• @[email protected]
    link
    fedilink
    English
    131 year ago

    I think the fault lies squarely in the hands of telcos. They’re meant to send you an SMS or call you to confirm any port before it happens. If they’re not following those rules they should be held liable.

    On another note I wish banks and other financial institutions would provide other 2FA options in addition to SMS. It’s just crazy that I have better security tech on my Steam account than my bank account.

    • Gloomy Bagel 🥯
      link
      fedilink
      English
      71 year ago

      but they call and pretend to be you and get the number ported to the SIM they have

      check out the Hot Swaps episode of Darknet Diaries

      • a1studmuffin
        link
        fedilink
        English
        3
        edit-2
        1 year ago

        But shouldn’t part of that process involve verifying the customer on the phone is currently in possession of the number? ie. Sending a text with a code and having you read the code back to them. Perhaps they manage this by fooling the victim into giving them that info through some other method.

        Edit: thanks for the podcast recommendation btw, subscribed and downloading now!

        • @T156
          link
          English
          21 year ago

          They usually do the latter, by pretending to have lost their phone, and verifying through some other means, whether that be from the code, or questions.

          • a1studmuffin
            link
            fedilink
            English
            31 year ago

            Yeah I listened to the podcast recommended a few replies back, great episode if you haven’t listened already - it’s hilarious how easily they can social engineer their way into accounts once they know the process:

            https://darknetdiaries.com/episode/118/

    • a1studmuffin
      link
      fedilink
      English
      61 year ago

      This has baffled me for years - why don’t they allow MFA through Google Authenticator or equivalent? Especially when this has been a known security issue for so long. Aussie banks are really behind the times on this one.