CrowdStrike details a campaign that combines social engineering, smishing and remote code execution to infiltrate the systems of telcos, sometimes with the intention to perform SIM swaps.
Twitter accounts were created solely to generate revenue for telcos from two-factor authentication SMS messages.
Over 130 companies have been compromised by a series of attacks that built upon the data first obtained from telcos.
Businesses like Whatsapp are intentionally using the A-number of calls that are not connected as a free mechanism for passing data to apps on a user’s phone.
Canadian law generally prohibits the naming of offenders aged 17 or under.
Crooks are selling software that automates social engineering. Bots call targets and ask for one-time passwords that are used to take control of bank, cryptocurrency and PayPal accounts.
The Number Verify product checks if a phone number submitted via a web form matches the number of the device being used.
Criminals made withdrawals from bank accounts linked to payment apps provided by Japan’s leading mobile operator and five other businesses.
Criminals phone staff as they work at home, then tell them to log on to phishing websites that look like corporate portals.
The US Federal Bureau of Investigation wants businesses to consider using stronger authentication methods like biometrics.