seeing breathless facebook posts about this, don't know if it's a legit concern. How big a deal are phone port out scams, and if they are real, how do you govern yourself accordingly?
seeing breathless facebook posts about this, don't know if it's a legit concern. How big a deal are phone port out scams, and if they are real, how do you govern yourself accordingly?
This quote is hidden because you are ignoring this member. Show Quote
Unless you have a particularly valuable social media account... It's unlikely to be an issue.
The only one I know who's mentioned issues with it has a ridiculous number of FB, IG, YouTube and twitter followers. Chinese manufacturers are regularly trying to buy his pages - I don't think that applies to most of us.
Lots of people have apps and services tied to a basic 2 factor authentication like a text message to your phone. I think this can affect a lot more people than just insta-celebs.
Yup happened to my buddy, and then they used his phone number for MFA to send a bunch of money to another account through PaypalThis quote is hidden because you are ignoring this member. Show Quote
Originally posted by rage2
Can someone who speaks brown please translate this for me please?
don't use text MFA, use an authenticator app or a physical authenticator fob, problem solved.
User title molested by Rage2.
This quote is hidden because you are ignoring this member. Show Quote
^^ Fact CheckedOriginally Posted by JRSC00LUDEThis quote is hidden because you are ignoring this member. Show Quote
This quote is hidden because you are ignoring this member. Show Quote
They would need to have already compromised your actual account though in addition to this.
From the article they got access to the families email as well. So with that then you could easily garner personal info (addresses, phone numbers, etc from receipts) and then they did the port out.
At the end of the day .... use different passwords for everything and never use your password on phishing or sketchy sites.
Yup ^This quote is hidden because you are ignoring this member. Show Quote
Funny, text MFA is used by some supposedly high security systems, like the department of homeland security trusted traveller system, for instance.
This quote is hidden because you are ignoring this member. Show Quote
All the port out scams I've read about have been with Roger's. I believe with telus you can lock the account so that it requires you to go in person to a telus store to swap a SIM. You can also set a 4 digit pin on the account that needs to be said to the phone representative before theyll help you
yeah the problem with a lot of these (not necessarily Canada) but if you don't have the pin or whatever, they will ask other verification questions, each one easier, until you finally get something right and that's good enoughThis quote is hidden because you are ignoring this member. Show Quote
User title molested by Rage2.
This quote is hidden because you are ignoring this member. Show Quote
^^ Fact CheckedOriginally Posted by JRSC00LUDEThis quote is hidden because you are ignoring this member. Show Quote
This quote is hidden because you are ignoring this member. Show Quote
The problem isn't security isn't in place. It's that it can be by-passed by resellers/staff who hopes to get commission on a new line or new phone. I'm not sure if more work was in place to combat this now. But I remember I could get a new sim with just an ID to prove I'm owner of the account in the past. Now it seems I need an idea AND an text from provider on my existing line in order to get a new SIM.This quote is hidden because you are ignoring this member. Show Quote
If you life is tied around you Google account, you can apply for Advanced Protection Program. But not all apps or device will work with it.
https://support.google.com/accounts/...DAndroid&hl=en
But that way, someone will have to steal the physical key from you before they can access your account from an untrusted device.
Last edited by Xtrema; 03-06-2020 at 10:52 AM.
This. Standalone authenticators just aren't available for so many systems with the most sensitive data. TXT only.This quote is hidden because you are ignoring this member. Show Quote
Originally posted by SEANBANERJEE
I have gone above and beyond what I should rightfully have to do to protect my good name
This is good to know, got some important stuff changed over to the app, as usual banks are still way behind and some only allow text only (or nothing at all)This quote is hidden because you are ignoring this member. Show Quote
as long as you use unique passwords it's not really a huge deal, especially for your sensitive stuff, i use Lastpass, i dont even know what my password is for 90% of things, it's just a randomly generated string that is provided by lastpass... i'd say this is arguably more secure than MFA anywayThis quote is hidden because you are ignoring this member. Show Quote
User title molested by Rage2.
This quote is hidden because you are ignoring this member. Show Quote
^^ Fact CheckedOriginally Posted by JRSC00LUDEThis quote is hidden because you are ignoring this member. Show Quote
This quote is hidden because you are ignoring this member. Show Quote
I use Lastpass for most things, but I'm paranoid, so I have memorized a strong password for my banking that isn't saved to Lastpass.This quote is hidden because you are ignoring this member. Show Quote
This quote is hidden because you are ignoring this member. Show Quote
I definitely use strong unique passwords on everything so I'm not overly concerned. One thing I don't get about password managers is aren't they an 'all eggs in one basket' risk? If you lose your access for any reason or someone compromises it wouldn't you be extremely screwed, like more so than if you kept different passwords in a few places? Sorry if this is a bit off-topic OP ES.
well your password manager password definitely should be the most secure password you have,This quote is hidden because you are ignoring this member. Show Quote
Also the password managers have alternative means for unlocking your account if you somehow forget the password or have some other issue, but it cant be comprmised by human error, even their customer service cant reset the password, you have to jump through a bunch of hoops like logging in from a previously known computer/browser/device, and using sms MFA or secondary email MFA that you should have previously set up.
if you cant do those things, you could easily lose access to your account and lose everything, but there is an export feature that should be used on occasion and put on an encryped hard drive for exactly this reason
User title molested by Rage2.
This quote is hidden because you are ignoring this member. Show Quote
^^ Fact CheckedOriginally Posted by JRSC00LUDEThis quote is hidden because you are ignoring this member. Show Quote
This quote is hidden because you are ignoring this member. Show Quote
^ great explanation and much appreciated, I've been putting off moving to a PW manager for too long, this info is the kick in the ass I might need.
Regarding Public Mobile, this is thier policy for this issue. I don't know if this is better or worse than anywhere else. If anyone requests to port out your number, they automatically and instantly send a text to that number with the following message:
"Hey, it’s Public Mobile. We received a request to cancel your account and transfer your phone number to another carrier. If you requested the transfer, no action is required. If you did not make this request, please immediately open our chatbot via this link bit.ly/2GF1pHW and type in “unauthorized port”. This will put you in touch with our moderator team. "
This quote is hidden because you are ignoring this member. Show Quote
Yes other carriers do this as well but people assume it is a spam message because it actually does look like one.This quote is hidden because you are ignoring this member. Show Quote