dcsimg
Results 1 to 5 of 5

Thread: Social engineering cellphone attacks

  1. #1
    Junior Member
    Join Date
    May 2018
    Posts
    1

    Social engineering cellphone attacks

    Hello everyone - first post here, thank you in advance for your feedback.

    I have heard about social engineering attacks where someone goes into a wireless store, impersonates me, and gets a new SIM on my account. And another type where they call the call center of my cell provider and get a new phone issued on my account.

    Once they have these, they can do things like reset my email password and complete two factor authentication using the SMS codes sent to my phone, basically to steal my identity.

    I would love to hear about the best ways to protect myself against these attacks.

    Thanks so much!

  2. #2
    Junior Member TerryLewis's Avatar
    Join Date
    Dec 2018
    Posts
    3
    Hello Heretolearn,

    It's now a common topic for discussions in the IT and social engineering world. There's a great intro to mobile-based attacks as a part of the course Ethical Hacking: Social Engineering by the cybersecurity expert Lisa Bock. Seems to me, I've seen it on LinkedIn.

    Best,
    Terry

  3. #3
    Junior Member TerryLewis's Avatar
    Join Date
    Dec 2018
    Posts
    3

    It's now a common topic for discussions in the IT and social engineering world. There's a great intro to mobile-based attacks as a part of the course Ethical Hacking: Social Engineering by the cybersecurity expert Lisa Bock. Seems to me, I've seen it on LinkedIn.
    Here's the article I mentioned above - https://www.linkedin.com/learning/et...-based-attacks

  4. #4
    Administrator Steve R Jones's Avatar
    Join Date
    Apr 2011
    Location
    USA
    Posts
    300
    My phone account is with Verizon... A person would have to know my account LogIn Information to get the whole scam started.....

    So I wouldn't worry about it...

    If they are good enough to impersonate me - then so be it. OR, I guess I could change my account all the time.

  5. #5
    Junior Member
    Join Date
    May 2004
    Posts
    12
    Quote Originally Posted by Heretolearn View Post
    Hello everyone - first post here, thank you in advance for your feedback.

    I have heard about social engineering attacks where someone goes into a wireless store, impersonates me, and gets a new SIM on my account. And another type where they call the call center of my cell provider and get a new phone issued on my account.

    Once they have these, they can do things like reset my email password and complete two factor authentication using the SMS codes sent to my phone, basically to steal my identity.

    I would love to hear about the best ways to protect myself against these attacks.

    Thanks so much!
    No one should be able to do this, but if someone walks in into a wireless store claiming to be someone they're not, and provides a level of personal details known about their victim, there are bigger issues to be addressed. Such as the security practices (of lack thereof) of the business involved. Most cellular providers I am aware of will ask for identification, such as a drivers license to ensure the person is who they say they are. This essentially mitigates the issue of impersonation.

    The other scenario described involving a perpetrator calling into a call-center, claiming to be someone else is a more plausible scenario. In fact, this scenario is more likely to occur as there is no means of providing a driver license for visible confirmation. However with businesses that operate in this nature there is usually some bit of information only known to the person that is used to validate their identity of the user. Often a social security number is used or some other confidential bit of information. Of course, if someone knows everything there is about someone else, there's not much to prevent someone from being impersonated unless a code word or password is used to validate the identity of the caller, and there are some organizations that do this.

    Not being familiar with cellular providers outside the U.S. and how they operate, perhaps these scenarios do occur, but here in the states it's practically impossible...

Similar Threads

  1. Classic Social Engineering Attacks
    By Striek in forum The Security Tutorials Forum
    Replies: 10
    Last Post: December 16th, 2003, 09:30 PM
  2. Social Engineering
    By whizkid2300 in forum The Security Tutorials Forum
    Replies: 12
    Last Post: August 26th, 2003, 10:22 PM
  3. Social Engineering
    By souleman in forum AntiOnline's General Chit Chat
    Replies: 30
    Last Post: March 21st, 2002, 09:33 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •