Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@stman" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>stman</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@Sempf" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Sempf</span></a></span> <span class="h-card" translate="no"><a href="https://chaos.social/@LaF0rge" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>LaF0rge</span></a></span> yes.</p><p>Because physical SIMs, like any <em>"cryptographic chipcard"</em> (i.e. <span class="h-card" translate="no"><a href="https://social.nitrokey.com/@nitrokey" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>nitrokey</span></a></span> ) did all that fancy public/private crypto on silicon and unless that was compromizeable (which AFAICT always necessistated physical access to the <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIM</span></a>, espechally in pre-<a href="https://infosec.space/tags/OMAPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMAPI</span></a> devices) the SIM wasn't <em>'cloneable'</em> and the weakest link always had been the <a href="https://infosec.space/tags/MNO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MNO</span></a> /.<a href="https://infosec.space/tags/MVNO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MVNO</span></a> issueing (may it be through <a href="https://infosec.space/tags/SocialHacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SocialHacking</span></a> employees into <em><a href="https://infosec.space/tags/SimSwapping" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SimSwapping</span></a></em> or LEAs showng up with a warrant and demanding <em>"<a href="https://infosec.space/tags/LawfulInterception" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LawfulInterception</span></a>"</em>):</p><ul><li>These <em>"attack vectors"</em> were known and whilst <em>unfixable</em> they could at least be mitigated by i.e. <em>NEVER</em> using a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a> for anything <em>and/or</em> using anonymously obtained <a href="https://infosec.space/tags/SIMs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIMs</span></a>. But more and more services like <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> did <a href="https://infosec.space/tags/regression" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>regression</span></a> demanding <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> <em>and</em> more and more nations <em>criminalized</em> <a href="https://infosec.space/tags/AnonymousSimCards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AnonymousSimCards</span></a> under utterly <a href="https://infosec.space/tags/cyberfacist" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberfacist</span></a> & <a href="https://infosec.space/tags/FalsePretenses" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FalsePretenses</span></a>!</li></ul><p>Add to that the <em>regression</em> in flexibility: </p><p>Unlike a <a href="https://infosec.space/tags/SimCard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SimCard</span></a> which was designed as a <em>vendor-independent, <a href="https://infosec.space/tags/MultiVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiVendor</span></a>, <a href="https://infosec.space/tags/MultiProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiProvider</span></a>, device agnostic unit to facilitate the the <a href="https://infosec.space/tags/authentification" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentification</span></a> and <a href="https://infosec.space/tags/encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>encryption</span></a> in <a href="https://infosec.space/tags/GSM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GSM</span></a> (and successor standards)</em>, <a href="https://infosec.space/tags/eSIMs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIMs</span></a> act to restrict <a href="https://infosec.space/tags/DeviceFreedom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DeviceFreedom</span></a> and <a href="https://infosec.space/tags/ConsumerChoice" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ConsumerChoice</span></a>, which with shit like <a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KYC</span></a> per <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IMEI</span></a> (i.e. <a href="https://infosec.space/tags/Turkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Turkey</span></a> demands it after 90 days of roaming per year) und <a href="https://infosec.space/tags/lMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>lMEI</span></a>-based <a href="https://infosec.space/tags/Allowlisting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Allowlisting</span></a> (see <a href="https://infosec.space/tags/Australia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Australia</span></a>'s shitty <a href="https://infosec.space/tags/VoLTE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VoLTE</span></a> + <a href="https://infosec.space/tags/2G" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2G</span></a> & <a href="https://infosec.space/tags/3G" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>3G</span></a> shutdown!) are just acts to clamp down on <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> and <a href="https://infosec.space/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a>.</p><ul><li>And with <a href="https://infosec.space/tags/EID" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EID</span></a> being unique per <a href="https://infosec.space/tags/eSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIM</span></a> (like the <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IMEI</span></a> on top!) there's nothing stopping <a href="https://infosec.space/tags/cyberfacist" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberfacist</span></a> regimes like <em>"P.R."</em> <a href="https://infosec.space/tags/China" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>China</span></a>, <a href="https://infosec.space/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Russia</span></a>, <a href="https://infosec.space/tags/Iran" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Iran</span></a>, ... from banning <em>"<a href="https://infosec.space/tags/eSIMcards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIMcards</span></a>"</em> (<a href="https://infosec.space/tags/eSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIM</span></a> in SIM card form factor) or entire device prefixes (i.e. all phones that are supported by <span class="h-card" translate="no"><a href="https://grapheneos.social/@GrapheneOS" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>GrapheneOS</span></a></span> ), as M(V)NOs see the EID used to deploy/activate a profile (obviously they don't want people to activate eSIMs more than once, <em>unless explicitly allowed otherwise</em>.</li></ul><p>"[…] [Technologies] must <em>always</em> be evaluated for their ability to oppress. […] </p><ul><li>Dan Olson</li></ul><p>And now you know why I consider a <a href="https://infosec.space/tags/smartphone" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>smartphone</span></a> with eSIM instead of two SIM slots not as a <em>real</em> <a href="https://infosec.space/tags/DualSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DualSIM</span></a> device because it restricts my ability to freely move devices.</p><ul><li>And whilst German Courts reaffirmed §77 TKG (Telco Law)'s mandate to letting people choose their devices freely, (by declarong <a href="https://infosec.space/tags/fees" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fees</span></a> for reissue of eSIMs illegal) that is only <em>enforceable towards M(V)NOs who are in <a href="https://infosec.space/tags/Germany" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Germany</span></a></em>, so <em>'good luck'</em> trying to enforce that against some overseas roaming provider.</li></ul><p>Thus <a href="https://infosec.space/tags/Impersonation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Impersonation</span></a> attacks in GSM-based networks are easier than ever before which in the age of <em>more skilled than ever</em> <a href="https://infosec.space/tags/Cybercriminals" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybercriminals</span></a> and <a href="https://infosec.space/tags/Cyberterrorists" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyberterrorists</span></a> (i.e. <a href="https://infosec.space/tags/NSA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NSA</span></a> & <a href="https://infosec.space/tags/Roskomnadnozr" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Roskomnadnozr</span></a>) puts espechally the average <em><a href="https://infosec.space/tags/TechIlliterate" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechIlliterate</span></a> User</em> at risk.</p><ul><li>I mean, anyone else remember the <a href="https://infosec.space/tags/Kiddies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kiddies</span></a> that <em>fucked around</em> with <a href="https://infosec.space/tags/CIA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CIA</span></a> director <a href="https://infosec.space/tags/Brennan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Brennan</span></a>? Those were just using their <em>"weapons-grade <a href="https://infosec.space/tags/boredom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>boredom</span></a>"</em>, not being effective, for-profit cyber criminals!</li></ul><p>And then think about those who don't have <em>privilegued access</em> to <em>protection</em> by their government, but rather <em>"privilegued access" to prosecution</em> by the state <em>because their very existance is criminalized...</em></p> <p>The only advantage eSIMs broight in contrast is <em>'logistical' convenience</em> because it's mostly a <a href="https://infosec.space/tags/QRcode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>QRcode</span></a> and that's just a way to avoid typos on a cryptic <a href="https://infosec.space/tags/LocalProfileAgent" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LocalProfileAgent</span></a> link.</p>
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.
Administered by:
Server stats:
215active users
eupolicy.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.1
#simswapping
1 post · 1 participant · 0 posts today
The New Oil<p><a href="https://mastodon.thenewoil.org/tags/SIMswapping" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIMswapping</span></a> attacks expose your online accounts to hackers — but your phone carrier can help</p><p><a href="https://techcrunch.com/2025/07/09/how-to-protect-your-cell-phone-number-from-sim-swap-attacks/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">techcrunch.com/2025/07/09/how-</span><span class="invisible">to-protect-your-cell-phone-number-from-sim-swap-attacks/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.thenewoil.org/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a></p>
Europe Says<p><a href="https://www.europesays.com/2234312/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">europesays.com/2234312/</span><span class="invisible"></span></a> Man behind $22 million cryptocurrency theft gets 12 years prison, up from 18 months <a href="https://pubeurope.com/tags/BitcoinFraud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BitcoinFraud</span></a> <a href="https://pubeurope.com/tags/crypto" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>crypto</span></a> <a href="https://pubeurope.com/tags/CryptoScam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CryptoScam</span></a> <a href="https://pubeurope.com/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptocurrency</span></a> <a href="https://pubeurope.com/tags/CryptocurrencyTheft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CryptocurrencyTheft</span></a> <a href="https://pubeurope.com/tags/cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybercrime</span></a> <a href="https://pubeurope.com/tags/MichaelTerpin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MichaelTerpin</span></a> <a href="https://pubeurope.com/tags/NicholasTruglia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NicholasTruglia</span></a> <a href="https://pubeurope.com/tags/SIMSwapping" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIMSwapping</span></a> <a href="https://pubeurope.com/tags/USDistrictCourt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>USDistrictCourt</span></a> <a href="https://pubeurope.com/tags/WorldNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WorldNews</span></a></p>
Hackread.com<p>Eric Council Jr., 26, gets 14 months in prison for a 2024 SIM swap that let hackers post a fake Bitcoin <a href="https://mstdn.social/tags/ETF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ETF</span></a> approval from the SEC’s X account.</p><p>Read: <a href="https://hackread.com/man-sec-bitcoin-hoax-tweet-sentenced-sim-swap-hack/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackread.com/man-sec-bitcoin-h</span><span class="invisible">oax-tweet-sentenced-sim-swap-hack/</span></a></p><p><a href="https://mstdn.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mstdn.social/tags/CyberCrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberCrime</span></a> <a href="https://mstdn.social/tags/Twitter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Twitter</span></a> <a href="https://mstdn.social/tags/SimSwapping" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SimSwapping</span></a> <a href="https://mstdn.social/tags/Bitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Bitcoin</span></a></p>
Efani<p>$38,000… GONE while he was sleeping.</p><p>That’s how fast SIM-swapping can destroy your financial life.</p><p>In just 3 hours, a hacker took over Justin Chan’s phone number, intercepted his two-factor codes, and emptied his bank and trading accounts. No alarms. No notifications. Just silent access and drained funds.</p><p>It didn’t happen because he was careless.<br>It happened because the attacker exploited a broken system:</p><p>- His mobile carrier transferred his number to a new device without proper checks<br>- His 2FA codes were sent to that new device<br>- His bank and investment apps trusted that number</p><p>This is the $38,000 mistake most people never see coming. Because by the time you realize something is wrong — it’s already too late.</p><p>The worst part? Getting the money back was harder than the hack itself.<br>It took media pressure, endless follow-ups, and months of stress just to get refunded.</p><p>Mobile numbers are the new master key — and most people are handing them out unlocked.</p><p>If your 2FA is tied to your phone number, it's time to change that.<br>If your carrier doesn’t lock down your SIM by default, it’s time to upgrade.<br>And if your bank’s idea of protection is a form letter and a closed case, don’t wait for a wake-up call at 3AM.</p><p><a href="https://infosec.exchange/tags/SIMSwapping" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIMSwapping</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/MobileSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileSecurity</span></a> <a href="https://infosec.exchange/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2FA</span></a></p>
Dissent Doe :cupofcoffee:<p>Noah Urban, aka "King Bob" and a suspected member of Scattered Spider, pleaded guilty this week in a case involving wire fraud, cryptocurrency theft, phishing, and simswapping. He had cases against him in Florida and California. Other people indicted with him have yet to be tried or to make plea deals, and one young man from Scotland has been detained in Spain pending determination of extradition request (I haven't found any update on the extradition case). </p><p><a href="https://databreaches.net/2025/04/06/florida-man-known-as-king-bob-pleads-guilty-to-charges-related-to-cryptocurrency-theft/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">databreaches.net/2025/04/06/fl</span><span class="invisible">orida-man-known-as-king-bob-pleads-guilty-to-charges-related-to-cryptocurrency-theft/</span></a></p><p>or jump directly to Urban's plea agreement: <br><a href="https://storage.courtlistener.com/recap/gov.uscourts.flmd.422789/gov.uscourts.flmd.422789.66.0.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">storage.courtlistener.com/reca</span><span class="invisible">p/gov.uscourts.flmd.422789/gov.uscourts.flmd.422789.66.0.pdf</span></a></p><p><a href="https://infosec.exchange/tags/wirefraud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wirefraud</span></a>, <a href="https://infosec.exchange/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptocurrency</span></a>, <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>phishing</span></a>, <a href="https://infosec.exchange/tags/simswapping" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>simswapping</span></a>, <a href="https://infosec.exchange/tags/identitytheft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>identitytheft</span></a></p>
apfeltalk :verified:<p>Schluss mit SMS-Codes: Google ersetzt Authentifizierung bei Gmail durch QR-Codes<br>Google hat angekündigt, die SMS-basierte Zwei-Faktor-Authentifizierung (2FA) bei Gmail durch QR-Codes zu ersetzen. Mit dieser Änderung verfol<br><a href="https://www.apfeltalk.de/magazin/news/schluss-mit-sms-codes-google-ersetzt-authentifizierung-bei-gmail-durch-qr-codes/" rel="nofollow noopener" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">apfeltalk.de/magazin/news/schl</span><span class="invisible">uss-mit-sms-codes-google-ersetzt-authentifizierung-bei-gmail-durch-qr-codes/</span></a><br><a href="https://creators.social/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>News</span></a> <a href="https://creators.social/tags/Services" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Services</span></a> <a href="https://creators.social/tags/Authentifizierung" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authentifizierung</span></a> <a href="https://creators.social/tags/Gmail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Gmail</span></a> <a href="https://creators.social/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Google</span></a> <a href="https://creators.social/tags/Kontoschutz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kontoschutz</span></a> <a href="https://creators.social/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a> <a href="https://creators.social/tags/QRCode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>QRCode</span></a> <a href="https://creators.social/tags/Sicherheit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sicherheit</span></a> <a href="https://creators.social/tags/SIMSwapping" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIMSwapping</span></a> <a href="https://creators.social/tags/SMSCodesAblsen" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMSCodesAblsen</span></a> <a href="https://creators.social/tags/ZweiFaktorAuthentifizierung" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZweiFaktorAuthentifizierung</span></a></p>
Nothing2Hide<p>Si vous utilisez l’authentification à deux facteurs pour vos comptes (c’est bien, faites le), voilà pourquoi vous ne devriez jamais utiliser l’option « recevoir un sms » <a href="https://mamot.fr/tags/simswapping" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>simswapping</span></a> <a href="https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">medium.com/mycrypto/what-to-do</span><span class="invisible">-when-sim-swapping-happens-to-you-1367f296ef4d</span></a></p>
Richi Jennings<p>Widespread spam targets carrier employees, as scrotes try harder to evade two-factor authentication.</p><p>It’s no secret that cellular carrier reps are subject to bribery. Here’s a great example. Yes, again with the <a href="https://vmst.io/tags/SIMswapping" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIMswapping</span></a>.</p><p>Someone seems to have stolen a contact list of T-Mobile employees and is texting them offers of bribes to execute SIM swaps. But T-Mobile denies it’s been hacked… again.</p><p>Here’s the soft underbelly of the insider threat model. In <a href="https://vmst.io/tags/SBBlogwatch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SBBlogwatch</span></a>, we balk at the three-Benjamin bribes. At @TechstrongGroup’s @SecurityBlvd: <a href="https://securityboulevard.com/2024/04/sim-swap-bribe-t-mobile-300-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">securityboulevard.com/2024/04/</span><span class="invisible">sim-swap-bribe-t-mobile-300-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc</span></a></p>
Efani<p>> 400M Twitter accounts data is on sale, among which the most critical are username, mobile numbers & email. Hacker was able to provide a sample list of 1000 usernames, and our founder Haseeb Awan was able to verify many of them.</p><p>There are some serious concerns with the <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a></p><p>1 - Identities of many pseudo accounts will be public<br>2 - With a phone number, it's super easy to find anyone's address and banking information.<br>3 - Multiple phishing attempts via cellphone, physical, or email<br>4 - <a href="https://infosec.exchange/tags/simswapping" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>simswapping</span></a> attacks to take over your bank account, social media, or confidential information</p><p>Preventative tips:</p><p>1 - Ensure that your MFA/non-sms 2FA is turned ON for every account that you use via <a href="https://infosec.exchange/tags/Authy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authy</span></a> <a href="https://infosec.exchange/tags/GoogleAuthenticator" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GoogleAuthenticator</span></a><br>2 - Switch to <span class="h-card" translate="no"><a href="https://infosec.exchange/@Efani" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Efani</span></a></span> (irrespective of biasness, we have a 100% track record of securing your phone number, and no one provided any insurance)<br>3 - Use a <a href="https://infosec.exchange/tags/passwordmanager" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwordmanager</span></a>. Keeper Security Enterprise password Manager is ideal, but <a href="https://infosec.exchange/tags/DYOR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DYOR</span></a>.<br>4 - Call your bank and tell them to put a limit on withdrawals above<br>5 - Use a hardware wallet. <a href="https://infosec.exchange/tags/NGRAVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NGRAVE</span></a> which is ideal, but <a href="https://infosec.exchange/tags/DYOR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DYOR</span></a>.<br>6 - Get Optery, getagency.com, or BLACK CLOAK for digital security</p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload