Scammers Work Around Two-Factor Authentication With Social Engineering

mask.of.sanity writes "Thieves have made off with $45k after they intercepted a victim's two factor online banking codes used to verify large transactions. The scammers got the Australian executive's mobile number from his daughter, and work place details from his willing secretary. Armed with this data, they bluffed Vodafone which ported his phone number, meaning the criminals could verify the bank's two factor verification codes generated during their spending spree and the victim never knew a thing."

Re:What's the point of this story?

[justforgetme]

Well, that all might be true but
1) that is not a hole in auth, it is a policy hole in the fourth party (carrier)
2) I believe, since the carrier is bound legally to the person with a contract to allow him and only him to use that telephone number, they should be fined a humongous sum and charged for criminal offenses for a) toying with customer private data b) invalidating their contract to said customer c) not having clear policy for such things d) being a company while apparently they can't even approximate the digestive output of a monkey having eaten rotten bananas. Another way to handle such mishaps would be to stone the rep along with every single one of his superiors. public skewering might also work. ...
Damn did I get infuriated by this!