The New York Times has reported that hackers are targeting mobile phone numbers to gain access to consumers’ online accounts. According to the Times, hackers have increasingly been calling up Verizon, T-Mobile U.S., Sprint and AT&T and asking them to transfer control of a victim’s phone number to a device under the hacker’s control. The hacker then resets the passwords on every account that uses the phone number as a security backup. Ryan Wilk, VP at NuData Security commented below.
Ryan Wilk, VP at NuData Security:
“Identifying true customers online is a herculean challenge for even the savviest of technology companies and, in this case, providers. At the same time, few people would give it a thought that hackers would grab your phone number, change the passwords and access your online accounts, especially when you still have the phone in your hand. But as consumers and companies alike are finding out, hackers penetrate anything they can to steal money. So, the trick is to make passwords, credentials, and other personally identifiable information useless to cyber criminals by identifying legitimate customers across multiple layers, including their unique behaviours with passive biometrics and behavioural analytics. While all these security solutions are good together, individually, they can prove to be a point of failure. Even such things as fingerprints can be stolen.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.