) explicitly shuts down any pay-for-privacy schemes.

Categories:

Tags:

(Read more…)

The post Maine inches closer to shutting down ISP pay-for-privacy schemes appeared first on Malwarebytes Labs.

Read more

A week in security (February 4 – 8)

Credit to Author: Malwarebytes Labs| Date: Mon, 11 Feb 2019 17:05:33 +0000

A roundup of security news from February 4 – 8, including Facebook’s secure messaging integration, Google’s changes to URLs, a scam involving the Kindle store and John Wick, and more.

Categories:

Tags:

(Read more…)

The post A week in security (February 4 – 8) appeared first on Malwarebytes Labs.

Read more

Bug Bounty Hunter Ran ISP Doxing Service

Credit to Author: BrianKrebs| Date: Fri, 09 Nov 2018 20:52:01 +0000

A Connecticut man who’s earned “bug bounty” rewards and public recognition from top telecom companies for finding and reporting security holes in their Web sites secretly operated a service that leveraged these same flaws to sell their customers’ personal data, KrebsOnSecurity has learned.

Read more

Busting SIM Swappers and SIM Swap Myths

Credit to Author: BrianKrebs| Date: Wed, 07 Nov 2018 05:49:37 +0000

KrebsOnSecurity recently had a chance to interview members of the REACT Task Force, a team of law enforcement officers and prosecutors based in Santa Clara, Calif. that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. Snippets from that fascinating conversation are recounted below, and punctuated by accounts from a recent victim who lost more than $100,000 after his mobile phone number was hijacked.

Read more

U.S. Mobile Giants Want to be Your Online Identity

Credit to Author: BrianKrebs| Date: Wed, 12 Sep 2018 20:58:31 +0000

The four major U.S. wireless carriers today detailed a new initiative that may soon let Web sites eschew passwords and instead authenticate visitors by leveraging data elements unique to each customer’s phone and mobile subscriber account, such as location, customer reputation, and physical attributes of the device. Here’s a look at what’s coming, and the potential security and privacy trade-offs of trusting the carriers to handle online authentication on your behalf.

Read more