few people commenting saying that it's no danger since all Aussie banks use 2-factor SMS etc. They seem to think the password is worth nothing, That's fine however i doubt these people actually know how transfer fraud works. Meaning you need the password just as much as you need the SMS-code, And if you have access to the machine or at least password, It increases your chances to be able to port the SIM-CARD.
It usually works like this FYI -
1. Got login pass for Bank, even better if they use same for e-mail ( You can delete the money transfer notification )
2. Depending on access be it E-mail or just PC access remotely chances are you can be crafty enough to get the details needed to port the SIM-CARD
3. DOB, License No., Address etc
4. Go to carrier shopfront request blank sim-card
5. Call carrier saying you lost your phone and you need to transfer sim
6. After 20-45 minutes, Victims phone will lose connectivity which can be combined with a bogus message from attacker warning of network drop-outs
7. Login with harvested pass, SMS security message comes to you.
8. Bobs your uncle.
References - http://www.bankwest.com.au/media-centre/media-releases/mobile-phone-porting-new-type-of-scam-to-look-out-for-1292493597511
- http://www.scmagazine.com.au/News/282310,45k-stolen-in-phone-porting-scam.aspx/0
- http://www.flyingpenguin.com/?p=14540
Put your claws back in, and focus on the problem here, If one bank can avoid it they all should.
Slashdot Mirror
few people commenting saying that it's no danger since all Aussie banks use 2-factor SMS etc. They seem to think the password is worth nothing, That's fine however i doubt these people actually know how transfer fraud works. Meaning you need the password just as much as you need the SMS-code, And if you have access to the machine or at least password, It increases your chances to be able to port the SIM-CARD. It usually works like this FYI - 1. Got login pass for Bank, even better if they use same for e-mail ( You can delete the money transfer notification ) 2. Depending on access be it E-mail or just PC access remotely chances are you can be crafty enough to get the details needed to port the SIM-CARD 3. DOB, License No., Address etc 4. Go to carrier shopfront request blank sim-card 5. Call carrier saying you lost your phone and you need to transfer sim 6. After 20-45 minutes, Victims phone will lose connectivity which can be combined with a bogus message from attacker warning of network drop-outs 7. Login with harvested pass, SMS security message comes to you. 8. Bobs your uncle. References - http://www.bankwest.com.au/media-centre/media-releases/mobile-phone-porting-new-type-of-scam-to-look-out-for-1292493597511 - http://www.scmagazine.com.au/News/282310,45k-stolen-in-phone-porting-scam.aspx/0 - http://www.flyingpenguin.com/?p=14540 Put your claws back in, and focus on the problem here, If one bank can avoid it they all should.